From 65db4b15d64c25e488c39c042bbefbb2e734dc3e Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Mon, 9 Sep 2024 16:05:15 +0200 Subject: [PATCH 001/325] api type conversion errors, first half of tls* files --- src/tls.c | 14 +++++++------- src/tls13.c | 36 ++++++++++++++++++------------------ tests/api.c | 26 +++++++++++++------------- tests/unit.h | 4 +++- 4 files changed, 41 insertions(+), 39 deletions(-) diff --git a/src/tls.c b/src/tls.c index f61a6e25e..fd69a1d57 100644 --- a/src/tls.c +++ b/src/tls.c @@ -999,12 +999,12 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, /* Number of blocks to create for hash. */ lenBlock = (realLen + extraLen) >> blockBits; /* Block containing EOC byte. */ - eocBlock = realLen >> blockBits; + eocBlock = (int)(realLen >> (word32)blockBits); /* Index of EOC byte in block. */ - eocIndex = realLen & blockMask; + eocIndex = (int)(realLen & (word32)blockMask); /* Add length of hmac's ipad to total length. */ - realLen += blockSz; + realLen += (word32)blockSz; /* Length as bits - 8 bytes bigendian. */ c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); c32toa(realLen << 3, lenBytes + sizeof(word32)); @@ -1019,8 +1019,8 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); if (ret != 0) return ret; - ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - - WOLFSSL_TLS_HMAC_INNER_SZ); + ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ)); if (ret != 0) return ret; } @@ -1278,7 +1278,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #endif { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, - sz + hashSz + padSz + 1, hashSz, myInner); + (sz + hashSz + (word32)padSz + 1), (int)hashSz, myInner); } #else ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, @@ -7663,7 +7663,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) #endif { /* set curve info for EccMakeKey "peer" info */ - ret = wc_ecc_set_curve(eccKey, kse->keyLen, curveId); + ret = wc_ecc_set_curve(eccKey, (int)kse->keyLen, curveId); if (ret == 0) { #ifdef WOLFSSL_ASYNC_CRYPT /* Detect when private key generation is done */ diff --git a/src/tls13.c b/src/tls13.c index bbca4fac5..93e566a88 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7014,7 +7014,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) goto exit_dch; #else - if ((ret = HashInput(ssl, input + args->begin, helloSz)) != 0) + if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0) goto exit_dch; #endif @@ -7458,7 +7458,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) } #endif /* WOLFSSL_DTLS13 */ - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; if (!ssl->options.groupMessages || extMsgType != server_hello) ret = SendBuffered(ssl); @@ -7606,11 +7606,11 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) /* This handshake message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - idx - RECORD_HEADER_SZ, handshake, 1, 0, 0); + (int)(idx - RECORD_HEADER_SZ), handshake, 1, 0, 0); if (sendSz < 0) return sendSz; - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE; @@ -7636,7 +7636,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) * returns 0 on success, otherwise failure. */ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, - int reqCtxLen) + word32 reqCtxLen) { byte* output; int ret; @@ -7724,7 +7724,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, /* Always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - i - RECORD_HEADER_SZ, handshake, 1, 0, 0); + (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -7739,7 +7739,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -8510,7 +8510,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) certSz = 0; certChainSz = 0; headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ; - length = headerSz; + length = (sword32)headerSz; listSz = 0; } else { @@ -8542,7 +8542,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) } /* Length of message data with one certificate and extensions. */ - length = headerSz + certSz + extSz; + length = (sword32)(headerSz + certSz + extSz); /* Length of list data with one certificate and extensions. */ listSz = CERT_HEADER_SZ + certSz + extSz; @@ -8551,7 +8551,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) p = ssl->buffers.certChain->buffer; /* Chain length including extensions. */ certChainSz = ssl->buffers.certChain->length + - OPAQUE16_LEN * ssl->buffers.certChainCnt; + OPAQUE16_LEN * (word32)ssl->buffers.certChainCnt; length += certChainSz; listSz += certChainSz; } @@ -8559,7 +8559,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) certChainSz = 0; } - payloadSz = length; + payloadSz = (word32)length; if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); @@ -8703,7 +8703,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) { /* This message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, - output + RECORD_HEADER_SZ, i - RECORD_HEADER_SZ, handshake, 1, + output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -8719,7 +8719,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -9150,7 +9150,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* !NO_RSA */ #ifdef HAVE_ECC if (ssl->hsType == DYNAMIC_TYPE_ECC) { - args->sigLen = args->sendSz - args->idx - HASH_SIG_SIZE - + args->sigLen = (word32)args->sendSz - args->idx - HASH_SIG_SIZE - VERIFY_HEADER; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (ssl->buffers.keyType != sm2_sa_algo) @@ -9555,7 +9555,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += args->sendSz; + ssl->buffers.outputBuffer.length += (word32)args->sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -10846,7 +10846,7 @@ static int SendTls13Finished(WOLFSSL* ssl) input = output + Dtls13GetRlHeaderLength(ssl, 1); #endif /* WOLFSSL_DTLS13 */ - AddTls13HandShakeHeader(input, (word32)finishedSz, 0, finishedSz, finished, ssl); + AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz, finished, ssl); #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ssl->options.side == WOLFSSL_CLIENT_END) { @@ -10931,7 +10931,7 @@ static int SendTls13Finished(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; } @@ -11140,7 +11140,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); diff --git a/tests/api.c b/tests/api.c index 5b4be95e7..c24fb339b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18620,7 +18620,7 @@ static int test_wc_Chacha_Process(void) ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen), 0); ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0); - ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) /* test checking and using leftovers, currently just in C code */ @@ -18635,7 +18635,7 @@ static int test_wc_Chacha_Process(void) (word32)inlen - 2), 0); ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2), (byte*)input + (inlen - 2), 2), 0); - ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); /* check edge cases with counter increment */ { @@ -20142,8 +20142,8 @@ static int test_wc_RsaPublicKeyDecodeRaw(void) RsaKey key; const byte n = 0x23; const byte e = 0x03; - int nSz = sizeof(n); - int eSz = sizeof(e); + word32 nSz = sizeof(n); + word32 eSz = sizeof(e); ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0); @@ -50065,7 +50065,7 @@ static int test_wc_PemToDer(void) ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); key_buf[0] = '\n'; ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz)); - ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, + ExpectIntNE((ret = wc_PemToDer(key_buf, (long int)cert_sz + 1, CERT_TYPE, &pDer, NULL, &info, &eccKey)), 0); #ifdef OPENSSL_EXTRA @@ -70516,7 +70516,7 @@ static int test_wc_ParseCert_Error(void) /* Test data */ const struct testStruct { const byte* c; - const int cSz; + word32 cSz; const int expRet; } t[] = { {c0, sizeof(c0), WC_NO_ERR_TRACE(ASN_PARSE_E)}, /* Invalid bit-string length */ @@ -76326,7 +76326,7 @@ static int test_ForceZero(void) for (i = 0; i < sizeof(data); i++) { for (len = 1; len < sizeof(data) - i; len++) { for (j = 0; j < sizeof(data); j++) - data[j] = j + 1; + data[j] = ((unsigned char)j + 1); ForceZero(data + i, len); @@ -81896,7 +81896,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { fprintf(stderr, "loading cert %s failed\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string(ret)); + wolfSSL_ERR_reason_error_string((unsigned long)ret)); return -1; } @@ -81910,7 +81910,7 @@ static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) != WOLFSSL_SUCCESS) { fprintf(stderr, "could not verify the cert: %s\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string(ret)); + wolfSSL_ERR_reason_error_string((unsigned long)ret)); return -1; } else { @@ -83223,7 +83223,7 @@ static int error_test(void) break; } } - errStr = wolfSSL_ERR_reason_error_string(i); + errStr = wolfSSL_ERR_reason_error_string((unsigned long)i); if (! this_missing) { ExpectIntNE(XSTRCMP(errStr, unknownStr), 0); @@ -83271,10 +83271,10 @@ static int test_wolfSSL_ERR_strings(void) ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD)); ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); #else - ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE))); + ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((unsigned long)UNSUPPORTED_SUITE))); ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); - ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE))); + ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((unsigned long)UNSUPPORTED_SUITE))); ExpectIntEQ((*err == '\0'), 1); /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */ @@ -87239,7 +87239,7 @@ static int test_short_session_id_ssl_ready(WOLFSSL* ssl) EXPECT_DECLS; WOLFSSL_SESSION *sess = NULL; /* Setup the session to avoid errors */ - ssl->session->timeout = -1; + ssl->session->timeout = (word32)-1; ssl->session->side = WOLFSSL_CLIENT_END; #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ defined(HAVE_SESSION_TICKET)) diff --git a/tests/unit.h b/tests/unit.h index f63c4bd63..618458096 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -215,7 +215,9 @@ const byte* _x = (const byte*)(x); \ const byte* _y = (const byte*)(y); \ int _z = (int)(z); \ - int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1; \ + int _w = ((_x) && (_y)) + ? XMEMCMP(_x, _y, (unsigned long)_z) + : -1; Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z), \ ("\"%p\" " #er " \"%p\" for \"%d\"", \ (const void *)_x, (const void *)_y, _z)); \ From 79d3b955ed6d2f9e82cddcff0fb255d06e4f1a23 Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Tue, 10 Sep 2024 13:51:21 +0200 Subject: [PATCH 002/325] tls.c type conversion fixed. --- src/tls.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/tls.c b/src/tls.c index 08ae784a0..0bcb631d3 100644 --- a/src/tls.c +++ b/src/tls.c @@ -929,7 +929,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, int blockBits, blockMask; int lastBlockLen, extraLen, eocIndex; int blocks, safeBlocks, lenBlock, eocBlock; - unsigned int maxLen; + word32 maxLen; int blockSz, padSz; int ret; word32 realLen; @@ -982,22 +982,22 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, blockMask = blockSz - 1; /* Size of data to HMAC if padding length byte is zero. */ - maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - (word32)macLen; /* Complete data (including padding) has block for EOC and/or length. */ - extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + extraBlock = ctSetLTE(((int)maxLen + padSz) & blockMask, padSz); /* Total number of blocks for data including padding. */ - blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + blocks = ((int)(maxLen + (word32)blockSz - 1) >> blockBits) + extraBlock; /* Up to last 6 blocks can be hashed safely. */ safeBlocks = blocks - 6; /* Length of message data. */ realLen = maxLen - in[sz - 1]; /* Number of message bytes in last block. */ - lastBlockLen = realLen & blockMask; + lastBlockLen = (int)realLen & blockMask; /* Number of padding bytes in last block. */ extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; /* Number of blocks to create for hash. */ - lenBlock = (realLen + extraLen) >> blockBits; + lenBlock = ((int)realLen + extraLen) >> blockBits; /* Block containing EOC byte. */ eocBlock = (int)(realLen >> (word32)blockBits); /* Index of EOC byte in block. */ @@ -12505,7 +12505,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, continue; /* skip! */ /* ssl level extensions are expected to override ctx level ones. */ - if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) + if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type))) continue; /* skip! */ /* extension type + extension data length. */ @@ -12670,7 +12670,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, /* marks the extension as processed so ctx level */ /* extensions don't overlap with ssl level ones. */ - TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); + TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type)); } *pLength += length; @@ -12697,11 +12697,11 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, continue; /* skip! */ /* ssl level extensions are expected to override ctx level ones. */ - if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) + if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type))) continue; /* skip! */ /* writes extension type. */ - c16toa(extension->type, output + offset); + c16toa((word16)extension->type, output + offset); offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; length_offset = offset; @@ -12919,7 +12919,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, /* marks the extension as processed so ctx level */ /* extensions don't overlap with ssl level ones. */ - TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); + TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type)); /* if we encountered an error propagate it */ if (ret != 0) From be88ddda1599b326302c66e5acfa1296d8ca81e3 Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Wed, 18 Sep 2024 16:53:39 +0200 Subject: [PATCH 003/325] more Wconversion fixes: api/test* block --- tests/api.c | 62 +++++++++++++------------ tests/unit.h | 4 +- wolfcrypt/test/test.c | 105 ++++++++++++++++++++++-------------------- 3 files changed, 89 insertions(+), 82 deletions(-) diff --git a/tests/api.c b/tests/api.c index 28a767674..499bec645 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2431,7 +2431,7 @@ static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, return -1; } - ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type); + ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type); wolfSSL_CertManagerFree(cm); @@ -2470,7 +2470,8 @@ static int test_cm_load_ca_file(const char* ca_cert_file) #if defined(WOLFSSL_PEM_TO_DER) if (ret == WOLFSSL_SUCCESS) { /* test loading DER */ - ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL); + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); if (ret == 0 && pDer != NULL) { ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, WOLFSSL_FILETYPE_ASN1); @@ -2498,7 +2499,7 @@ static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz, return -1; } - ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type, + ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type, 0, flags); wolfSSL_CertManagerFree(cm); @@ -2539,7 +2540,8 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) #if defined(WOLFSSL_PEM_TO_DER) if (ret == WOLFSSL_SUCCESS) { /* test loading DER */ - ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL); + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); if (ret == 0 && pDer != NULL) { ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length, WOLFSSL_FILETYPE_ASN1, flags); @@ -4808,13 +4810,13 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); - ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len), + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); - ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len), + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, @@ -4822,14 +4824,14 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, - (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len), + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); - ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len), + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (sword32)len), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); @@ -7272,7 +7274,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds, err != WOLFSSL_ERROR_WANT_WRITE) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); failing_c = 1; hs_c = 1; if (failing_c && failing_s) { @@ -7294,7 +7296,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds, err != WOLFSSL_ERROR_WANT_WRITE) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); failing_s = 1; hs_s = 1; if (failing_c && failing_s) { @@ -7804,7 +7806,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } @@ -8252,7 +8254,7 @@ static int test_client_nofail(void* args, cbType cb) if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } @@ -8262,7 +8264,7 @@ static int test_client_nofail(void* args, cbType cb) cipherSuite = wolfSSL_get_current_cipher_suite(ssl); cipherName1 = wolfSSL_get_cipher_name(ssl); cipherName2 = wolfSSL_get_cipher_name_from_suite( - (cipherSuite >> 8), cipherSuite & 0xFF); + (byte)(cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); /* IANA Cipher Suites Names */ @@ -8275,7 +8277,7 @@ static int test_client_nofail(void* args, cbType cb) #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ !defined(WOLFSSL_QT) cipherName1 = wolfSSL_get_cipher_name_iana_from_suite( - (cipherSuite >> 8), cipherSuite & 0xFF); + (byte)(cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); #endif @@ -8822,7 +8824,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "accept error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); /*err_sys("SSL_accept failed");*/ } else { @@ -9040,7 +9042,7 @@ static void run_wolfssl_client(void* args) if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buff)); + wolfSSL_ERR_error_string((word32)err, buff)); /*err_sys("SSL_connect failed");*/ } else { @@ -11109,8 +11111,8 @@ static int test_wolfSSL_UseSNI_params(void) ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, (byte)-1, "ssl", 3)); /* invalid data */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); @@ -12411,7 +12413,7 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) XMEMCPY(buf, msg->buffer, len); /* Move over returned data. */ msg->buffer += len; - msg->length -= len; + msg->length -= (word32)len; /* Amount actually copied. */ return len; @@ -18682,7 +18684,7 @@ static int test_wc_Chacha_Process(void) int i; for (i = 0; i < 256; i++) - input2[i] = i; + input2[i] = (byte)i; ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0); @@ -64229,7 +64231,7 @@ static int test_wolfSSL_MD4(void) XMEMSET(out, 0, sizeof(out)); MD4_Init(&md4); - MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz); + MD4_Update(&md4, (const void*)msg, (word32)msgSz); MD4_Final(out, &md4); ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0); #endif @@ -72786,7 +72788,7 @@ static int test_wolfSSL_OBJ_sn(void) } #if !defined(NO_BIO) -static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s) +static word32 TXT_DB_hash(const WOLFSSL_STRING *s) { return lh_strhash(s[3]); } @@ -86303,7 +86305,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { fprintf(stderr, "loading cert %s failed\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string((unsigned long)ret)); + wolfSSL_ERR_reason_error_string((word32)ret)); return -1; } @@ -86317,7 +86319,7 @@ static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) != WOLFSSL_SUCCESS) { fprintf(stderr, "could not verify the cert: %s\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string((unsigned long)ret)); + wolfSSL_ERR_reason_error_string((word32)ret)); return -1; } else { @@ -86596,7 +86598,7 @@ static int test_wolfSSL_THREADID_hash(void) CRYPTO_THREADID id; CRYPTO_THREADID_current(NULL); - /* Hash result is unsigned long. */ + /* Hash result is word32. */ ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL); XMEMSET(&id, 0, sizeof(id)); ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL); @@ -87630,7 +87632,7 @@ static int error_test(void) break; } } - errStr = wolfSSL_ERR_reason_error_string((unsigned long)i); + errStr = wolfSSL_ERR_reason_error_string((word32)i); if (! this_missing) { ExpectIntNE(XSTRCMP(errStr, unknownStr), 0); @@ -87678,10 +87680,10 @@ static int test_wolfSSL_ERR_strings(void) ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD)); ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); #else - ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((unsigned long)UNSUPPORTED_SUITE))); + ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE))); ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); - ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((unsigned long)UNSUPPORTED_SUITE))); + ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE))); ExpectIntEQ((*err == '\0'), 1); /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */ @@ -93858,7 +93860,7 @@ static int test_tls_multi_handshakes_one_record(void) } rh = (RecordLayerHeader*)(test_ctx.c_buff); len = &rh->length[0]; - c16toa(newRecIdx - RECORD_HEADER_SZ, len); + c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len); test_ctx.c_len = newRecIdx; ExpectIntEQ(wolfSSL_connect(ssl_c), -1); diff --git a/tests/unit.h b/tests/unit.h index 618458096..c138cd280 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -215,9 +215,7 @@ const byte* _x = (const byte*)(x); \ const byte* _y = (const byte*)(y); \ int _z = (int)(z); \ - int _w = ((_x) && (_y)) - ? XMEMCMP(_x, _y, (unsigned long)_z) - : -1; + int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, (unsigned long)_z) : -1; \ Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z), \ ("\"%p\" " #er " \"%p\" for \"%d\"", \ (const void *)_x, (const void *)_y, _z)); \ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 90cb4ce89..7a35d56a1 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4092,7 +4092,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void) /* Unaligned memory access test */ for (i = 1; i < 16; i++) { ret = wc_Sha512Update(&sha, (byte*)large_input + i, - LARGE_HASH_TEST_INPUT_SZ - i); + LARGE_HASH_TEST_INPUT_SZ - (word32)i); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha512Final(&sha, hash); @@ -4250,7 +4250,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void) /* Unaligned memory access test */ for (i = 1; i < 16; i++) { ret = wc_Sha512_224Update(&sha, (byte*)large_input + i, - (word32)sizeof(large_input) - i); + (word32)sizeof(large_input) - (word32)i); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha512_224Final(&sha, hash); @@ -4403,7 +4403,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void) /* Unaligned memory access test */ for (i = 1; i < 16; i++) { ret = wc_Sha512_256Update(&sha, (byte*)large_input + i, - (word32)sizeof(large_input) - i); + (word32)sizeof(large_input) - (word32)i); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha512_256Final(&sha, hash); @@ -5985,14 +5985,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) return WC_TEST_RET_ENC_I(i); if (exp_ret == 0) { ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, - digestSz - 1); + (word32)digestSz - 1); if (ret != WC_NO_ERR_TRACE(BUFFER_E)) return WC_TEST_RET_ENC_I(i); } ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) + if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0) return WC_TEST_RET_ENC_I(i); ret = wc_HashGetBlockSize(typesGood[i]); @@ -7790,10 +7790,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void) if (ret != 0) return ret; - if (XMEMCMP(plain_big, input_big, block_size)) + if (XMEMCMP(plain_big, input_big, (word32)block_size)) return WC_TEST_RET_ENC_I(i); - if (XMEMCMP(cipher_big, cipher_big_result, block_size)) + if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size)) return WC_TEST_RET_ENC_I(i); } @@ -14464,18 +14464,18 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz, - resultT, (word32)tagSz, aad, aadSz); + ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz, + resultT, (word32)tagSz, aad, (word32)aadSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (cipher != NULL) { - if (XMEMCMP(cipher, resultC, cipherSz)) + if (XMEMCMP(cipher, resultC, (word32)cipherSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } - if (XMEMCMP(tag, resultT, tagSz)) + if (XMEMCMP(tag, resultT, (unsigned long)tagSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) @@ -14489,7 +14489,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (cipher != NULL) { - if (XMEMCMP(cipher, resultC, cipherSz)) + if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } if (XMEMCMP(tag, resultT, tagSz)) @@ -14502,14 +14502,14 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz, - iv, (word32)ivSz, resultT, tagSz, aad, aadSz); + iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (plain != NULL) { - if (XMEMCMP(plain, resultP, plainSz)) + if (XMEMCMP(plain, resultP, (unsigned long)plainSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } @@ -14524,7 +14524,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (plain != NULL) { - if (XMEMCMP(plain, resultP, plainSz)) + if (XMEMCMP(plain, resultP, (unsigned long)plainSz)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #endif @@ -17719,7 +17719,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) #endif #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) -static int simple_mem_test(int sz) +static int simple_mem_test(size_t sz) { int ret = 0; byte* b; @@ -17730,11 +17730,11 @@ static int simple_mem_test(int sz) return WC_TEST_RET_ENC_NC; } /* utilize memory */ - for (i = 0; i < sz; i++) { + for (i = 0; i < (int)sz; i++) { b[i] = (byte)i; } /* read back and verify */ - for (i = 0; i < sz; i++) { + for (i = 0; i < (int)sz; i++) { if (b[i] != (byte)i) { ret = WC_TEST_RET_ENC_NC; break; @@ -17894,7 +17894,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) /* simple test */ - ret = simple_mem_test(MEM_TEST_SZ); + ret = simple_mem_test((size_t)MEM_TEST_SZ); if (ret != 0) return ret; #endif @@ -17902,7 +17902,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef COMPLEX_MEM_TEST /* test various size blocks */ for (i = 1; i < MEM_TEST_SZ; i*=2) { - ret = simple_mem_test(i); + ret = simple_mem_test((size_t)i); if (ret != 0) return ret; } @@ -19800,7 +19800,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) #endif if (ret >= 0) { ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], digestSz + 1, key, rng); + mgf[0], (int)digestSz + 1, key, rng); } } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) @@ -19828,7 +19828,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) #endif if (ret >= 0) { ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], - digestSz + 1, key); + (int)digestSz + 1, key); } } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) @@ -26470,7 +26470,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) if (ret < 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(derived, verify, kLen) != 0) + if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0) return WC_TEST_RET_ENC_NC; iterations = 1000; @@ -26755,7 +26755,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(okm1, res1, L) != 0) + if (XMEMCMP(okm1, res1, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; #ifndef HAVE_FIPS @@ -26766,7 +26766,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(okm1, res2, L) != 0) + if (XMEMCMP(okm1, res2, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; #endif /* HAVE_FIPS */ #endif /* !NO_SHA */ @@ -26777,7 +26777,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(okm1, res3, L) != 0) + if (XMEMCMP(okm1, res3, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; #ifndef HAVE_FIPS @@ -26787,7 +26787,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(okm1, res4, L) != 0) + if (XMEMCMP(okm1, res4, (unsigned long)L) != 0) return WC_TEST_RET_ENC_NC; #endif /* HAVE_FIPS */ #endif /* !NO_SHA256 */ @@ -26994,7 +26994,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void) int lblsdL = LBSL; int hash_type = sha384_mac; - ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type, + ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd, + (word32)lblsdL, hash_type, HEAP_HINT, INVALID_DEVID); if (ret != 0) { printf("Failed w/ code: %d\n", ret); @@ -27645,111 +27646,117 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void) ret = wc_Tls13_HKDF_Extract(secret, NULL, 0, (tv->pskSz == 0) ? zeroes : (byte*)tv->psk, - tv->pskSz, tv->hashAlg); + tv->pskSz, (int)tv->hashAlg); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel), - tv->hashHello1, (word32)hashAlgSz, tv->hashAlg); + tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz); + ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel), - tv->hashHello1, (word32)hashAlgSz, tv->hashAlg); + tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz); + ret = XMEMCMP(tv->earlyExporterMasterSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), - hashZero, (word32)hashAlgSz, tv->hashAlg); + hashZero, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe, - tv->dheSz, tv->hashAlg); + tv->dheSz, (int)tv->hashAlg); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel), - tv->hashHello2, (word32)hashAlgSz, tv->hashAlg); + tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; ret = XMEMCMP(tv->clientHandshakeTrafficSecret, - output, hashAlgSz); + output, (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel), - tv->hashHello2, (word32)hashAlgSz, tv->hashAlg); + tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz); + ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), - hashZero, (word32)hashAlgSz, tv->hashAlg); + hashZero, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, - zeroes, (word32)(word32)hashAlgSz, tv->hashAlg); + zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel), - tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz); + ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel), - tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz); + ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel), - tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg); + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz); + ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz); if (ret != 0) break; ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, secret, (word32)hashAlgSz, (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel), - tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg); + tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg); if (ret != 0) break; - ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz); + ret = XMEMCMP(tv->resumptionMasterSecret, output, + (unsigned long)hashAlgSz); if (ret != 0) break; } From 337456cc1e88460d101b3418c3ba204713be4ff2 Mon Sep 17 00:00:00 2001 From: Joshua Okeleke Date: Wed, 18 Sep 2024 21:27:53 +0200 Subject: [PATCH 004/325] Add support for (DevkitPro)libnds --- .gitignore | 1 + ChangeLog.md | 1 + IDE/NDS/README.md | 36 ++++++++++++++++++++++++++++++++++++ README | 1 + README.md | 1 + wolfcrypt/src/random.c | 2 +- wolfcrypt/test/test.c | 30 ++++++++++++++++++++++++++++++ wolfssl/ssl.h | 2 +- wolfssl/test.h | 4 +++- wolfssl/wolfcrypt/settings.h | 20 ++++++++++++++++++++ 10 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 IDE/NDS/README.md diff --git a/.gitignore b/.gitignore index c542ec121..8ef6f71b1 100644 --- a/.gitignore +++ b/.gitignore @@ -245,6 +245,7 @@ linuxkm/libwolfssl.mod.c linuxkm/libwolfssl.lds linuxkm/module_exports.c linuxkm/linuxkm/get_thread_size +*.nds # autotools generated scripts/unit.test diff --git a/ChangeLog.md b/ChangeLog.md index bee6e614e..424ed5611 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -49,6 +49,7 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* Add support for (DevkitPro)libnds ## Enhancements and Optimizations diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md new file mode 100644 index 000000000..88e9dbf41 --- /dev/null +++ b/IDE/NDS/README.md @@ -0,0 +1,36 @@ +# wolfSSL for libnds + +## Requirements + +[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds. + + +## Building + +``` +$ ./configure \ + --host=arm-none-eabi \ + CC=$DEVKITARM/bin/arm-none-eabi-g++ \ + AR=$DEVKITARM/bin/arm-none-eabi-ar \ + STRIP=$DEVKITARM/bin/arm-none-eabi-strip \ + RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \ + LIBS="-lfat -lnds9" \ + LDFLAGS="-L/opt/devkitpro/libnds/lib" \ + --prefix=$DEVKITPRO/portlibs/nds \ + CFLAGS="-march=armv5te -mtune=arm946e-s \ + --specs=ds_arm9.specs -DARM9 -DNDS \ + -DWOLFSSL_USER_IO \ + -I$DEVKITPRO/libnds/include" \ + --enable-fastmath --disable-benchmark \ + --disable-shared --disable-examples --disable-ecc +$ make +$ sudo make install +``` + +## Run the Tests + +To run the Crypttests type the following. +1. Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt -c ./wolfcrypt/test/testwolfcrypt.nds` +2. copy `./certs` to `your_nds_sd_card/_nds/certs` + +3. Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware. diff --git a/README b/README index 261eb200d..f144c7cd2 100644 --- a/README +++ b/README @@ -121,6 +121,7 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* Add support for (DevkitPro)libnds ## Enhancements and Optimizations diff --git a/README.md b/README.md index 28aac2669..e18172c19 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,7 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* Add support for (DevkitPro)libnds ## Enhancements and Optimizations diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index f1022edea..9307c9685 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3815,7 +3815,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } -#elif defined(DOLPHIN_EMULATOR) +#elif defined(DOLPHIN_EMULATOR) || defined (NDS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 937181064..c35c6e651 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -426,6 +426,13 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef DEVKITPRO #include #endif +#ifdef NDS + #include + #include + #include + #include + #include +#endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ @@ -2457,6 +2464,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ VIDEO_WaitVSync(); if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync(); #endif +#ifdef NDS + // Init Console output + consoleDemoInit(); + + // Init the Filesystem + fatInitDefault(); +#endif #ifdef HAVE_WNR if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) { @@ -2502,6 +2516,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ while (1); #endif +#ifdef NDS + // in Nintendo DS returning from main shuts down the Device without letting you see the Results. + printf("args.return_code: %d\n", args.return_code); + printf("Testing complete. Press Start to exit the Program\n"); + while(1) { + swiWaitForVBlank(); + scanKeys(); + int keys = keysDown(); + if(keys & KEY_START) break; + } +#endif + #if defined(WOLFSSL_ESPIDF) /* ESP_LOGI to print takes up a lot less memory than printf */ ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n", @@ -17955,6 +17981,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #elif defined(_WIN32_WCE) #define CERT_PREFIX "\\windows\\" #define CERT_PATH_SEP "\\" +#elif defined(NDS) + #undef CERT_PREFIX + #define CERT_PREFIX "fat:/_nds/" + #define CERT_PATH_SEP "/" #endif #ifndef CERT_PREFIX diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 63b2a8ed5..38d7483c1 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3127,7 +3127,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ - !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) + !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) && !defined(NDS) #include #endif /* allow writev style writing */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 0fb23c196..e3e328639 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -203,7 +203,9 @@ #include #include #include - #include + #ifndef NDS + #include + #endif #include #include #ifdef HAVE_PTHREAD diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a1e4b9004..4c8133824 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -262,6 +262,9 @@ /* Uncomment next line if building for Dolphin Emulator */ /* #define DOLPHIN_EMULATOR */ +/* Uncomment next line if building for NDS */ +/* #define NDS */ + /* Uncomment next line if using MAXQ1065 */ /* #define WOLFSSL_MAXQ1065 */ @@ -469,6 +472,23 @@ #include #endif + +#ifdef NDS + #include + #define SIZEOF_LONG_LONG 8 + #define socklen_t int + #define IPPROTO_UDP 17 + #define IPPROTO_TCP 6 + + /* Libnds doesn't include sys/uio.h. */ + /* Structure for scatter/gather I/O. */ + struct iovec + { + void *iov_base; /* Pointer to data. */ + size_t iov_len; /* Length of data. */ + }; +#endif + #if defined(ARDUINO) #if defined(ESP32) #ifndef NO_ARDUINO_DEFAULT From 99a99e3d6e470c6eecb536d18f4042f6433afe93 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 20 Sep 2024 00:17:12 +0200 Subject: [PATCH 005/325] Implement DTLS 1.2 Connection ID (CID) --- .github/workflows/os-check.yml | 2 + examples/client/client.c | 5 +- examples/server/server.c | 5 +- src/dtls.c | 85 ++- src/dtls13.c | 12 +- src/internal.c | 962 +++++++++++++++------------------ src/sniffer.c | 1 + src/ssl.c | 19 +- src/tls.c | 243 ++++++--- tests/api.c | 347 +++++++++++- wolfssl/internal.h | 69 ++- wolfssl/ssl.h | 3 +- wolfssl/test.h | 6 +- 13 files changed, 1082 insertions(+), 677 deletions(-) diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 8b337c1f0..154fa0403 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -38,6 +38,8 @@ jobs: '--enable-all --enable-dtls13 --enable-dtls-frag-ch', '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch --enable-dtls-mtu', + '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation + --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA', ] name: make check runs-on: ${{ matrix.os }} diff --git a/examples/client/client.c b/examples/client/client.c index b8adcc192..89c0f975b 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -4184,10 +4184,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("CID extension was negotiated\n"); ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); - if (ret != WOLFSSL_SUCCESS) - err_sys("Can't get negotiated DTLS CID size\n"); - - if (receivedCIDSz > 0) { + if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) { ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, DTLS_CID_BUFFER_SIZE - 1); if (ret != WOLFSSL_SUCCESS) diff --git a/examples/server/server.c b/examples/server/server.c index 2f42a909e..bc3e1509f 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -3595,10 +3595,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) unsigned int receivedCIDSz; printf("CID extension was negotiated\n"); ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); - if (ret != WOLFSSL_SUCCESS) - err_sys("Can't get negotiated DTLS CID size\n"); - - if (receivedCIDSz > 0) { + if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) { ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, DTLS_CID_BUFFER_SIZE - 1); if (ret != WOLFSSL_SUCCESS) diff --git a/src/dtls.c b/src/dtls.c index 1bdb7ce46..c30066be2 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -1038,22 +1038,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, #if defined(WOLFSSL_DTLS_CID) -typedef struct ConnectionID { - byte length; -/* Ignore "nonstandard extension used : zero-sized array in struct/union" - * MSVC warning */ -#ifdef _MSC_VER -#pragma warning(disable: 4200) -#endif - byte id[]; -} ConnectionID; - -typedef struct CIDInfo { - ConnectionID* tx; - ConnectionID* rx; - byte negotiated : 1; -} CIDInfo; - static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap) { ConnectionID* ret; @@ -1079,7 +1063,7 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx) ConnectionID* id; CIDInfo* info; - if (ssl == NULL || size == NULL) + if (ssl == NULL) return BAD_FUNC_ARG; info = DtlsCidGetInfo(ssl); @@ -1087,12 +1071,14 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx) return WOLFSSL_FAILURE; id = rx ? info->rx : info->tx; - if (id == NULL) { - *size = 0; - return WOLFSSL_SUCCESS; + if (id == NULL || id->length == 0) { + if (size != NULL) + *size = 0; + return WOLFSSL_FAILURE; } - *size = id->length; + if (size != NULL) + *size = id->length; return WOLFSSL_SUCCESS; } @@ -1231,9 +1217,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl) int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { - ConnectionID* id; CIDInfo* info; - byte cidSize; + byte cidSz; TLSX* ext; ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID); @@ -1254,31 +1239,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, return BAD_STATE_E; /* it may happen if we process two ClientHello because the server sent an - * HRR request */ + * HRR/HVR request */ if (info->tx != NULL) { if (ssl->options.side != WOLFSSL_SERVER_END && - ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE) + ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE && + !IsSCR(ssl)) return BAD_STATE_E; - XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX); - info->tx = NULL; + if (!info->negotiated) { + XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX); + info->tx = NULL; + } } if (length < OPAQUE8_LEN) return BUFFER_ERROR; - cidSize = *input; - if (cidSize + OPAQUE8_LEN > length) + cidSz = *input; + if (cidSz + OPAQUE8_LEN > length) return BUFFER_ERROR; - if (cidSize > 0) { - id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap, - DYNAMIC_TYPE_TLSX); - if (id == NULL) - return MEMORY_ERROR; - XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize); - id->length = cidSize; - info->tx = id; + if (cidSz > 0) { + if (!info->negotiated) { + ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz, + ssl->heap, DYNAMIC_TYPE_TLSX); + if (id == NULL) + return MEMORY_ERROR; + XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz); + id->length = cidSz; + info->tx = id; + } + else { + /* For now we don't support changing the CID on a rehandshake */ + if (XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0) + return DTLS_CID_ERROR; + } } info->negotiated = 1; @@ -1317,10 +1312,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl) { int ret; - /* CID is supported on DTLSv1.3 only */ - if (!IsAtLeastTLSv1_3(ssl->version)) - return WOLFSSL_FAILURE; - ssl->options.useDtlsCID = 1; ret = TLSX_ConnectionID_Use(ssl); if (ret != 0) @@ -1345,8 +1336,11 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size) if (cidInfo == NULL) return WOLFSSL_FAILURE; - XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX); - cidInfo->rx = NULL; + if (cidInfo->rx != NULL) { + WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a " + "connection"); + return WOLFSSL_FAILURE; + } /* empty CID */ if (size == 0) @@ -1384,6 +1378,11 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf, return DtlsCidGet(ssl, buf, bufferSz, 0); } +int wolfSSL_dtls_cid_max_size(void) +{ + return DTLS_CID_MAX_SIZE; +} + #endif /* WOLFSSL_DTLS_CID */ #endif /* WOLFSSL_DTLS */ diff --git a/src/dtls13.c b/src/dtls13.c index c661dc94c..31b3e5374 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -1076,23 +1076,23 @@ static byte Dtls13GetCidRxSize(WOLFSSL* ssl) static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx) { - byte cidSize; + byte cidSz; int ret; if (!wolfSSL_dtls_cid_is_enabled(ssl)) return 0; - cidSize = Dtls13GetCidTxSize(ssl); + cidSz = Dtls13GetCidTxSize(ssl); /* no cid */ - if (cidSize == 0) + if (cidSz == 0) return 0; *flags |= DTLS13_CID_BIT; - /* we know that we have at least cidSize of space */ - ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize); + /* we know that we have at least cidSz of space */ + ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz); if (ret != WOLFSSL_SUCCESS) return ret; - *idx += cidSize; + *idx += cidSz; return 0; } diff --git a/src/internal.c b/src/internal.c index 2fc63753f..d09987657 100644 --- a/src/internal.c +++ b/src/internal.c @@ -210,6 +210,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif #endif +int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, + byte dec, byte** seq, int verifyOrder); #ifdef WOLFSSL_DTLS static int _DtlsCheckWindow(WOLFSSL* ssl); @@ -2893,12 +2895,16 @@ void FreeCiphers(WOLFSSL* ssl) wc_Arc4Free(ssl->decrypt.arc4); XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.arc4 = NULL; + ssl->decrypt.arc4 = NULL; #endif #ifdef BUILD_DES3 wc_Des3Free(ssl->encrypt.des3); wc_Des3Free(ssl->decrypt.des3); XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.des3 = NULL; + ssl->decrypt.des3 = NULL; #endif #if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */ @@ -2906,31 +2912,43 @@ void FreeCiphers(WOLFSSL* ssl) wc_AesFree(ssl->decrypt.aes); XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.aes = NULL; + ssl->decrypt.aes = NULL; #endif #if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) wc_Sm4Free(ssl->encrypt.sm4); wc_Sm4Free(ssl->decrypt.sm4); XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.sm4 = NULL; + ssl->decrypt.sm4 = NULL; #endif #if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \ !defined(WOLFSSL_NO_TLS12) - XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.additional = NULL; + ssl->decrypt.additional = NULL; #endif #ifdef CIPHER_NONCE - XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.nonce = NULL; + ssl->decrypt.nonce = NULL; #endif #ifdef HAVE_ARIA wc_AriaFreeCrypt(ssl->encrypt.aria); wc_AriaFreeCrypt(ssl->decrypt.aria); XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.aria = NULL; + ssl->decrypt.aria = NULL; #endif #ifdef HAVE_CAMELLIA XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.cam = NULL; + ssl->decrypt.cam = NULL; #endif #ifdef HAVE_CHACHA if (ssl->encrypt.chacha) @@ -2939,37 +2957,36 @@ void FreeCiphers(WOLFSSL* ssl) ForceZero(ssl->decrypt.chacha, sizeof(ChaCha)); XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.chacha = NULL; + ssl->decrypt.chacha = NULL; #endif #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) if (ssl->auth.poly1305) ForceZero(ssl->auth.poly1305, sizeof(Poly1305)); XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->auth.poly1305 = NULL; #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) wc_HmacFree(ssl->encrypt.hmac); wc_HmacFree(ssl->decrypt.hmac); XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->encrypt.hmac = NULL; + ssl->decrypt.hmac = NULL; #endif #ifdef WOLFSSL_DTLS13 #ifdef BUILD_AES - if (ssl->dtlsRecordNumberEncrypt.aes != NULL) { - wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes); - XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->dtlsRecordNumberEncrypt.aes = NULL; - } - if (ssl->dtlsRecordNumberDecrypt.aes != NULL) { - wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes); - XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->dtlsRecordNumberDecrypt.aes = NULL; - } + wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes); + wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes); + XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->dtlsRecordNumberEncrypt.aes = NULL; + ssl->dtlsRecordNumberDecrypt.aes = NULL; #endif /* BUILD_AES */ #ifdef HAVE_CHACHA - XFREE(ssl->dtlsRecordNumberEncrypt.chacha, - ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->dtlsRecordNumberDecrypt.chacha, - ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberEncrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberDecrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); ssl->dtlsRecordNumberEncrypt.chacha = NULL; ssl->dtlsRecordNumberDecrypt.chacha = NULL; #endif /* HAVE_CHACHA */ @@ -4750,8 +4767,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #endif /* !NO_CERTS */ -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) -static word32 MacSize(const WOLFSSL* ssl) +word32 MacSize(const WOLFSSL* ssl) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ @@ -4762,7 +4778,6 @@ static word32 MacSize(const WOLFSSL* ssl) return digestSz; } -#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */ #ifndef NO_RSA #if !defined(WOLFSSL_NO_TLS12) || \ @@ -10119,6 +10134,14 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) sz -= dtls_record_extra; #endif /* WOLFSSL_DTLS13 */ } else { +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz = 0; + if (IsEncryptionOn(ssl, 1) && + wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) { + adj += cidSz; + sz -= cidSz + 1; /* +1 to not hash the real content type */ + } +#endif adj += DTLS_RECORD_EXTRA; sz -= DTLS_RECORD_EXTRA; } @@ -10159,7 +10182,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) /* add record layer header for message */ -static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl, int epochOrder) +static void AddRecordHeader(byte* output, word32 length, byte type, + WOLFSSL* ssl, int epochOrder) { RecordLayerHeader* rl; @@ -10198,12 +10222,19 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl } else { #ifdef WOLFSSL_DTLS - DtlsRecordLayerHeader* dtls; - /* dtls record layer header extensions */ - dtls = (DtlsRecordLayerHeader*)output; + DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output; +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz = 0; + if (type == dtls12_cid && + wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) { + wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz); + c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz); + } + else +#endif + c16toa((word16)length, dtls->length); WriteSEQ(ssl, epochOrder, dtls->sequence_number); - c16toa((word16)length, dtls->length); #endif } } @@ -10305,6 +10336,8 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, int maxFrag; int ret = 0; int headerSz; + int rHdrSz = 0; /* record header size */ + int hsHdrSz = 0; /* handshake header size */ WOLFSSL_ENTER("SendHandshakeMsg"); (void)type; @@ -10313,8 +10346,10 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (ssl == NULL || input == NULL) return BAD_FUNC_ARG; #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - headerSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; + if (ssl->options.dtls) { + rHdrSz = DTLS_RECORD_HEADER_SZ; + hsHdrSz = DTLS_HANDSHAKE_HEADER_SZ; + } else #endif { @@ -10322,7 +10357,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, * per fragment like in DTLS. The handshake header should * already be in the input buffer. */ inputSz += HANDSHAKE_HEADER_SZ; - headerSz = RECORD_HEADER_SZ; + rHdrSz = RECORD_HEADER_SZ; } maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz); @@ -10337,7 +10372,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (!ssl->options.buildingMsg) { /* Hash it before the loop as we modify the input with * encryption on */ - ret = HashOutput(ssl, input, headerSz + (int)inputSz, 0); + ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS @@ -10347,6 +10382,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, ssl->keys.dtls_handshake_number--; #endif } + headerSz = rHdrSz + hsHdrSz; while (ssl->fragOffset < inputSz) { byte* output; int outputSz; @@ -11028,13 +11064,8 @@ int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted) static WC_INLINE int isLastMsg(const WOLFSSL* ssl, word32 msgSz) { word32 extra = 0; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) extra = ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - extra += MacSize(ssl); -#endif - } return (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) + msgSz + extra == ssl->curSize; } @@ -11312,6 +11343,9 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, RecordLayerHeader* rh, word16* size) { +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + unsigned int cidSz = 0; +#endif #ifdef HAVE_FUZZER if (ssl->fuzzerCb) @@ -11365,6 +11399,13 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, *inOutIdx += ENUM_LEN + VERSION_SZ; ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch); +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (rh->type == dtls12_cid && + (wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz) != WOLFSSL_SUCCESS || + cidSz == 0)) + return DTLS_CID_ERROR; +#endif + #ifdef WOLFSSL_DTLS13 /* only non protected message can use the DTLSPlaintext record header */ if (IsAtLeastTLSv1_3(ssl->version)) { @@ -11396,6 +11437,20 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo); #endif /* WOLFSSL_DTLS13 */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (rh->type == dtls12_cid) { + byte cid[DTLS_CID_MAX_SIZE]; + if (ssl->buffers.inputBuffer.length - *inOutIdx < cidSz + LENGTH_SZ) + return LENGTH_ERROR; + if (cidSz > DTLS_CID_MAX_SIZE || + wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS) + return DTLS_CID_ERROR; + if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, + cid, cidSz) != 0) + return DTLS_CID_ERROR; + *inOutIdx += cidSz; + } +#endif ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, size); *inOutIdx += LENGTH_SZ; @@ -11443,8 +11498,12 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, /* DTLSv1.3 MUST check window after deprotecting to avoid timing channel (RFC9147 Section 4.5.1) */ if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) { + byte needsEnc = rh->type == application_data; /* can't be epoch 0 */ +#ifdef WOLFSSL_DTLS_CID + needsEnc = needsEnc || rh->type == dtls12_cid; +#endif if (!_DtlsCheckWindow(ssl) || - (rh->type == application_data && ssl->keys.curEpoch == 0) || + (needsEnc && ssl->keys.curEpoch == 0) || (rh->type == alert && ssl->options.handShakeDone && ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) { WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR); @@ -11535,6 +11594,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, case change_cipher_spec: case application_data: case alert: +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + case dtls12_cid: +#endif #ifdef WOLFSSL_DTLS13 case ack: #endif /* WOLFSSL_DTLS13 */ @@ -16178,13 +16240,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_CERT_COMPLETE; } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -16444,20 +16501,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, } if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > size) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > size) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + if (*inOutIdx + ssl->keys.padSz > size) + return BUFFER_E; + *inOutIdx += ssl->keys.padSz; } WOLFSSL_LEAVE("DoCertificateStatus", ret); @@ -16488,24 +16534,12 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsEncryptionOn(ssl, 0)) { /* If size == totalSz then we are in DtlsMsgDrain so no need to worry * about padding */ - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (size != totalSz && - *inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz */ - if (size != totalSz && - *inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; + /* access beyond input + size should be checked against totalSz */ + if (size != totalSz && + *inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + *inOutIdx += ssl->keys.padSz; } if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -16542,17 +16576,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, * If size == totalSz then we are in DtlsMsgDrain so no need to worry about * padding */ if (size != totalSz) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz) - return BUFFER_E; - } - else - #endif - { - if (*inOutIdx + size + ssl->keys.padSz > totalSz) - return BUFFER_E; - } + if (*inOutIdx + size + ssl->keys.padSz > totalSz) + return BUFFER_E; } #ifdef WOLFSSL_CALLBACKS @@ -16595,10 +16620,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); -#endif if (ssl->options.side == WOLFSSL_CLIENT_END) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; @@ -17145,10 +17166,6 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, expectedIdx = *inOutIdx + size + (ssl->keys.encryptionOn ? ssl->keys.padSz : 0); -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.encryptionOn) - expectedIdx += MacSize(ssl); -#endif #if !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_SECURE_RENEGOTIATION) && \ @@ -17299,23 +17316,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("processing hello verify request"); ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size); if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz - */ - if (*inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; + /* access beyond input + size should be checked against totalSz + */ + if (*inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + *inOutIdx += ssl->keys.padSz; } break; @@ -17388,13 +17394,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, AddLateName("ServerHelloDone", &ssl->timeoutInfo); #endif ssl->options.serverState = SERVER_HELLODONE_COMPLETE; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } break; case finished: @@ -17429,24 +17430,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* If size == totalSz then we are in DtlsMsgDrain so no need to worry * about padding */ if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (size != totalSz && - *inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz - */ - if (size != totalSz && - *inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + /* access beyond input + size should be checked against totalSz + */ + if (size != totalSz && + *inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; + *inOutIdx += ssl->keys.padSz; } break; @@ -18309,22 +18298,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, input + *inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } *inOutIdx += ssl->keys.padSz; ret = 0; @@ -18365,22 +18341,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Already saw this message and processed it. It can be ignored. */ WOLFSSL_MSG("Already saw this message and processed it"); *inOutIdx += fragSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } #ifndef WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT if (IsDtlsNotSctpMode(ssl) && @@ -18413,17 +18376,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, input + *inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; - *inOutIdx += ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } -#endif + *inOutIdx += ssl->keys.padSz; ret = 0; if (ssl->dtls_rx_msg_list != NULL && ssl->dtls_rx_msg_list->ready) ret = DtlsMsgDrain(ssl); @@ -18443,14 +18400,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (idx + fragSz + ssl->keys.padSz > totalSz) return BUFFER_E; *inOutIdx = idx + fragSz + ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += digestSz; - } -#endif /* In async mode always store the message and process it with * DtlsMsgDrain because in case of a WC_PENDING_E it will be * easier this way. */ @@ -18507,8 +18456,8 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Used for the older version of creating AEAD tags with Poly1305 */ -static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, - byte* cipher, word16 sz, byte* tag) +static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz, + const byte* out, byte* cipher, word16 sz, byte* tag) { int ret = 0; int msglen = (sz - ssl->specs.aead_mac_size); @@ -18526,12 +18475,12 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, return ret; if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional, - AEAD_AUTH_DATA_SZ)) != 0) + additionalSz)) != 0) return ret; /* length of additional input plus padding */ XMEMSET(padding, 0, sizeof(padding)); - padding[0] = AEAD_AUTH_DATA_SZ; + padding[0] = additionalSz; if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding))) != 0) return ret; @@ -18574,19 +18523,21 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, * Return 0 on success negative values in error case */ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz) + word16 sz, byte type) { - const byte* additionalSrc = input - RECORD_HEADER_SZ; int ret = 0; word32 msgLen = (sz - ssl->specs.aead_mac_size); byte tag[POLY1305_AUTH_SZ]; byte add[AEAD_AUTH_DATA_SZ]; + int addSz = 0; byte nonce[CHACHA20_NONCE_SZ]; byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */ #ifdef CHACHA_AEAD_TEST int i; #endif Keys* keys = &ssl->keys; + byte* seq = NULL; + int verifyOrder = CUR_ORDER; XMEMSET(tag, 0, sizeof(tag)); XMEMSET(nonce, 0, sizeof(nonce)); @@ -18604,36 +18555,22 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, /* opaque SEQ number stored for AD */ if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) { if (ssl->keys.dtls_epoch == - ssl->secure_renegotiation->tmp_keys.dtls_epoch) { + ssl->secure_renegotiation->tmp_keys.dtls_epoch) keys = &ssl->secure_renegotiation->tmp_keys; - WriteSEQ(ssl, CUR_ORDER, add); - } else - WriteSEQ(ssl, PREV_ORDER, add); + verifyOrder = PREV_ORDER; } - else #endif - WriteSEQ(ssl, CUR_ORDER, add); + + addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder); + if (addSz < 0) + return addSz; if (ssl->options.oldPoly != 0) { /* get nonce. SEQ should not be incremented again here */ - XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2); + XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ); } - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } - #endif - - /* add TLS message size to additional data */ - add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff; - add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff; - - XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3); - #ifdef CHACHA_AEAD_TEST printf("Encrypt Additional : "); for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) { @@ -18652,15 +18589,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); - nonce[4] ^= add[0]; - nonce[5] ^= add[1]; - nonce[6] ^= add[2]; - nonce[7] ^= add[3]; - nonce[8] ^= add[4]; - nonce[9] ^= add[5]; - nonce[10] ^= add[6]; - nonce[11] ^= add[7]; + XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ); + xorbuf(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); } #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ); @@ -18715,7 +18645,7 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, /* get the poly1305 tag using either old padding scheme or more recent */ if (ssl->options.oldPoly != 0) { - if ((ret = Poly1305TagOld(ssl, add, (const byte* )out, + if ((ret = Poly1305TagOld(ssl, add, addSz, (const byte* )out, poly, sz, tag)) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -18733,8 +18663,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, #endif return ret; } - if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, - sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) { + if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, out, msgLen, + tag, sizeof(tag))) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18790,12 +18720,14 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) { byte add[AEAD_AUTH_DATA_SZ]; + int addSz = 0; byte nonce[CHACHA20_NONCE_SZ]; byte tag[POLY1305_AUTH_SZ]; byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ int ret = 0; int msgLen = (sz - ssl->specs.aead_mac_size); Keys* keys = &ssl->keys; + byte* seq = NULL; #ifdef CHACHA_AEAD_TEST int i; @@ -18824,24 +18756,16 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, keys = &ssl->secure_renegotiation->tmp_keys; #endif - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, add); + + addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER); + if (addSz < 0) + return addSz; if (ssl->options.oldPoly != 0) { /* get nonce, SEQ should not be incremented again here */ - XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2); + XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ); } - /* get AD info */ - /* Store the type, version. */ - add[AEAD_TYPE_OFFSET] = ssl->curRL.type; - add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - /* add TLS message size to additional data */ - add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff; - add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff; - #ifdef CHACHA_AEAD_TEST printf("Decrypt Additional : "); for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) { @@ -18853,15 +18777,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); - nonce[4] ^= add[0]; - nonce[5] ^= add[1]; - nonce[6] ^= add[2]; - nonce[7] ^= add[3]; - nonce[8] ^= add[4]; - nonce[9] ^= add[5]; - nonce[10] ^= add[6]; - nonce[11] ^= add[7]; + XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ); + xorbuf(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); } #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ); @@ -18906,7 +18823,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, /* get the tag using Poly1305 */ if (ssl->options.oldPoly != 0) { - if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) { + if ((ret = Poly1305TagOld(ssl, add, addSz, input, poly, sz, tag)) + != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18923,8 +18841,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, #endif return ret; } - if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, - sizeof(add), input, (word32)msgLen, tag, sizeof(tag))) != 0) { + if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, input, + (word32)msgLen, tag, sizeof(tag))) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -19008,9 +18926,75 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in, #endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_AEAD_CID_SZ(s, dec, c) \ + ((dec) ? wolfSSL_dtls_cid_get_rx_size((s), (c)) \ + : wolfSSL_dtls_cid_get_tx_size((s), (c))) +#define TLS_AEAD_CID(s, dec, b, c) \ + ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ + : wolfSSL_dtls_cid_get_tx((s), (b), (c))) +#endif +/** + * + * @param ssl WOLFSSL object + * @param sz Length of fragment + * @param type Record content type + * @param additional AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length. + * @param dec Are we decrypting + * @return > 0 length of auth data + * <=0 error + */ +int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, + byte* additional, byte dec, byte** seq, int verifyOrder) +{ + word32 idx = 0; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + unsigned int cidSz = 0; + if (ssl->options.dtls && + TLS_AEAD_CID_SZ(ssl, dec, &cidSz) == WOLFSSL_SUCCESS) { + if (cidSz > DTLS_CID_MAX_SIZE) { + WOLFSSL_MSG("DTLS CID too large"); + return DTLS_CID_ERROR; + } + + XMEMSET(additional + idx, 0xFF, SEQ_SZ); + idx += SEQ_SZ; + additional[idx++] = dtls12_cid; + additional[idx++] = (byte)cidSz; + additional[idx++] = dtls12_cid; + additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major; + additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor; + WriteSEQ(ssl, verifyOrder, additional + idx); + if (seq != NULL) + *seq = additional + idx; + idx += SEQ_SZ; + if (TLS_AEAD_CID(ssl, dec, additional + idx, cidSz) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + WOLFSSL_MSG("DTLS CID write failed"); + return DTLS_CID_ERROR; + } + idx += cidSz; + c16toa(sz, additional + idx); + idx += LENGTH_SZ; + + return (int)idx; + } +#endif + if (seq != NULL) + *seq = additional + idx; + WriteSEQ(ssl, verifyOrder, additional + idx); + idx += SEQ_SZ; + additional[idx++] = dec ? ssl->curRL.type : type; + additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major; + additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor; + c16toa(sz, additional + idx); + idx += LENGTH_SZ; + + return (int)idx; +} static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz, int asyncOkay) + word16 sz, int asyncOkay, byte type) { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT @@ -19077,7 +19061,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */ { AES_AUTH_ENCRYPT_FUNC aes_auth_fn; - const byte* additionalSrc; + int additionalSz; #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ @@ -19095,27 +19079,17 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #else aes_auth_fn = AES_CCM_ENCRYPT; #endif - additionalSrc = input - 5; - XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ); - - /* sequence number field is 64-bits */ - WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional); - - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; + additionalSz = writeAeadAuthData(ssl, + /* Length of the plain text minus the explicit + * IV length minus the authentication tag size. */ + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + ssl->encrypt.additional, 0, NULL, CUR_ORDER); + if (additionalSz < 0) { + ret = additionalSz; + break; } - #endif - XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET, - additionalSrc, 3); - /* Store the length of the plain text minus the explicit - * IV length minus the authentication tag size. */ - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.additional + AEAD_LEN_OFFSET); #if !defined(NO_PUBLIC_GCM_SET_IV) && \ ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) @@ -19133,7 +19107,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->encrypt.additional, additionalSz); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) @@ -19145,7 +19119,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->encrypt.additional, additionalSz); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -19166,27 +19140,18 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #ifdef HAVE_ARIA case wolfssl_aria_gcm: { - const byte* additionalSrc = input - RECORD_HEADER_SZ; + int additionalSz; byte *outBuf = NULL; - XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ); - /* sequence number field is 64-bits */ - WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional); + additionalSz = ret = writeAeadAuthData(ssl, + /* Length of the plain text minus the explicit + * IV length minus the authentication tag size. */ + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + ssl->encrypt.additional, 0, NULL, CUR_ORDER); + if (ret < 0) + break; + ret = 0; - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } - #endif - XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET, - additionalSrc, 3); - - /* Store the length of the plain text minus the explicit - * IV length minus the authentication tag size. */ - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.additional + AEAD_LEN_OFFSET); XMEMCPY(ssl->encrypt.nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, @@ -19201,7 +19166,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, (byte*) input + AESGCM_EXP_IV_SZ, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ssl->encrypt.nonce, AESGCM_NONCE_SZ, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ, + ssl->encrypt.additional, additionalSz, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); @@ -19224,7 +19189,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: - ret = ChachaAEADEncrypt(ssl, out, input, sz); + ret = ChachaAEADEncrypt(ssl, out, input, sz, type); break; #endif @@ -19342,7 +19307,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, } static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz, int asyncOkay) + word16 sz, int asyncOkay, byte type) { int ret = 0; @@ -19433,7 +19398,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, case CIPHER_STATE_DO: { - ret = EncryptDo(ssl, out, input, sz, asyncOkay); + ret = EncryptDo(ssl, out, input, sz, asyncOkay, type); /* Advance state */ ssl->encrypt.state = CIPHER_STATE_END; @@ -19566,6 +19531,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */ { wc_AesAuthDecryptFunc aes_auth_fn; + int additionalSz; #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ @@ -19584,17 +19550,13 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, aes_auth_fn = wc_AesCcmDecrypt; #endif - XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ); - - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional); - - ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; - ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.additional + AEAD_LEN_OFFSET); + additionalSz = writeAeadAuthData(ssl, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type, + ssl->decrypt.additional, 1, NULL, PEER_ORDER); + if (additionalSz < 0) { + ret = additionalSz; + break; + } #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl)) @@ -19617,7 +19579,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.nonce, AESGCM_NONCE_SZ, (byte *)(input + sz - ssl->specs.aead_mac_size), ssl->specs.aead_mac_size, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->decrypt.additional, additionalSz); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) @@ -19630,7 +19592,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.nonce, AESGCM_NONCE_SZ, input + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) { + ssl->decrypt.additional, additionalSz)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -19647,17 +19609,14 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, case wolfssl_aria_gcm: { byte *outBuf = NULL; - XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ); + int additionalSz; - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional); - - ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; - ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.additional + AEAD_LEN_OFFSET); + additionalSz = ret = writeAeadAuthData(ssl, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type, + ssl->decrypt.additional, 1, NULL, PEER_ORDER); + if (ret < 0) + break; + ret = 0; #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl)) @@ -19680,7 +19639,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, (byte *)input + AESGCM_EXP_IV_SZ, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ssl->decrypt.nonce, AESGCM_NONCE_SZ, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, + ssl->decrypt.additional, additionalSz, (byte *)input + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); @@ -20003,12 +19962,7 @@ static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl) /* check cipher text size for sanity */ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) { -#ifdef HAVE_TRUNCATED_HMAC - word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ - : ssl->specs.hash_size; -#else - word32 minLength = ssl->specs.hash_size; /* covers stream */ -#endif + word32 minLength = MacSize(ssl); #ifndef WOLFSSL_AEAD_ONLY if (ssl->specs.cipher_type == block) { @@ -20466,10 +20420,9 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) { - word32 msgSz = WOLFSSL_IS_QUIC(ssl)? ssl->curSize : ssl->keys.encryptSz; + word32 msgSz = ssl->curSize; word32 idx = *inOutIdx; int dataSz; - int ivExtra = 0; byte* rawData = input + idx; /* keep current for hmac */ #ifdef HAVE_LIBZ byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; @@ -20530,23 +20483,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } #endif -#ifndef WOLFSSL_AEAD_ONLY - if (ssl->specs.cipher_type == block) { - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - } - else -#endif - if (ssl->specs.cipher_type == aead) { - if (CipherHasExpIV(ssl)) - ivExtra = AESGCM_EXP_IV_SZ; - } - - dataSz = (int)(msgSz - (word32)ivExtra - ssl->keys.padSz); -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - dataSz -= MacSize(ssl); -#endif + dataSz = msgSz - ssl->keys.padSz; if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); if (sniff == NO_SNIFF) { @@ -20585,10 +20522,6 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } idx += ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - idx += MacSize(ssl); -#endif #ifdef HAVE_LIBZ /* decompress could be bigger, overwrite after verify */ @@ -20838,26 +20771,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) } #endif - if (IsEncryptionOn(ssl, 0)) { - word32 ivExtra = 0; -#ifndef WOLFSSL_AEAD_ONLY - if (ssl->specs.cipher_type == block) { - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - } - else -#endif - if (ssl->specs.cipher_type == aead) { - if (CipherHasExpIV(ssl)) - ivExtra = AESGCM_EXP_IV_SZ; - } - dataSz -= ivExtra; + if (IsEncryptionOn(ssl, 0)) dataSz -= ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - dataSz -= MacSize(ssl); - #endif - } /* make sure can read the message */ if (dataSz != ALERT_SIZE) { @@ -20900,10 +20815,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) if (IsEncryptionOn(ssl, 0)) { *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif } return level; @@ -21029,20 +20940,12 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, int ret; word32 pad = 0; word32 padByte = 0; -#ifdef HAVE_TRUNCATED_HMAC - word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ - : ssl->specs.hash_size; -#else - word32 digestSz = ssl->specs.hash_size; -#endif + word32 digestSz = MacSize(ssl); byte verify[WC_MAX_DIGEST_SIZE]; if (ssl->specs.cipher_type == block) { - int ivExtra = 0; - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - pad = *(input + msgSz - ivExtra - 1); + pad = input[msgSz - 1]; padByte = 1; if (ssl->options.tls) { @@ -21051,8 +20954,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, if(ssl->ctx->VerifyMacCb) { void* ctx = wolfSSL_GetVerifyMacCtx(ssl); ret = ssl->ctx->VerifyMacCb(ssl, input, - (msgSz - ivExtra) - digestSz - pad - 1, - digestSz, (word32)content, ctx); + msgSz - digestSz - pad - 1, + digestSz, (word32)content, ctx); if (ret != 0 && ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) { return ret; @@ -21062,7 +20965,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz, - (int)(msgSz - (word32)ivExtra), content); + (int)msgSz, content); if (ret != 0) return ret; } @@ -21111,7 +21014,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) else { - *padSz = digestSz + pad + padByte; + *padSz = pad + padByte; } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ @@ -21180,6 +21083,38 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) } #endif /* WOLFSSL_DTLS */ +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +static int removeMsgInnerPadding(WOLFSSL* ssl) +{ + word32 i = ssl->buffers.inputBuffer.idx + + ssl->curSize; + if (ssl->specs.cipher_type == aead) + i -= ssl->specs.aead_mac_size; + else + i -= ssl->keys.padSz + MacSize(ssl); + + /* check that the end of the logical length doesn't extend + * past the real buffer */ + if (i > ssl->buffers.inputBuffer.length || i == 0) { + WOLFSSL_ERROR(BUFFER_ERROR); + return BUFFER_ERROR; + } + + /* Remove padding from end of plain text. */ + for (--i; i > ssl->buffers.inputBuffer.idx; i--) { + if (ssl->buffers.inputBuffer.buffer[i] != 0) + break; + } + + /* Get the real content type from the end of the data. */ + ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; + /* consider both contentType byte and MAC as padding */ + ssl->keys.padSz = ssl->buffers.inputBuffer.idx + + ssl->curSize - i; + return 0; +} +#endif + int ProcessReply(WOLFSSL* ssl) { return ProcessReplyEx(ssl, 0); @@ -21490,8 +21425,6 @@ default: ssl->keys.padSz = 0; ssl->options.processReply = verifyEncryptedMessage; - /* in case > 1 msg per record */ - ssl->curStartIdx = ssl->buffers.inputBuffer.idx; FALL_THROUGH; /* verify digest of encrypted message */ @@ -21659,12 +21592,17 @@ default: #ifndef WOLFSSL_NO_TLS12 /* handle success */ #ifndef WOLFSSL_AEAD_ONLY - if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) + if (ssl->options.tls1_1 && + ssl->specs.cipher_type == block) { ssl->buffers.inputBuffer.idx += ssl->specs.block_size; + ssl->curSize -= ssl->specs.block_size; + } #endif /* go past TLSv1.1 IV */ - if (CipherHasExpIV(ssl)) + if (CipherHasExpIV(ssl)) { ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ; + ssl->curSize -= AESGCM_EXP_IV_SZ; + } #endif } else { @@ -21761,32 +21699,46 @@ default: ssl->keys.encryptSz = ssl->curSize; ssl->keys.decryptedCur = 1; -#ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) { - word32 i = (ssl->buffers.inputBuffer.idx + - ssl->curSize - ssl->specs.aead_mac_size); - /* check that the end of the logical length doesn't extend - * past the real buffer */ - if (i > ssl->buffers.inputBuffer.length || i == 0) { - WOLFSSL_ERROR(BUFFER_ERROR); - return BUFFER_ERROR; - } - - /* Remove padding from end of plain text. */ - for (--i; i > ssl->buffers.inputBuffer.idx; i--) { - if (ssl->buffers.inputBuffer.buffer[i] != 0) - break; - } - - /* Get the real content type from the end of the data. */ - ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; - /* consider both contentType byte and MAC as padding */ - ssl->keys.padSz = ssl->buffers.inputBuffer.idx - + ssl->curSize - i; - } -#endif } + if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) { +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + int removePadding = 0; + if (ssl->options.tls1_3) + removePadding = 1; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (!ssl->options.tls1_3 && ssl->options.dtls && + ssl->curRL.type == dtls12_cid) + removePadding = 1; +#endif + if (removePadding) { + ret = removeMsgInnerPadding(ssl); + if (ret != 0) + return ret; + } + else +#endif + { +#ifdef HAVE_ENCRYPT_THEN_MAC + word16 startedETMRead = ssl->options.startedETMRead; +#else + word16 startedETMRead = 0; +#endif + /* With atomicUser the callback should have already included + * the mac in the padding size. The ETM callback doesn't do + * this for some reason. */ + if (ssl->specs.cipher_type != aead && + (!atomicUser || startedETMRead)) { + /* consider MAC as padding */ + ssl->keys.padSz += MacSize(ssl); + } + } + + } + + /* in case > 1 msg per record */ + ssl->curStartIdx = ssl->buffers.inputBuffer.idx; + ssl->options.processReply = runProcessingOneRecord; FALL_THROUGH; @@ -21835,9 +21787,7 @@ default: if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) { /* For TLS v1.1 the block size and explicit IV are added to idx, * so it needs to be included in this limit check */ - if ((ssl->curSize - ssl->keys.padSz - - (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) - - MacSize(ssl) > MAX_PLAINTEXT_SZ) + if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ) #ifdef WOLFSSL_ASYNC_CRYPT && ssl->buffers.inputBuffer.length != ssl->buffers.inputBuffer.idx @@ -21857,9 +21807,7 @@ default: /* For TLS v1.1 the block size and explicit IV are added to idx, * so it needs to be included in this limit check */ if (!IsAtLeastTLSv1_3(ssl->version) - && ssl->curSize - ssl->keys.padSz - - (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) - > MAX_PLAINTEXT_SZ + && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ #ifdef WOLFSSL_ASYNC_CRYPT && ssl->buffers.inputBuffer.length != ssl->buffers.inputBuffer.idx @@ -22047,28 +21995,8 @@ default: } if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) { -#ifdef HAVE_AEAD - if (ssl->specs.cipher_type == aead) { - if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) - ssl->curSize -= AESGCM_EXP_IV_SZ; - ssl->buffers.inputBuffer.idx += ssl->specs.aead_mac_size; - ssl->curSize -= ssl->specs.aead_mac_size; - } - else -#endif - { - ssl->buffers.inputBuffer.idx += ssl->keys.padSz; - ssl->curSize -= (word16)ssl->keys.padSz; - ssl->curSize -= ssl->specs.iv_size; - } - - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - ssl->buffers.inputBuffer.idx += digestSz; - ssl->curSize -= (word16)digestSz; - } - #endif + ssl->buffers.inputBuffer.idx += ssl->keys.padSz; + ssl->curSize -= (word16)ssl->keys.padSz; } if (ssl->curSize != 1) { @@ -22272,32 +22200,17 @@ default: ssl->options.processReply = runProcessingOneMessage; if (IsEncryptionOn(ssl, 0)) { - WOLFSSL_MSG("Bundled encrypted messages, remove middle pad"); - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (ssl->buffers.inputBuffer.idx >= - ssl->keys.padSz + digestSz) { - ssl->buffers.inputBuffer.idx -= - ssl->keys.padSz + digestSz; - } - else { - WOLFSSL_MSG("\tmiddle padding error"); - WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); - return FATAL_ERROR; - } + /* With encryption on, we advance the index by the value + * of ssl->keys.padSz. Since padding only appears once, we + * only can do this at the end of record parsing. We have to + * reset the index to the start of the next message here. */ + if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) { + ssl->buffers.inputBuffer.idx -= ssl->keys.padSz; } - else - #endif - { - if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) { - ssl->buffers.inputBuffer.idx -= ssl->keys.padSz; - } - else { - WOLFSSL_MSG("\tmiddle padding error"); - WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); - return FATAL_ERROR; - } + else { + WOLFSSL_MSG("\tBuffer advanced not enough error"); + WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); + return FATAL_ERROR; } } } @@ -22835,6 +22748,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->sz = RECORD_HEADER_SZ + (word32)inSz; args->idx = RECORD_HEADER_SZ; args->headerSz = RECORD_HEADER_SZ; + args->type = (byte)type; } switch (ssl->options.buildMsgState) { @@ -22900,6 +22814,18 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->sz += DTLS_RECORD_EXTRA; args->idx += DTLS_RECORD_EXTRA; args->headerSz += DTLS_RECORD_EXTRA; + #ifdef WOLFSSL_DTLS_CID + if (ssl->options.dtls) { + unsigned int cidSz = 0; + if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) + == WOLFSSL_SUCCESS) { + args->sz += cidSz; + args->idx += cidSz; + args->headerSz += cidSz; + args->sz++; /* real_type. no padding. */ + } + } + #endif } #endif @@ -22981,7 +22907,13 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */ - AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder); + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls && + wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) + args->type = dtls12_cid; +#endif + AddRecordHeader(output, args->size, args->type, ssl, epochOrder); /* write to output */ if (args->ivSz > 0) { @@ -22991,6 +22923,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } XMEMCPY(output + args->idx, input, inSz); args->idx += (word32)inSz; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls && + wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) { + output[args->idx++] = (byte)type; /* type goes after input */ + inSz++; + } +#endif + /* Make sure we don't access input anymore as inSz may have been + * incremented */ + input = NULL; ssl->options.buildMsgState = BUILD_MSG_HASH; } @@ -23003,7 +22945,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (type == handshake && hashOutput) { ret = HashOutput(ssl, output, - (int)(args->headerSz + (word32)inSz), (int)args->ivSz); + (int)(args->headerSz + (word32)inSz), (int)args->ivSz); if (ret != 0) goto exit_buildmsg; } @@ -23039,7 +22981,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (ssl->options.startedETMWrite) { if (ssl->ctx->EncryptMacCb) { ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx + - args->pad + 1, type, 0, + args->pad + 1, args->type, 0, output + args->headerSz, output + args->headerSz, args->size - args->digestSz, @@ -23052,8 +22994,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, { if (ssl->ctx->MacEncryptCb) { ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx, - output + args->headerSz + args->ivSz, (unsigned int)inSz, - type, 0, output + args->headerSz, + output + args->headerSz + args->ivSz, + (unsigned int)inSz, args->type, 0, + output + args->headerSz, output + args->headerSz, args->size, ssl->MacEncryptCtx); goto exit_buildmsg; @@ -23084,8 +23027,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif ret = ssl->hmac(ssl, hmac, - output + args->headerSz + args->ivSz, (word32)inSz, - -1, type, 0, epochOrder); + output + args->headerSz + args->ivSz, + (word32)inSz, -1, args->type, 0, + epochOrder); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -23096,7 +23040,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif { ret = ssl->hmac(ssl, output + args->idx, output + - args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder); + args->headerSz + args->ivSz, (word32)inSz, -1, + args->type, 0, epochOrder); } } #endif /* WOLFSSL_AEAD_ONLY */ @@ -23137,13 +23082,14 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ret = Encrypt(ssl, output + args->headerSz, output + args->headerSz, (word16)(args->size - args->digestSz), - asyncOkay); + asyncOkay, args->type); } else #endif { ret = Encrypt(ssl, output + args->headerSz, - output + args->headerSz, args->size, asyncOkay); + output + args->headerSz, args->size, asyncOkay, + args->type); } #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) /* Restore sequence numbers */ @@ -23204,8 +23150,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif ret = ssl->hmac(ssl, hmac, output + args->headerSz, - args->ivSz + inSz + args->pad + 1, -1, type, - 0, epochOrder); + args->ivSz + inSz + args->pad + 1, -1, + args->type, 0, epochOrder); XMEMCPY(output + args->idx + args->pad + 1, hmac, args->digestSz); @@ -23219,8 +23165,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ret = ssl->hmac(ssl, output + args->idx + args->pad + 1, output + args->headerSz, args->ivSz + (word32)inSz + args->pad + 1, - -1, type, - 0, epochOrder); + -1, args->type, 0, epochOrder); } } #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */ @@ -23291,6 +23236,13 @@ int SendFinished(WOLFSSL* ssl) /* check for available size */ outputSz = sizeof(input) + MAX_MSG_EXTRA; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + unsigned int cidSz = 0; + if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) + outputSz += cidSz + 1; /* +1 for inner content type */ + } +#endif /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state * is not advanced yet */ @@ -23355,6 +23307,7 @@ int SendFinished(WOLFSSL* ssl) } #endif + ssl->keys.encryptionOn = 1; sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, handshake, 1, 0, 0, CUR_ORDER); if (sendSz < 0) @@ -23593,6 +23546,14 @@ int cipherExtraData(WOLFSSL* ssl) cipherExtra = ssl->specs.iv_size + ssl->specs.block_size + ssl->specs.hash_size; } + /* Add space needed for the CID */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + unsigned int cidSz = 0; + if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) + cipherExtra += cidSz + 1; /* +1 for inner content type */ + } +#endif /* Sanity check so we don't ever return negative. */ return cipherExtra > 0 ? cipherExtra : 0; } @@ -24798,7 +24759,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) if (ssl->options.dtls) { unsigned int cidSz = 0; if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) - outputSz += cidSz; + outputSz += cidSz + 1; /* +1 for inner content type */ } #endif @@ -29817,13 +29778,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { + if (ssl->options.dtls) DtlsMsgPoolReset(ssl); -#ifdef WOLFSSL_DTLS_CID - if (ssl->options.useDtlsCID) - DtlsCIDOnExtensionsParsed(ssl); -#endif /* WOLFSSL_DTLS_CID */ - } #endif if (OPAQUE16_LEN + OPAQUE8_LEN > size) @@ -30277,15 +30233,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.serverState = SERVER_HELLO_COMPLETE; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMWrite && - ssl->specs.cipher_type == block) { - *inOutIdx += MacSize(ssl); - } - #endif - } #ifdef HAVE_SECRET_CALLBACK if (ssl->sessionSecretCb != NULL @@ -30617,13 +30566,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.sendVerify = SEND_BLANK_CERT; } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } WOLFSSL_LEAVE("DoCertificateRequest", 0); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -32011,13 +31955,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -33980,13 +33919,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } ssl->expect_session_ticket = 0; @@ -37792,13 +37726,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } ssl->options.havePeerVerify = 1; @@ -40877,13 +40806,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } ret = MakeMasterSecret(ssl); diff --git a/src/sniffer.c b/src/sniffer.c index 7be98cdef..1299c2ad0 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -6495,6 +6495,7 @@ doPart: case ack: /* TODO */ #endif /* WOLFSSL_DTLS13 */ + case dtls12_cid: case no_type: default: SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE); diff --git a/src/ssl.c b/src/ssl.c index 264f2c04e..98f1b80f2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4850,7 +4850,7 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; - if (ssl->version.major == SSLv3_MAJOR) { + if (ssl->version.major == SSLv3_MAJOR || ssl->version.major == DTLS_MAJOR) { switch (ssl->version.minor) { case SSLv3_MINOR : return WOLFSSL_SSLV3; @@ -4862,6 +4862,12 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) return WOLFSSL_TLSV1_2; case TLSv1_3_MINOR : return WOLFSSL_TLSV1_3; + case DTLS_MINOR : + return WOLFSSL_DTLSV1; + case DTLSv1_2_MINOR : + return WOLFSSL_DTLSV1_2; + case DTLSv1_3_MINOR : + return WOLFSSL_DTLSV1_3; default: break; } @@ -8983,11 +8989,11 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) int result = WOLFSSL_SUCCESS; WOLFSSL_ENTER("wolfSSL_dtls_got_timeout"); - if (ssl == NULL) + if (ssl == NULL || !ssl->options.dtls) return WOLFSSL_FATAL_ERROR; #ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version)) { result = Dtls13RtxTimeout(ssl); if (result < 0) { if (result == WC_NO_ERR_TRACE(WANT_WRITE)) @@ -9001,7 +9007,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) } #endif /* WOLFSSL_DTLS13 */ - if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { + /* Do we have any 1.2 messages stored? */ + if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) { if (DtlsMsgPoolTimeout(ssl) < 0){ ssl->error = SOCKET_ERROR_E; WOLFSSL_ERROR(ssl->error); @@ -13177,6 +13184,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->keys.encryptionOn = 0; XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); + FreeCiphers(ssl); + InitCiphers(ssl); + InitCipherSpecs(&ssl->specs); + if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; diff --git a/src/tls.c b/src/tls.c index 0aff79169..3c1e0e7fe 100644 --- a/src/tls.c +++ b/src/tls.c @@ -760,6 +760,16 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, if (ssl == NULL || inner == NULL) return BAD_FUNC_ARG; + if (content == dtls12_cid +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + || (ssl->options.dtls && + wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) +#endif + ) { + WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID"); + return BAD_FUNC_ARG; + } + XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); WriteSEQ(ssl, verify, inner); @@ -904,7 +914,6 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) (word32)digestSz); if (ret == 0) ret = wc_HashFinal(&hash, hashType, mac); - wc_HashFree(&hash, hashType); } return ret; @@ -918,10 +927,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) * in Message data. * sz Size of the message data. * header Constructed record header with length of handshake data. + * headerSz Length of header * returns 0 on success, otherwise failure. */ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, - word32 sz, int macLen, byte* header) + word32 sz, int macLen, byte* header, word32 headerSz) { byte lenBytes[8]; int i, j; @@ -982,7 +992,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, blockMask = blockSz - 1; /* Size of data to HMAC if padding length byte is zero. */ - maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + maxLen = headerSz + sz - 1 - macLen; /* Complete data (including padding) has block for EOC and/or length. */ extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); /* Total number of blocks for data including padding. */ @@ -1016,11 +1026,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, XMEMSET(hmac->innerHash, 0, macLen); if (safeBlocks > 0) { - ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + ret = Hmac_HashUpdate(hmac, header, headerSz); if (ret != 0) return ret; - ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - - WOLFSSL_TLS_HMAC_INNER_SZ); + ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - headerSz); if (ret != 0) return ret; } @@ -1039,10 +1048,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; unsigned char b = 0; - if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + if (k < headerSz) b = header[k]; else if (k < maxLen) - b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + b = in[k - headerSz]; k++; b = ctMaskSel(atEoc, 0x80, b); @@ -1085,10 +1094,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, * in Message data. * sz Size of the message data. * header Constructed record header with length of handshake data. + * headerSz Length of header * returns 0 on success, otherwise failure. */ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, - word32 sz, byte* header) + word32 sz, byte* header, word32 headerSz) { byte dummy[WC_MAX_BLOCK_SIZE] = {0}; int ret = 0; @@ -1174,7 +1184,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, /* Calculate whole blocks. */ msgBlocks--; - ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + ret = wc_HmacUpdate(hmac, header, headerSz); if (ret == 0) { /* Fill the rest of the block with any available data. */ word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; @@ -1210,11 +1220,67 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, #endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_HMAC_CID_SZ(s, v, c) \ + ((v) ? wolfSSL_dtls_cid_get_rx_size((s), (c)) \ + : wolfSSL_dtls_cid_get_tx_size((s), (c))) +#define TLS_HMAC_CID(s, v, b, c) \ + ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ + : wolfSSL_dtls_cid_get_tx((s), (b), (c))) +#endif + +static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz, + word32 sz, int content, int verify, int epochOrder) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + unsigned int cidSz = 0; + if (ssl->options.dtls && + TLS_HMAC_CID_SZ(ssl, verify, &cidSz) == WOLFSSL_SUCCESS) { + word32 idx = 0; + if (cidSz > DTLS_CID_MAX_SIZE) { + WOLFSSL_MSG("DTLS CID too large"); + return DTLS_CID_ERROR; + } + + XMEMSET(inner + idx, 0xFF, SEQ_SZ); + idx += SEQ_SZ; + inner[idx++] = dtls12_cid; + inner[idx++] = (byte)cidSz; + inner[idx++] = dtls12_cid; + inner[idx++] = ssl->version.major; + inner[idx++] = ssl->version.minor; + WriteSEQ(ssl, epochOrder, inner + idx); + idx += SEQ_SZ; + if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) == + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + WOLFSSL_MSG("DTLS CID write failed"); + return DTLS_CID_ERROR; + } + idx += cidSz; + c16toa((word16)sz, inner + idx); + idx += LENGTH_SZ; + + *innerSz = idx; + return 0; + } +#endif + *innerSz = WOLFSSL_TLS_HMAC_INNER_SZ; + return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content, + !ssl->options.dtls ? verify : epochOrder); +} + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ +#else +#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ +#endif + int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder) { Hmac hmac; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + byte myInner[TLS_HMAC_INNER_SZ]; + word32 innerSz = TLS_HMAC_INNER_SZ; int ret = 0; const byte* macSecret = NULL; word32 hashSz = 0; @@ -1242,10 +1308,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, } #endif - if (!ssl->options.dtls) - wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - else - wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder); + ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify, + epochOrder); + if (ret != 0) + return ret; ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId); if (ret != 0) @@ -1256,10 +1322,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, if (ssl->options.dtls) macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder); else - macSecret = wolfSSL_GetMacSecret(ssl, verify); -#else - macSecret = wolfSSL_GetMacSecret(ssl, verify); #endif + macSecret = wolfSSL_GetMacSecret(ssl, verify); ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), macSecret, ssl->specs.hash_size); @@ -1272,21 +1336,21 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #ifdef HAVE_BLAKE2 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, - sz + hashSz + padSz + 1, myInner); + sz + hashSz + padSz + 1, myInner, innerSz); } else #endif { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, - sz + hashSz + padSz + 1, hashSz, myInner); + sz + hashSz + padSz + 1, hashSz, myInner, innerSz); } #else ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, - myInner); + myInner, innerSz); #endif } else { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + ret = wc_HmacUpdate(&hmac, myInner, innerSz); if (ret == 0) ret = wc_HmacUpdate(&hmac, in, sz); /* content */ if (ret == 0) @@ -12387,6 +12451,26 @@ void TLSX_FreeAll(TLSX* list, void* heap) WOLFSSL_MSG("Encrypt-Then-Mac extension free"); break; #endif + +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + case TLSX_PRE_SHARED_KEY: + WOLFSSL_MSG("Pre-Shared Key extension free"); + PSK_FREE_ALL((PreSharedKey*)extension->data, heap); + break; + + #ifdef WOLFSSL_TLS13 + case TLSX_PSK_KEY_EXCHANGE_MODES: + WOLFSSL_MSG("PSK Key Exchange Modes extension free"); + break; + #endif + #endif + + case TLSX_KEY_SHARE: + WOLFSSL_MSG("Key Share extension free"); + KS_FREE_ALL((KeyShareEntry*)extension->data, heap); + break; +#endif #ifdef WOLFSSL_TLS13 case TLSX_SUPPORTED_VERSIONS: WOLFSSL_MSG("Supported Versions extension free"); @@ -12399,17 +12483,6 @@ void TLSX_FreeAll(TLSX* list, void* heap) break; #endif - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - case TLSX_PRE_SHARED_KEY: - WOLFSSL_MSG("Pre-Shared Key extension free"); - PSK_FREE_ALL((PreSharedKey*)extension->data, heap); - break; - - case TLSX_PSK_KEY_EXCHANGE_MODES: - WOLFSSL_MSG("PSK Key Exchange Modes extension free"); - break; - #endif - #ifdef WOLFSSL_EARLY_DATA case TLSX_EARLY_DATA: WOLFSSL_MSG("Early Data extension free"); @@ -12427,11 +12500,6 @@ void TLSX_FreeAll(TLSX* list, void* heap) WOLFSSL_MSG("Signature Algorithms extension free"); break; #endif - - case TLSX_KEY_SHARE: - WOLFSSL_MSG("Key Share extension free"); - KS_FREE_ALL((KeyShareEntry*)extension->data, heap); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: WOLFSSL_MSG("Certificate Authorities extension free"); @@ -12582,6 +12650,24 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, ret = ETM_GET_SIZE(msgType, &length); break; #endif /* HAVE_ENCRYPT_THEN_MAC */ + +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + case TLSX_PRE_SHARED_KEY: + ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType, + &length); + break; + #ifdef WOLFSSL_TLS13 + case TLSX_PSK_KEY_EXCHANGE_MODES: + ret = PKM_GET_SIZE((byte)extension->val, msgType, &length); + break; + #endif + #endif + case TLSX_KEY_SHARE: + length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); + break; +#endif + #ifdef WOLFSSL_TLS13 case TLSX_SUPPORTED_VERSIONS: ret = SV_GET_SIZE(extension->data, msgType, &length); @@ -12593,17 +12679,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, break; #endif - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - case TLSX_PRE_SHARED_KEY: - ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType, - &length); - break; - - case TLSX_PSK_KEY_EXCHANGE_MODES: - ret = PKM_GET_SIZE((byte)extension->val, msgType, &length); - break; - #endif - #ifdef WOLFSSL_EARLY_DATA case TLSX_EARLY_DATA: ret = EDI_GET_SIZE(msgType, &length); @@ -12622,9 +12697,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, break; #endif - case TLSX_KEY_SHARE: - length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: length += CAN_GET_SIZE(extension->data); @@ -12806,20 +12878,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, ret = ETM_WRITE(extension->data, output, msgType, &offset); break; #endif /* HAVE_ENCRYPT_THEN_MAC */ -#ifdef WOLFSSL_TLS13 - case TLSX_SUPPORTED_VERSIONS: - WOLFSSL_MSG("Supported Versions extension to write"); - ret = SV_WRITE(extension->data, output + offset, msgType, &offset); - break; - - #ifdef WOLFSSL_SEND_HRR_COOKIE - case TLSX_COOKIE: - WOLFSSL_MSG("Cookie extension to write"); - ret = CKE_WRITE((Cookie*)extension->data, output + offset, - msgType, &offset); - break; - #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) case TLSX_PRE_SHARED_KEY: WOLFSSL_MSG("Pre-Shared Key extension to write"); @@ -12827,11 +12887,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, msgType, &offset); break; + #ifdef WOLFSSL_TLS13 case TLSX_PSK_KEY_EXCHANGE_MODES: WOLFSSL_MSG("PSK Key Exchange Modes extension to write"); ret = PKM_WRITE((byte)extension->val, output + offset, msgType, &offset); break; + #endif + #endif + case TLSX_KEY_SHARE: + WOLFSSL_MSG("Key Share extension to write"); + offset += KS_WRITE((KeyShareEntry*)extension->data, + output + offset, msgType); + break; +#endif +#ifdef WOLFSSL_TLS13 + case TLSX_SUPPORTED_VERSIONS: + WOLFSSL_MSG("Supported Versions extension to write"); + ret = SV_WRITE(extension->data, output + offset, msgType, + &offset); + break; + + #ifdef WOLFSSL_SEND_HRR_COOKIE + case TLSX_COOKIE: + WOLFSSL_MSG("Cookie extension to write"); + ret = CKE_WRITE((Cookie*)extension->data, output + offset, + msgType, &offset); + break; #endif #ifdef WOLFSSL_EARLY_DATA @@ -12856,11 +12938,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; #endif - case TLSX_KEY_SHARE: - WOLFSSL_MSG("Key Share extension to write"); - offset += KS_WRITE((KeyShareEntry*)extension->data, - output + offset, msgType); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: WOLFSSL_MSG("Certificate Authorities extension to write"); @@ -14123,9 +14200,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - #ifdef WOLFSSL_DTLS_CID - TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); - #endif } #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) else { @@ -14137,6 +14211,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #endif } #endif + #ifdef WOLFSSL_DTLS_CID + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); + #endif #endif /* WOLFSSL_TLS13 */ break; @@ -14250,7 +14327,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #ifndef NO_WOLFSSL_SERVER case server_hello: PF_VALIDATE_RESPONSE(ssl, semaphore); - #ifdef WOLFSSL_TLS13 + #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); TURN_OFF(semaphore, @@ -14267,21 +14344,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - #ifdef WOLFSSL_DTLS_CID - TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); - #endif /* WOLFSSL_DTLS_CID */ } + else + #endif /* WOLFSSL_TLS13 */ + { #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) - else { #ifdef HAVE_SUPPORTED_CURVES TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - } #endif - #endif + WC_DO_NOTHING; /* avoid empty brackets */ + } + #ifdef WOLFSSL_DTLS_CID + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); + #endif /* WOLFSSL_DTLS_CID */ break; #ifdef WOLFSSL_TLS13 @@ -15187,10 +15266,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #endif /* WOLFSSL_QUIC */ #if defined(WOLFSSL_DTLS_CID) case TLSX_CONNECTION_ID: - /* connection ID not supported in DTLSv1.2 */ - if (!IsAtLeastTLSv1_3(ssl->version)) - break; - if (msgType != client_hello && msgType != server_hello) return EXT_NOT_ALLOWED; diff --git a/tests/api.c b/tests/api.c index de041f8f6..3a28ae3af 100644 --- a/tests/api.c +++ b/tests/api.c @@ -92419,6 +92419,11 @@ static int test_wolfSSL_dtls13_null_cipher(void) ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ)); } + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); @@ -94134,6 +94139,343 @@ static int test_dtls_old_seq_number(void) return EXPECT_RESULT(); } +static int test_dtls12_basic_connection_id(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID) + unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 }; + unsigned char readBuf[40]; + const char* params[] = { +#ifndef NO_SHA256 +#ifdef WOLFSSL_AES_128 + "AES128-SHA256", +#ifdef HAVE_AESCCM + "AES128-CCM8", +#endif + "DHE-RSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", +#ifdef HAVE_AESGCM + "DHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", +#endif +#endif +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + "DHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-CHACHA20-POLY1305-OLD", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305-OLD", +#endif +#ifndef NO_PSK + "DHE-PSK-AES128-CBC-SHA256", + "DHE-PSK-AES256-GCM-SHA384", +#ifndef HAVE_NULL_CIPHER + "DHE-PSK-NULL-SHA256", +#endif + "DHE-PSK-AES128-CCM", +#endif + }; + size_t i; + struct { + byte drop:1; + byte changeCID:1; + } run_params[] = { + { .drop = 0, .changeCID = 0 }, + { .drop = 1, .changeCID = 0 }, + { .drop = 0, .changeCID = 1 }, + }; + + /* We check if the side included the CID in their output */ +#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \ + client_cid, sizeof(client_cid)) +#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \ + server_cid, sizeof(server_cid)) + + printf("\n"); + for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) { + size_t j; + for (j = 0; j < XELEM_CNT(run_params); j++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + printf("Testing %s run #%ld ... ", params[i], j); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1); + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1); + + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, + sizeof(server_cid)), 1); + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, + sizeof(client_cid)), 1); + +#ifndef NO_PSK + if (XSTRSTR(params[i], "-PSK-") != NULL) { + wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb); + wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb); + } +#endif + + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1); + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1); + + /* CH1 */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNull(CLIENT_CID()); + } + /* HVR */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(SERVER_CID()); + /* No point dropping HVR */ + /* CH2 */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNull(CLIENT_CID()); + } + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(SERVER_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNull(SERVER_CID()); + } + /* Client second flight */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + /* Server second flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Client complete connection */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + ExpectNull(CLIENT_CID()); + + /* Write some data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + ExpectNotNull(SERVER_CID()); + /* Read the data */ + wolfSSL_SetLoggingPrefix("client"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + /* Write short data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1); + ExpectNotNull(SERVER_CID()); + /* Read the short data */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + + /* do two SCR's */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* SCR's after the first one have extra internal logic */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + if (run_params[j].changeCID) { + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid, + sizeof(client_cid)), 0); + /* Forcefully change the CID */ + ssl_c->dtlsCidInfo->rx->id[0] = -1; + /* We need to init the rehandshake from the client, otherwise + * we won't be able to test changing the CID. It would be + * rejected by the record CID matching code. */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1); + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + /* We expect the server to reject the CID change. */ + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR); + goto loop_exit; + } + /* Server init'd SCR */ + /* Server request */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(SERVER_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Init SCR on client side with the server's request */ + /* CH no HVR on SCR */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(SERVER_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Client second flight */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + /* Server second flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), APP_DATA_READY); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + if (!run_params[j].drop) { + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + } + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + if (run_params[j].drop) { + test_ctx.c_len = test_ctx.s_len = 0; + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Test loading old epoch */ + /* Client complete connection */ + wolfSSL_SetLoggingPrefix("client"); + if (!run_params[j].drop) { + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + } + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + ExpectNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0); + + /* Close connection */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(SERVER_CID()); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + +loop_exit: + wolfSSL_SetLoggingPrefix(NULL); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + } + + } + +#undef CLIENT_CID +#undef SERVER_CID +#endif + return EXPECT_RESULT(); +} + static int test_dtls13_basic_connection_id(void) { EXPECT_DECLS; @@ -94218,10 +94560,10 @@ static int test_dtls13_basic_connection_id(void) ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); /* Write some data */ - ExpectIntEQ(wolfSSL_write(ssl_c, params[i], XSTRLEN(params[i])), + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])), XSTRLEN(params[i])); ExpectNotNull(CLIENT_CID()); - ExpectIntEQ(wolfSSL_write(ssl_s, params[i], XSTRLEN(params[i])), + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])), XSTRLEN(params[i])); ExpectNotNull(SERVER_CID()); /* Read the data */ @@ -96673,6 +97015,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_dtls13_frag_ch_pq), TEST_DECL(test_dtls_empty_keyshare_with_cookie), TEST_DECL(test_dtls_old_seq_number), + TEST_DECL(test_dtls12_basic_connection_id), TEST_DECL(test_dtls13_basic_connection_id), TEST_DECL(test_tls13_pq_groups), TEST_DECL(test_tls13_early_data), diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7ce043635..e5e486366 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1430,7 +1430,7 @@ enum { #ifdef WOLFSSL_DTLS_CID #ifndef DTLS_CID_MAX_SIZE -/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt +/* DTLS parsing code copies the record header in a static buffer to decrypt * the record. Increasing the CID max size does increase also this buffer, * impacting on per-session runtime memory footprint. */ #define DTLS_CID_MAX_SIZE 10 @@ -1444,6 +1444,30 @@ enum { #error "Max size for DTLS CID is 255 bytes" #endif +/* Record Payload Protection Section 5 + * https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */ +#define WOLFSSL_TLS_HMAC_CID_INNER_SZ \ + (8 + /* seq_num_placeholder */ \ + 1 + /* tls12_cid */ \ + 1 + /* cid_length */ \ + 1 + /* tls12_cid */ \ + 2 + /* DTLSCiphertext.version */ \ + 2 + /* epoch */ \ + 6 + /* sequence_number */ \ + DTLS_CID_MAX_SIZE + /* cid */ \ + 2) /* length_of_DTLSInnerPlaintext */ + +#define WOLFSSL_TLS_AEAD_CID_AAD_SZ \ + (8 + /* seq_num_placeholder */ \ + 1 + /* tls12_cid */ \ + 1 + /* cid_length */ \ + 1 + /* tls12_cid */ \ + 2 + /* DTLSCiphertext.version */ \ + 2 + /* epoch */ \ + 6 + /* sequence_number */ \ + DTLS_CID_MAX_SIZE + /* cid */ \ + 2) /* length_of_DTLSInnerPlaintext */ + #ifndef MAX_TICKET_AGE_DIFF /* maximum ticket age difference in seconds, 10 seconds */ #define MAX_TICKET_AGE_DIFF 10 @@ -1650,6 +1674,7 @@ enum Misc { DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS12_CID_OFFSET = 11, DTLS_UNIFIED_HEADER_MIN_SZ = 2, /* flags + seq_number(2) + length(2) + CID */ DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE, @@ -1750,6 +1775,7 @@ enum Misc { CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ + CHACHA20_OFFSET = 4, /* Offset for seq # in poly1305 */ /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ @@ -1859,6 +1885,14 @@ enum Misc { READ_PROTO = 0 /* reading a protocol message */ }; + +/* Size of the data to authenticate */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ +#else +#define AEAD_AUTH_DATA_SZ 13 +#endif + #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) #ifdef WOLFSSL_HAVE_KYBER @@ -2239,7 +2273,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz); /* needed by sniffer */ + word16 sz, byte type); /* needed by sniffer */ WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz); /* needed by sniffer */ @@ -2960,9 +2994,6 @@ typedef enum { TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET, TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET, #ifdef WOLFSSL_TLS13 - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, - #endif #ifdef WOLFSSL_EARLY_DATA TLSX_EARLY_DATA = TLSXT_EARLY_DATA, #endif @@ -2982,7 +3013,6 @@ typedef enum { #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, #endif - TLSX_KEY_SHARE = TLSXT_KEY_SHARE, #if defined(WOLFSSL_DTLS_CID) TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, #endif /* defined(WOLFSSL_DTLS_CID) */ @@ -2993,6 +3023,12 @@ typedef enum { TLSX_ECH = TLSXT_ECH, #endif #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, + #endif + TLSX_KEY_SHARE = TLSXT_KEY_SHARE, +#endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) TLSX_CKS = TLSXT_CKS, #endif @@ -5480,6 +5516,7 @@ typedef struct BuildMsgArgs { word32 headerSz; word16 size; word32 ivSz; /* TLSv1.1 IV */ + byte type; byte* iv; ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; } BuildMsgArgs; @@ -5626,7 +5663,21 @@ typedef struct Dtls13Rtx { #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_DTLS_CID -typedef struct CIDInfo CIDInfo; +typedef struct ConnectionID { + byte length; +/* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ +#ifdef _MSC_VER +#pragma warning(disable: 4200) +#endif + byte id[]; +} ConnectionID; + +typedef struct CIDInfo { + ConnectionID* tx; + ConnectionID* rx; + byte negotiated : 1; +} CIDInfo; #endif /* WOLFSSL_DTLS_CID */ /* The idea is to reuse the context suites object whenever possible to save @@ -6236,6 +6287,7 @@ enum ContentType { alert = 21, handshake = 22, application_data = 23, + dtls12_cid = 25, #ifdef WOLFSSL_DTLS13 ack = 26, #endif /* WOLFSSL_DTLS13 */ @@ -6525,6 +6577,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret); #endif WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); +WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); #ifndef NO_WOLFSSL_CLIENT WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl); @@ -6960,7 +7013,7 @@ WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret, /* Optional Pre-Master-Secret logging for Wireshark */ #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT - #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" + #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "/tmp/secrets" #endif #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 90f711589..16e052af7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3389,7 +3389,7 @@ enum { WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_STREAM_TYPE = 3, WOLFSSL_AEAD_TYPE = 4, - WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ + WOLFSSL_TLS_HMAC_INNER_SZ = 13, /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ }; /* for GetBulkCipher and internal use @@ -5471,6 +5471,7 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size); WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); +WOLFSSL_API int wolfSSL_dtls_cid_max_size(void); #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_DTLS_CH_FRAG diff --git a/wolfssl/test.h b/wolfssl/test.h index 60327d53a..30f587722 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1851,7 +1851,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ XSTRNCPY(identity, kIdentityStr, id_max_len); - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 && + wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using * unsigned binary */ key[0] = 0x1a; @@ -1895,7 +1896,8 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit if (XSTRCMP(identity, kIdentityStr) != 0) return 0; - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 && + wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using * unsigned binary */ key[0] = 0x1a; From cf96ab22ba428acd92bbea5dd3e6acf7d053a680 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 20 Sep 2024 11:54:09 +0200 Subject: [PATCH 006/325] Address code review --- src/dtls.c | 106 +++++++++++++++++++++++++++------------------ src/dtls13.c | 29 ++----------- src/internal.c | 71 +++++++++++++----------------- src/tls.c | 13 +++--- wolfssl/internal.h | 4 +- 5 files changed, 108 insertions(+), 115 deletions(-) diff --git a/src/dtls.c b/src/dtls.c index c30066be2..5b2356a92 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -1063,7 +1063,7 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx) ConnectionID* id; CIDInfo* info; - if (ssl == NULL) + if (ssl == NULL || size == NULL) return BAD_FUNC_ARG; info = DtlsCidGetInfo(ssl); @@ -1071,14 +1071,12 @@ static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx) return WOLFSSL_FAILURE; id = rx ? info->rx : info->tx; - if (id == NULL || id->length == 0) { - if (size != NULL) - *size = 0; - return WOLFSSL_FAILURE; + if (id == NULL) { + *size = 0; + return WOLFSSL_SUCCESS; } - if (size != NULL) - *size = id->length; + *size = id->length; return WOLFSSL_SUCCESS; } @@ -1234,24 +1232,6 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, } } - info = DtlsCidGetInfo(ssl); - if (info == NULL) - return BAD_STATE_E; - - /* it may happen if we process two ClientHello because the server sent an - * HRR/HVR request */ - if (info->tx != NULL) { - if (ssl->options.side != WOLFSSL_SERVER_END && - ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE && - !IsSCR(ssl)) - return BAD_STATE_E; - - if (!info->negotiated) { - XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX); - info->tx = NULL; - } - } - if (length < OPAQUE8_LEN) return BUFFER_ERROR; @@ -1259,21 +1239,35 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (cidSz + OPAQUE8_LEN > length) return BUFFER_ERROR; - if (cidSz > 0) { - if (!info->negotiated) { - ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz, - ssl->heap, DYNAMIC_TYPE_TLSX); - if (id == NULL) - return MEMORY_ERROR; - XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz); - id->length = cidSz; - info->tx = id; - } - else { - /* For now we don't support changing the CID on a rehandshake */ - if (XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0) - return DTLS_CID_ERROR; - } + info = DtlsCidGetInfo(ssl); + if (info == NULL) + return BAD_STATE_E; + + /* it may happen if we process two ClientHello because the server sent an + * HRR/HVR request */ + if (info->tx != NULL || info->negotiated) { + if (ssl->options.side != WOLFSSL_SERVER_END && + ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE && + !IsSCR(ssl)) + return BAD_STATE_E; + + /* Should not be null if negotiated */ + if (info->tx == NULL) + return BAD_STATE_E; + + /* For now we don't support changing the CID on a rehandshake */ + if (cidSz != info->tx->length || + XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0) + return DTLS_CID_ERROR; + } + else if (cidSz > 0) { + ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz, + ssl->heap, DYNAMIC_TYPE_TLSX); + if (id == NULL) + return MEMORY_ERROR; + XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz); + id->length = cidSz; + info->tx = id; } info->negotiated = 1; @@ -1382,8 +1376,38 @@ int wolfSSL_dtls_cid_max_size(void) { return DTLS_CID_MAX_SIZE; } - #endif /* WOLFSSL_DTLS_CID */ + +byte DtlsGetCidTxSize(WOLFSSL* ssl) +{ +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz; + int ret; + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz); + if (ret != WOLFSSL_SUCCESS) + return 0; + return (byte)cidSz; +#else + (void)ssl; + return 0; +#endif +} + +byte DtlsGetCidRxSize(WOLFSSL* ssl) +{ +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz; + int ret; + ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz); + if (ret != WOLFSSL_SUCCESS) + return 0; + return (byte)cidSz; +#else + (void)ssl; + return 0; +#endif +} + #endif /* WOLFSSL_DTLS */ #endif /* WOLFCRYPT_ONLY */ diff --git a/src/dtls13.c b/src/dtls13.c index 31b3e5374..aa630d3d5 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -1054,25 +1054,6 @@ static WC_INLINE word8 Dtls13GetEpochBits(w64wrapper epoch) } #ifdef WOLFSSL_DTLS_CID -static byte Dtls13GetCidTxSize(WOLFSSL* ssl) -{ - unsigned int cidSz; - int ret; - ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz); - if (ret != WOLFSSL_SUCCESS) - return 0; - return (byte)cidSz; -} - -static byte Dtls13GetCidRxSize(WOLFSSL* ssl) -{ - unsigned int cidSz; - int ret; - ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz); - if (ret != WOLFSSL_SUCCESS) - return 0; - return (byte)cidSz; -} static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx) { @@ -1082,7 +1063,7 @@ static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx) if (!wolfSSL_dtls_cid_is_enabled(ssl)) return 0; - cidSz = Dtls13GetCidTxSize(ssl); + cidSz = DtlsGetCidTxSize(ssl); /* no cid */ if (cidSz == 0) @@ -1138,8 +1119,6 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags, #else #define Dtls13AddCID(a, b, c, d) 0 -#define Dtls13GetCidRxSize(a) 0 -#define Dtls13GetCidTxSize(a) 0 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0 #endif /* WOLFSSL_DTLS_CID */ @@ -1245,7 +1224,7 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength) seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN; - cidSz = Dtls13GetCidTxSize(ssl); + cidSz = DtlsGetCidTxSize(ssl); /* header flags + seq number + CID size*/ hdrLength = OPAQUE8_LEN + seqLength + cidSz; @@ -1276,7 +1255,7 @@ word16 Dtls13GetRlHeaderLength(WOLFSSL* ssl, byte isEncrypted) if (!isEncrypted) return DTLS_RECORD_HEADER_SZ; - return DTLS13_UNIFIED_HEADER_SIZE + Dtls13GetCidTxSize(ssl); + return DTLS13_UNIFIED_HEADER_SIZE + DtlsGetCidTxSize(ssl); } /** @@ -1403,7 +1382,7 @@ int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, word16* size) return BAD_FUNC_ARG; /* flags (1) + CID + seq 8bit (1) */ - *size = OPAQUE8_LEN + Dtls13GetCidRxSize(ssl) + OPAQUE8_LEN; + *size = OPAQUE8_LEN + DtlsGetCidRxSize(ssl) + OPAQUE8_LEN; if (input & DTLS13_SEQ_LEN_BIT) *size += OPAQUE8_LEN; if (input & DTLS13_LEN_BIT) diff --git a/src/internal.c b/src/internal.c index d09987657..51729eaf3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10135,9 +10135,8 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) #endif /* WOLFSSL_DTLS13 */ } else { #ifdef WOLFSSL_DTLS_CID - unsigned int cidSz = 0; - if (IsEncryptionOn(ssl, 1) && - wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) { + byte cidSz = DtlsGetCidTxSize(ssl); + if (IsEncryptionOn(ssl, 1) && cidSz > 0) { adj += cidSz; sz -= cidSz + 1; /* +1 to not hash the real content type */ } @@ -10225,9 +10224,8 @@ static void AddRecordHeader(byte* output, word32 length, byte type, /* dtls record layer header extensions */ DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output; #ifdef WOLFSSL_DTLS_CID - unsigned int cidSz = 0; - if (type == dtls12_cid && - wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) { + byte cidSz = 0; + if (type == dtls12_cid && (cidSz = DtlsGetCidTxSize(ssl)) > 0) { wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz); c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz); } @@ -11343,8 +11341,8 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, RecordLayerHeader* rh, word16* size) { -#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - unsigned int cidSz = 0; +#ifdef WOLFSSL_DTLS_CID + byte cidSz = 0; #endif #ifdef HAVE_FUZZER @@ -11399,10 +11397,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, *inOutIdx += ENUM_LEN + VERSION_SZ; ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch); -#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - if (rh->type == dtls12_cid && - (wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz) != WOLFSSL_SUCCESS || - cidSz == 0)) +#ifdef WOLFSSL_DTLS_CID + if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0) return DTLS_CID_ERROR; #endif @@ -11437,10 +11433,11 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo); #endif /* WOLFSSL_DTLS13 */ -#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#ifdef WOLFSSL_DTLS_CID if (rh->type == dtls12_cid) { byte cid[DTLS_CID_MAX_SIZE]; - if (ssl->buffers.inputBuffer.length - *inOutIdx < cidSz + LENGTH_SZ) + if (ssl->buffers.inputBuffer.length - *inOutIdx < + (word32)cidSz + LENGTH_SZ) return LENGTH_ERROR; if (cidSz > DTLS_CID_MAX_SIZE || wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS) @@ -18927,9 +18924,9 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in, #endif #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) -#define TLS_AEAD_CID_SZ(s, dec, c) \ - ((dec) ? wolfSSL_dtls_cid_get_rx_size((s), (c)) \ - : wolfSSL_dtls_cid_get_tx_size((s), (c))) +#define TLS_AEAD_CID_SZ(s, dec) \ + ((dec) ? DtlsGetCidRxSize((s)) \ + : DtlsGetCidTxSize((s))) #define TLS_AEAD_CID(s, dec, b, c) \ ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ : wolfSSL_dtls_cid_get_tx((s), (b), (c))) @@ -18941,17 +18938,16 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in, * @param type Record content type * @param additional AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length. * @param dec Are we decrypting - * @return > 0 length of auth data - * <=0 error + * @return >= 0 length of auth data + * < 0 error */ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, byte dec, byte** seq, int verifyOrder) { word32 idx = 0; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - unsigned int cidSz = 0; - if (ssl->options.dtls && - TLS_AEAD_CID_SZ(ssl, dec, &cidSz) == WOLFSSL_SUCCESS) { + byte cidSz = 0; + if (ssl->options.dtls && (cidSz = TLS_AEAD_CID_SZ(ssl, dec)) > 0) { if (cidSz > DTLS_CID_MAX_SIZE) { WOLFSSL_MSG("DTLS CID too large"); return DTLS_CID_ERROR; @@ -18960,7 +18956,7 @@ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, XMEMSET(additional + idx, 0xFF, SEQ_SZ); idx += SEQ_SZ; additional[idx++] = dtls12_cid; - additional[idx++] = (byte)cidSz; + additional[idx++] = cidSz; additional[idx++] = dtls12_cid; additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major; additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor; @@ -18968,7 +18964,7 @@ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, if (seq != NULL) *seq = additional + idx; idx += SEQ_SZ; - if (TLS_AEAD_CID(ssl, dec, additional + idx, cidSz) + if (TLS_AEAD_CID(ssl, dec, additional + idx, (unsigned int)cidSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("DTLS CID write failed"); return DTLS_CID_ERROR; @@ -21785,8 +21781,6 @@ default: } #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) { - /* For TLS v1.1 the block size and explicit IV are added to idx, - * so it needs to be included in this limit check */ if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ) #ifdef WOLFSSL_ASYNC_CRYPT && ssl->buffers.inputBuffer.length != @@ -21804,8 +21798,6 @@ default: else #endif /* TLS13 plaintext limit is checked earlier before decryption */ - /* For TLS v1.1 the block size and explicit IV are added to idx, - * so it needs to be included in this limit check */ if (!IsAtLeastTLSv1_3(ssl->version) && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ #ifdef WOLFSSL_ASYNC_CRYPT @@ -22816,9 +22808,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->headerSz += DTLS_RECORD_EXTRA; #ifdef WOLFSSL_DTLS_CID if (ssl->options.dtls) { - unsigned int cidSz = 0; - if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) - == WOLFSSL_SUCCESS) { + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) { args->sz += cidSz; args->idx += cidSz; args->headerSz += cidSz; @@ -22909,8 +22900,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */ #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - if (ssl->options.dtls && - wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) + if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) args->type = dtls12_cid; #endif AddRecordHeader(output, args->size, args->type, ssl, epochOrder); @@ -22924,8 +22914,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, XMEMCPY(output + args->idx, input, inSz); args->idx += (word32)inSz; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - if (ssl->options.dtls && - wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) { + if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) { output[args->idx++] = (byte)type; /* type goes after input */ inSz++; } @@ -23238,8 +23227,8 @@ int SendFinished(WOLFSSL* ssl) outputSz = sizeof(input) + MAX_MSG_EXTRA; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls) { - unsigned int cidSz = 0; - if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) outputSz += cidSz + 1; /* +1 for inner content type */ } #endif @@ -23549,8 +23538,8 @@ int cipherExtraData(WOLFSSL* ssl) /* Add space needed for the CID */ #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls) { - unsigned int cidSz = 0; - if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) cipherExtra += cidSz + 1; /* +1 for inner content type */ } #endif @@ -24757,8 +24746,8 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls) { - unsigned int cidSz = 0; - if (wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz) == WOLFSSL_SUCCESS) + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) outputSz += cidSz + 1; /* +1 for inner content type */ } #endif diff --git a/src/tls.c b/src/tls.c index 3c1e0e7fe..71f1c3e81 100644 --- a/src/tls.c +++ b/src/tls.c @@ -762,8 +762,7 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, if (content == dtls12_cid #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) - || (ssl->options.dtls && - wolfSSL_dtls_cid_get_tx_size(ssl, NULL) == WOLFSSL_SUCCESS) + || (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) #endif ) { WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID"); @@ -915,6 +914,7 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) if (ret == 0) ret = wc_HashFinal(&hash, hashType, mac); } + wc_HashFree(&hash, hashType); return ret; } @@ -1221,9 +1221,9 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, #endif #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) -#define TLS_HMAC_CID_SZ(s, v, c) \ - ((v) ? wolfSSL_dtls_cid_get_rx_size((s), (c)) \ - : wolfSSL_dtls_cid_get_tx_size((s), (c))) +#define TLS_HMAC_CID_SZ(s, v) \ + ((v) ? DtlsGetCidRxSize((s)) \ + : DtlsGetCidTxSize((s))) #define TLS_HMAC_CID(s, v, b, c) \ ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ : wolfSSL_dtls_cid_get_tx((s), (b), (c))) @@ -1234,8 +1234,7 @@ static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz, { #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) unsigned int cidSz = 0; - if (ssl->options.dtls && - TLS_HMAC_CID_SZ(ssl, verify, &cidSz) == WOLFSSL_SUCCESS) { + if (ssl->options.dtls && (cidSz = TLS_HMAC_CID_SZ(ssl, verify)) > 0) { word32 idx = 0; if (cidSz > DTLS_CID_MAX_SIZE) { WOLFSSL_MSG("DTLS CID too large"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e5e486366..d3a03e1d4 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3694,6 +3694,8 @@ WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl); WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, word16 inputSize); #endif /* WOLFSSL_DTLS_CID */ +WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl); +WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl); #ifdef OPENSSL_EXTRA enum SetCBIO { @@ -7013,7 +7015,7 @@ WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret, /* Optional Pre-Master-Secret logging for Wireshark */ #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT - #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "/tmp/secrets" + #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" #endif #endif From 7a23cff27f58e69465f91780e76585b5af0ffbde Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 6 Sep 2024 10:23:35 -0700 Subject: [PATCH 007/325] add PKCS7 set custom SKID --- wolfcrypt/src/pkcs7.c | 46 ++++++++++++++++++++++++++++++++++++++- wolfssl/wolfcrypt/pkcs7.h | 9 ++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 602e0c29a..08bd9c8e3 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1380,6 +1380,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7) pkcs7->isDynamic = 0; XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } + + if (pkcs7->customSKID) { + XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->customSKID = NULL; + pkcs7->customSKIDSz = 0; + } } @@ -2816,6 +2822,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, keyIdSize = KEYID_SIZE; #endif + /* use custom SKID if set */ + if (pkcs7->customSKIDSz > 0) { + if (pkcs7->customSKID == NULL) { + WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL"); + return BAD_FUNC_ARG; + } + keyIdSize = pkcs7->customSKIDSz; + } + #ifdef WOLFSSL_SMALL_STACK signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (signedDataOid == NULL) { @@ -3264,8 +3279,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKID, esd->issuerSKIDSz); idx += (int)esd->issuerSKIDSz; - wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, + + if (pkcs7->customSKID) { + wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, + pkcs7->customSKID, (word32)keyIdSize); + } + else { + wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, pkcs7->issuerSubjKeyId, (word32)keyIdSize); + } idx += keyIdSize; } else if (pkcs7->sidType == DEGENERATE_SID) { /* no signer infos in degenerate case */ @@ -3418,6 +3440,28 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, return ret; } + +/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation + * Returns 0 on success, negative upon error. */ +int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz) +{ + int ret = 0; + + if (pkcs7 == NULL || (in == NULL && inSz > 0)) { + return BAD_FUNC_ARG; + } + + pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + if (pkcs7->customSKID == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(pkcs7->customSKID, in, inSz); + } + return ret; +} + + /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type. * By default wolfCrypt includes the data to be signed in the SignedData * bundle. This data can be omitted in the case when a detached signature is diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 85b1a1fae..f6254d3ca 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -359,6 +359,14 @@ struct PKCS7 { word16 contentCRLF:1; /* have content line endings been converted to CRLF */ word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ word16 hashParamsAbsent:1; + + /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as + * a SHA1 hash of the public key, but leaves it open to other methods as + * long as it is a unique ID. This allows for setting a custom SKID when + * creating PKCS7 bundles*/ + byte* customSKID; + word16 customSKIDSz; + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; @@ -387,6 +395,7 @@ WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz); /* CMS/PKCS#7 SignedData */ +WOLFSSL_API int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz); WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag); WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7); WOLFSSL_API int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag); From ca3b1a14126f1ab7dc9154682002332f8a60ab47 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 6 Sep 2024 15:30:13 -0700 Subject: [PATCH 008/325] add test case --- tests/api.c | 30 ++++++++++++++++++++++++++++++ wolfcrypt/src/pkcs7.c | 14 ++++++++------ 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/tests/api.c b/tests/api.c index de041f8f6..67cff5695 100644 --- a/tests/api.c +++ b/tests/api.c @@ -51094,6 +51094,36 @@ static int test_wc_PKCS7_signed_enveloped(void) pkcs7 = NULL; #endif /* !NO_PKCS7_STREAM */ #endif + + { + /* arbitrary custom SKID */ + byte customSKID[] = { + 0x40, 0x25, 0x77, 0x56 + }; + + wc_InitRng(&rng); + sigSz = FOURK_BUF * 2; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7 != NULL) { + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + pkcs7->content = cert; + pkcs7->contentSz = (word32)certSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); + ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID, + sizeof(customSKID)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, + (word32)sigSz)), 0); + } + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + wc_FreeRng(&rng); + } #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ return EXPECT_RESULT(); } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 08bd9c8e3..69b9ef8a4 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1376,16 +1376,16 @@ void wc_PKCS7_Free(PKCS7* pkcs7) pkcs7->cachedEncryptedContentSz = 0; } - if (pkcs7->isDynamic) { - pkcs7->isDynamic = 0; - XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } - if (pkcs7->customSKID) { XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->customSKID = NULL; pkcs7->customSKIDSz = 0; } + + if (pkcs7->isDynamic) { + pkcs7->isDynamic = 0; + XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } } @@ -3457,6 +3457,7 @@ int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz) } else { XMEMCPY(pkcs7->customSKID, in, inSz); + pkcs7->customSKIDSz = inSz; } return ret; } @@ -9633,8 +9634,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } #ifndef ASN_BER_TO_DER - if (output == NULL || outputSz == 0) + if (output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #else /* if both output and callback are not set then error out */ if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) { From 5adad7d869fa48ee159a6555ce45728eb06d0edc Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 9 Sep 2024 09:54:52 -0600 Subject: [PATCH 009/325] fix for sanity check of null input --- wolfcrypt/src/pkcs7.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 69b9ef8a4..349d3daaf 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3451,14 +3451,25 @@ int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz) return BAD_FUNC_ARG; } - pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (pkcs7->customSKID == NULL) { - ret = MEMORY_E; + if (in == NULL) { + if (pkcs7->customSKID != NULL) { + XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } + pkcs7->customSKIDSz = 0; + pkcs7->customSKID = NULL; } else { - XMEMCPY(pkcs7->customSKID, in, inSz); - pkcs7->customSKIDSz = inSz; + pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (pkcs7->customSKID == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(pkcs7->customSKID, in, inSz); + pkcs7->customSKIDSz = inSz; + } } + return ret; } From 8017c816bbe8455a423cbafa5ad06b91b05fd986 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 18 Sep 2024 15:17:53 -0600 Subject: [PATCH 010/325] check on RNG init return with test, and make input const --- tests/api.c | 4 ++-- wolfcrypt/src/pkcs7.c | 2 +- wolfssl/wolfcrypt/pkcs7.h | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index 67cff5695..0e8ae3a81 100644 --- a/tests/api.c +++ b/tests/api.c @@ -51097,11 +51097,11 @@ static int test_wc_PKCS7_signed_enveloped(void) { /* arbitrary custom SKID */ - byte customSKID[] = { + const byte customSKID[] = { 0x40, 0x25, 0x77, 0x56 }; - wc_InitRng(&rng); + ExpectIntEQ(wc_InitRng(&rng), 0); sigSz = FOURK_BUF * 2; ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); if (pkcs7 != NULL) { diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 349d3daaf..b77e9de17 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3443,7 +3443,7 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, /* Sets a custom SKID in PKCS7 struct, used before calling an encode operation * Returns 0 on success, negative upon error. */ -int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz) +int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, word16 inSz) { int ret = 0; diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index f6254d3ca..0a4631997 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -395,7 +395,8 @@ WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz); /* CMS/PKCS#7 SignedData */ -WOLFSSL_API int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz); +WOLFSSL_API int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, + word16 inSz); WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag); WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7); WOLFSSL_API int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag); From 2e8cf39feb7a30c500463ba9ff885eabcbed9c8d Mon Sep 17 00:00:00 2001 From: msi-debian Date: Mon, 8 Jul 2024 08:51:24 -0600 Subject: [PATCH 011/325] Initial PR for MAX32665 and MAX32666 TPU HW Support --- wolfcrypt/benchmark/benchmark.c | 8 + wolfcrypt/src/aes.c | 111 ++- wolfcrypt/src/include.am | 3 +- wolfcrypt/src/port/maxim/README.md | 103 ++- wolfcrypt/src/port/maxim/max3266x.c | 906 ++++++++++++++++++++++++ wolfcrypt/src/random.c | 9 + wolfcrypt/src/sha256.c | 7 +- wolfcrypt/src/wc_port.c | 15 + wolfssl/wolfcrypt/include.am | 3 +- wolfssl/wolfcrypt/port/maxim/max3266x.h | 289 ++++++++ wolfssl/wolfcrypt/sha.h | 3 + wolfssl/wolfcrypt/sha256.h | 4 + wolfssl/wolfcrypt/sp_int.h | 18 +- wolfssl/wolfcrypt/wc_port.h | 4 + wolfssl/wolfcrypt/wolfmath.h | 26 + 15 files changed, 1493 insertions(+), 16 deletions(-) create mode 100644 wolfcrypt/src/port/maxim/max3266x.c create mode 100644 wolfssl/wolfcrypt/port/maxim/max3266x.h diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 69a6d0f6e..32e7a1283 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -14254,6 +14254,14 @@ void bench_sphincsKeySign(byte level, byte optim) return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000; } +#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \ + && defined(MAX3266X_RTC) + + double current_time(int reset) + { + return wc_MXC_RTC_Time(); + } + #elif defined(FREESCALE_KSDK_BM) double current_time(int reset) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index aaafbf401..fd8679b39 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -82,6 +82,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #if defined(WOLFSSL_TI_CRYPT) #include #else @@ -2789,6 +2793,9 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz); static WARN_UNUSED_RESULT int wc_AesEncrypt( Aes* aes, const byte* inBlock, byte* outBlock) { + #if defined(MAX3266X_AES) + word32 keySize; + #endif word32 r; if (aes == NULL) { @@ -2892,6 +2899,14 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( } #endif +#if defined(MAX3266X_AES) + if (wc_AesGetKeySize(aes, &keySize) == 0) { + return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + outBlock, (unsigned int)keySize); + } +#endif + AesEncrypt_C(aes, inBlock, outBlock, r); return 0; @@ -3539,6 +3554,9 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) static WARN_UNUSED_RESULT int wc_AesDecrypt( Aes* aes, const byte* inBlock, byte* outBlock) { + #if defined(MAX3266X_AES) + word32 keySize; + #endif word32 r; if (aes == NULL) { @@ -3615,6 +3633,14 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( } /* else !wc_esp32AesSupportedKeyLen for ESP32 */ #endif +#if defined(MAX3266X_AES) + if (wc_AesGetKeySize(aes, &keySize) == 0) { + return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + outBlock, (unsigned int)keySize); + } +#endif + AesDecrypt_C(aes, inBlock, outBlock, r); return 0; @@ -4103,7 +4129,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) XMEMCPY(rk, key, keySz); #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) + (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \ + !defined(MAX3266X_AES) /* Always reverse words when using only SW */ { ByteReverseWords(rk, rk, keySz); @@ -4250,7 +4277,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } /* switch */ ForceZero(&temp, sizeof(temp)); -#if defined(HAVE_AES_DECRYPT) +#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES) if (dir == AES_DECRYPTION) { unsigned int j; @@ -4546,8 +4573,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #ifndef WC_AES_BITSLICED #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - (!defined(WOLFSSL_ESP32_CRYPT) || \ - defined(NO_WOLFSSL_ESP32_CRYPT_AES)) + (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \ + && !defined(MAX3266X_AES) /* software */ ByteReverseWords(aes->key, aes->key, keylen); @@ -5378,6 +5405,82 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif /* HAVE_AES_DECRYPT */ +#elif defined(MAX3266X_AES) + int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 keySize; + int status; + byte *iv; + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (sz == 0) + return 0; + + iv = (byte*)aes->reg; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key, + MXC_TPU_MODE_CBC, sz, out, + (unsigned int)keySize); + + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + + return (status == 0) ? 0 : -1; + } + + #ifdef HAVE_AES_DECRYPT + int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 keySize; + int status; + byte *iv; + byte temp_block[AES_BLOCK_SIZE]; + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (sz == 0) + return 0; + + iv = (byte*)aes->reg; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + /* get IV for next call */ + XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key, + MXC_TPU_MODE_CBC, sz, out, + keySize); + + + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + } + + return (status == 0) ? 0 : -1; + } + #endif /* HAVE_AES_DECRYPT */ + + + #elif defined(WOLFSSL_PIC32MZ_CRYPT) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index e6a93af6d..675415f84 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -139,7 +139,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \ wolfcrypt/src/port/Renesas/README.md \ wolfcrypt/src/port/cypress/psoc6_crypto.c \ - wolfcrypt/src/port/liboqs/liboqs.c + wolfcrypt/src/port/liboqs/liboqs.c \ + wolfcrypt/src/port/maxim/max3266x.c $(ASYNC_FILES): $(AM_V_at)touch $(srcdir)/$@ diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md index 55cb2a04c..fa8cd1cdd 100644 --- a/wolfcrypt/src/port/maxim/README.md +++ b/wolfcrypt/src/port/maxim/README.md @@ -1,14 +1,113 @@ -wolfSSL using Analog Devices MAXQ1065 or MAX1080 +wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666 ================================================ ## Overview wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic -controllers. Product datasheets, user guides and other resources can be found at +controllers. wolfSSL can also be configure to utilize the TPU +(crypto accelerator), MAA (math accelerator), and TRNG available on select +MAX32665 and MAX32666 microcontrollers. + +Product datasheets, user guides and other resources can be found at Analog Devices website: https://www.analog.com +# MAX32665/MAX32666 +## Build and Usage + +wolfSSL supports the [Maxim SDK](https://github.com/analogdevicesinc/msdk), to +utilize the TPU and MAA located on the devices. + +Building is supported by adding `#define WOLFSSL_MAX3266X` to `user_settings.h`. +wolfSSL supports the usage of the older style API Maxim provides with the +`#define WOLFSSL_MAX3266X_OLD` to `user_settings.h`. + +When using `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` you will also need to +add `#define WOLFSSL_SP_MATH_ALL` to `user_settings.h`. + +If you want to be more specific on what hardware acceleration you want to use, +this can be done by adding any combination of these defines: +``` +#define MAX3266X_RNG - Allows usage of TRNG device +#define MAX3266X_AES - Allows usage of TPU for AES Acceleration +#define MAX3266X_SHA - Allows usage of TPU for Hash Acceleration +#define MAX3266X_MATH - Allows usage of MAA for MOD based Math Acceleration +``` +For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`. When you use a specific hardware define like +`#define MAX3266X_RNG` this will mean only the TRNG device is being used, and +all other operations will use the default software implementations. + +The other prerequisite is that a change needs to be made to the Maxim SDK. This +is to use the MAA Math Accelerator, this change only needs to be made if you are +using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves +or you are specifing `#define MAX3266X_MATH`. + +In the SDK you will need to find the underlying function that +`MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the +older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying +function you will need to change this error check: + +``` +// Check that we're performing a valid operation +if (clc >= 0x6) { + return E_INVALID; +} +``` +to +``` +// Check that we're performing a valid operation +if (clc >= 0b1111) { + return E_INVALID; +} +``` + +This bug has been reported to Analog Devices +[here](https://github.com/analogdevicesinc/msdk/issues/1089) +if you want to know more details on the issue. + + +## Supported Algos +Using these defines will replace software implentations with a call to the +hardware. + +`#define MAX3266X_RNG` +- Uses entropy from TRNG to seed HASHDRBG + +`#define MAX3266X_AES`: + +- AES-CBC: 128, 192, 256 +- AES-ECB: 128, 192, 256 + +`#define MAX3266X_SHA`: + +- SHA-256 + +`#define MAX3266X_MATH` (Replaces math operation calls for algos +like RSA and ECC key generation): + +- mod - `a mod m = r` +- addmod - `(a+b)mod m = r` +- submod - `(a-b)mod m = r` +- mulmod - `(a*b)mod m = r` +- sqrmod - `(b^2)mod m = r` +- exptmod - `(b^e)mod m = r` + +## Extra Information +For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with +`#define MAX3266X_VERBOSE` to see if errors are occuring during the hardware +setup/ + +To reproduce benchmark numbers you can use `#define MAX3266X_RTC`. +Do note that this will only work with `#define WOLFSSL_MAX3266X` and not +`#define WOLFSSL_MAX3266X_OLD`. This is only meant for benchmark reproduction +and not for any other application. Please implement your own rtc/time code for +anything else. + +For more infromation about the TPU, MAA, and TRNG please refer to the +[MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf) + +# MAXQ1065/MAX1080 ## Build and Usage Please use the appropriate SDK or Evkit to build wolfSSL. diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c new file mode 100644 index 000000000..ca2a508fb --- /dev/null +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -0,0 +1,906 @@ +/* max3266x.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + +#include +#include + +#include +#include +#include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(USE_FAST_MATH) + #error MXC Not Compatible with Fast Math + #include + #define MXC_WORD_SIZE DIGIT_BIT +#elif defined(WOLFSSL_SP_MATH_ALL) + #include + #define MXC_WORD_SIZE SP_WORD_SIZE +#endif + +#define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE) + +int wc_MXC_TPU_Init(void) +{ + /* Initialize the TPU device */ + if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) { + MAX3266X_MSG("Device did not initialize"); + return RNG_FAILURE_E; + } + return 0; +} + +int wc_MXC_TPU_Shutdown(void) +{ + /* Shutdown the TPU device */ +#if defined(WOLFSSL_MAX3266X_OLD) + MXC_TPU_Shutdown(); /* Is a void return in older SDK */ +#else + if (MXC_TPU_Shutdown(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) { + MAX3266X_MSG("Device did not shutdown"); + return RNG_FAILURE_E; + } +#endif + MAX3266X_MSG("TPU Hardware Shutdown"); + return 0; +} + + +/* Convert Error Codes Correctly */ +/* TODO: Convert to correct wolfCrypt Codes */ +/* TODO: Add wolfssl Message Statements to report HW issue on bad return */ +int wc_MXC_error(int *ret) +{ + switch(*ret){ + case E_SUCCESS: + return 0; + + case E_NULL_PTR: + return E_NULL_PTR; + + case E_INVALID: /* Process Failed */ + return E_INVALID; + + case E_BAD_PARAM: + return BAD_FUNC_ARG; + + case E_BAD_STATE: + return E_BAD_STATE; + + default: + *ret = WC_HW_E; /* If something else return HW Error */ + return *ret; + } +} + + +#if defined(MAX3266X_RNG) + +/* Use this RNG_FAILURE_E for RNG Errors*/ +int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) +{ + if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) { + MAX3266X_MSG("TRNG Device did not initialize"); + return RNG_FAILURE_E; + } + /* void return function */ + MXC_TPU_TRNG_Read(MXC_TRNG, output, sz); + MAX3266X_MSG("TRNG Hardware Used"); + return 0; +} +#endif /* MAX3266x_RNG */ + +#if defined(MAX3266X_AES) +int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, + const unsigned char* enc_key, + MXC_TPU_MODE_TYPE mode, unsigned int data_size, + unsigned char* out, unsigned int keySize) +{ + int status; + status = wolfSSL_CryptHwMutexLock(); + MAX3266X_MSG("AES HW Encryption"); + if (status != 0) { + MAX3266X_MSG("Hardware Mutex Failure"); + return status; + } + switch (keySize) { + case MXC_AES_KEY_128_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 128 Bit"); + break; + case MXC_AES_KEY_192_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 192 Bit"); + break; + case MXC_AES_KEY_256_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 256 Bit"); + break; + default: + MAX3266X_MSG("AES HW ERROR: Length Not Supported"); + wolfSSL_CryptHwMutexUnLock(); + return WC_HW_E; + break; + } + wolfSSL_CryptHwMutexUnLock(); + if (status != 0) { + MAX3266X_MSG("AES HW Acceleration Error Occured"); + return WC_HW_E; + } + return 0; +} + +int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, + const unsigned char* dec_key, + MXC_TPU_MODE_TYPE mode, unsigned int data_size, + unsigned char* out, unsigned int keySize) +{ + int status; + status = wolfSSL_CryptHwMutexLock(); + if (status != 0) { + return status; + } + switch (keySize) { + case MXC_AES_KEY_128_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128); + status = MXC_TPU_Cipher_AES_Decrypt((const char*)in, + (const char*)iv, (const char*)dec_key, + MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 128 Bit"); + break; + case MXC_AES_KEY_192_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192); + status = MXC_TPU_Cipher_AES_Decrypt((const char*)in, + (const char*)iv, (const char*)dec_key, + MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 192 Bit"); + break; + case MXC_AES_KEY_256_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256); + status = MXC_TPU_Cipher_AES_Decrypt((const char*)in, + (const char*)iv, (const char*)dec_key, + MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 256 Bit"); + break; + default: + MAX3266X_MSG("AES HW ERROR: Length Not Supported"); + wolfSSL_CryptHwMutexUnLock(); + return WC_HW_E; + break; + } + wolfSSL_CryptHwMutexUnLock(); + if (status != 0) { + MAX3266X_MSG("AES HW Acceleration Error Occured"); + return WC_HW_E; + } + return 0; +} + +#endif + +#if defined(MAX3266X_SHA) + +int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash) +{ + if (hash == NULL) { + return BAD_FUNC_ARG; /* Appropriate error handling for null argument */ + } + hash->msg = NULL; + hash->used = 0; + hash->size = 0; + return 0; +} + +int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data, + unsigned int size) +{ + void *p; + if (size != (0 || NULL)) { + if ((hash == NULL) || (data == NULL)) { + return BAD_FUNC_ARG; + } + if (hash->size < hash->used+size) { + if (hash->msg == NULL) { + p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + else { + #ifdef WOLFSSL_NO_REALLOC + p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (p != NULL) { + XMEMCPY(p, hash->msg, hash->used); + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + #else + p = XREALLOC(hash->msg, hash->used+size, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + #endif + + } + if (p == NULL) { + return -1; + } + hash->msg = p; + hash->size = hash->used+size; + } + XMEMCPY(hash->msg+hash->used, data, size); + hash->used += size; + if (hash->msg == NULL) { + return BAD_FUNC_ARG; + } + } + return 0; +} + +int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, + MXC_TPU_HASH_TYPE algo) +{ + int status; + status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo); + /* True Case that msg is an empty string */ + if (status == 1) { + return 0; + } + /* False Case where msg needs to be processed */ + else if (status == 0) { + status = wolfSSL_CryptHwMutexLock(); + if (wc_MXC_error(&status) != 0) { + + return status; + } + MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU); + MXC_TPU_Hash_Config(algo); + status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size, + (char *)digest); + MAX3266X_MSG("SHA HW Acceleration Used"); + wolfSSL_CryptHwMutexUnLock(); + if (wc_MXC_error(&status) != 0) { + MAX3266X_MSG("SHA HW Error Occured"); + return status; + } + } + /* Error Occured */ + return status; +} + +int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest, + MXC_TPU_HASH_TYPE algo) +{ + int status; + status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo); + if (status != 0) { + return status; + } + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + status = wc_MXC_TPU_SHA_Init(hash); + if (status != 0) { + return status; + } + return status; +} + +int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst) +{ + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + dst->used = src->used; + dst->size = src->size; + XMEMCPY(dst->hash, src->hash, sizeof(dst->hash)); + return 0; +} + +void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash) +{ + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */ + return; +} + +/* Acts as a True/False if true it will provide the stored digest */ +/* for the edge case of an empty string */ +int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, + MXC_TPU_HASH_TYPE algo) +{ + if (hash->msg == 0 && hash->size == 0 && digest != NULL) { + switch(algo) { + #ifndef NO_SHA256 + case MXC_TPU_HASH_SHA256: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); + break; + #endif + default: + return BAD_FUNC_ARG; + } + return 1; /* True */ + } + return 0; /* False */ +} + +#if !defined(NO_SHA256) + +WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + if (sha256 == NULL) { + return BAD_FUNC_ARG; + } + (void)heap; + (void)devId; + return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha256); +} + +WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) +{ + return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID); +} + +WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data, + unsigned int len) +{ + return wc_MXC_TPU_SHA_Update(sha256, data, len); +} + +WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha256, hash, + MXC_TPU_HASH_SHA256); +} + +WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha256, hash, + MXC_TPU_HASH_SHA256); +} + +WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) +{ + return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); +} + +WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) +{ + wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha256); + return; +} + +#endif + +#endif /* MAX3266X_SHA */ + +#if defined(MAX3266X_MATH) + +/* Sets mutex and initializes hardware according to need operation size */ +int wc_MXC_MAA_init(unsigned int len) +{ + int status; + MAX3266X_MSG("Setting Hardware Mutex and Starting MAA"); + status = wolfSSL_CryptHwMutexLock(); + if (status != 0) { + return status; + } + status = MXC_TPU_MAA_Init(len); + return wc_MXC_error(&status); /* Return Status of Init */ +} + +/* Unlocks mutex and preforms graceful shutdown of hardware */ +int wc_MXC_MAA_Shutdown(void) +{ + int status; + MAX3266X_MSG("Unlocking Hardware Mutex and Shutting Down MAA"); + status = MXC_TPU_MAA_Shutdown(); + if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */ + /* This is returned when MAA cannot stop */ + return WC_HW_E; + } + else if(wc_MXC_error(&status) != 0) { + return status; + } + wolfSSL_CryptHwMutexUnLock(); + return status; +} + +/* Update used number for mp_int struct for results */ +int wc_MXC_MAA_adjustUsed(unsigned int *array, unsigned int length) +{ + int i, lastNonZeroIndex; + lastNonZeroIndex = -1; /* Track the last non-zero index */ + for (i = 0; i < length; i++) { + if (array[i] != 0) { + lastNonZeroIndex = i; + } + } + return (lastNonZeroIndex + 1); +} + +/* Determines the size of operation that needs to happen */ +unsigned int wc_MXC_MAA_Largest(unsigned int count, ...) +{ + va_list args; + int i; + unsigned int largest, num; + va_start(args, count); + largest = va_arg(args, unsigned int); + for (i = 1; i < count; i++) { + num = va_arg(args, unsigned int); + if (num > largest) { + largest = num; + } + } + va_end(args); + return largest; +} + +/* Determines if we need to fallback to Software */ +int wc_MXC_MAA_Fallback(unsigned int count, ...) +{ + va_list args; + int num, i; + va_start(args, count); + for (i = 0; i < count; i++) { + num = va_arg(args, unsigned int); + if (num > MXC_MAA_MAX_SIZE) { + MAX3266X_MSG("HW Falling Back to Software"); + return 1; + } + } + va_end(args); + MAX3266X_MSG("HW Can Handle Input"); + return 0; +} + + + +/* Have to zero pad the entire data array up to 256 bytes(2048 bits) */ +/* If length > 256 bytes then error */ +int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, + mp_int* exp, mp_int* mod, mp_int* result, + MXC_TPU_MAA_TYPE clc, unsigned int length) +{ + mp_digit* zero_tmp; + MAX3266X_MSG("Zero Padding Buffers for Hardware"); + if (length > MXC_MAA_MAX_SIZE) { + MAX3266X_MSG("Hardware cannot exceed 2048 bit input"); + return BAD_FUNC_ARG; + } + if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) || + ((exp == NULL) && (clc == WC_MXC_TPU_MAA_EXP)) || (mod == NULL)) { + return BAD_FUNC_ARG; + } + + /* Create an array to compare values to to check edge for error edge case */ + zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit)); + + /* Check for invalid arguments befor padding */ + switch((char)clc){ + case WC_MXC_TPU_MAA_EXP: + /* Cannot be 0 for a^e mod m operation */ + if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) { + XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + MAX3266X_MSG("Cannot use Value 0 for Exp"); + return BAD_FUNC_ARG; + break; + } + + /* Padd out rest of data if used != length to ensure no */ + /* garbage is used in calculation */ + if ((exp != NULL) && (clc == WC_MXC_TPU_MAA_EXP)) { + if ((exp->dp != NULL) && (exp->used < length)) { + MAX3266X_MSG("Zero Padding Exp Buffer"); + XMEMSET(exp->dp + exp->used, 0x00, + sizeof(int) *(length - exp->used)); + } + } + + /* Fall through to check mod is not 0 */ + case WC_MXC_TPU_MAA_SQ: + case WC_MXC_TPU_MAA_MUL: + case WC_MXC_TPU_MAA_SQMUL: + case WC_MXC_TPU_MAA_ADD: + case WC_MXC_TPU_MAA_SUB: + /* Cannot be 0 for mod m value */ + if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) { + XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + MAX3266X_MSG("Cannot use Value 0 for Exp"); + return BAD_FUNC_ARG; + break; + } + + /* Padd out rest of data if used != length to ensure no */ + /* garbage is used in calculation */ + if ((multiplier->dp != NULL) && (multiplier->used < length)) { + MAX3266X_MSG("Zero Padding Multipler Buffer"); + XMEMSET(multiplier->dp + multiplier->used, 0x00, + sizeof(int) * (length - multiplier->used)); + } + if ((multiplicand->dp != NULL) && (multiplicand->used < length)) { + MAX3266X_MSG("Zero Padding Multiplicand Buffer"); + XMEMSET(multiplicand->dp + multiplicand->used, 0x00, + sizeof(int) * (length - multiplicand->used)); + } + if ((mod->dp != NULL) && (mod->used < length)) { + MAX3266X_MSG("Zero Padding Mod Buffer"); + XMEMSET(mod->dp + mod->used, 0x00, + sizeof(int) *(length - mod->used)); + } + break; + default: + return BAD_FUNC_ARG; /* Invalid clc given */ + } + /* Free the zero array used to check values */ + XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* Make sure result is 0 padded */ + if (result->dp != NULL) { + ForceZero(result->dp, sizeof(int)*(length)); + result->used = length; + } + else if (result == NULL) { + return BAD_FUNC_ARG; /* Cannot be null */ + } + return 0; +} + + + + /* General Control Over MAA Hardware to handle all needed Cases */ +int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, + mp_int* mod, mp_int* result, + MXC_TPU_MAA_TYPE clc) +{ + int ret; + int length; + mp_int* result_tmp_ptr; + mp_int result_tmp; + /* Check if result shares struct pointer */ + if ((multipler == result) || (multiplicand == result) || (exp == result) || + (mod == result)) { + MAX3266X_MSG("Creating Temp Result Buffer for Hardware"); + result_tmp_ptr = &result_tmp; /* Assign point to temp struct */ + } + else { + result_tmp_ptr = result; /* No Shared Point to directly assign */ + } + if (result_tmp_ptr == NULL) { + MAX3266X_MSG("tmp ptr is null"); + return MP_VAL; + } + + if (clc == WC_MXC_TPU_MAA_EXP) { + length = wc_MXC_MAA_Largest(5, multipler->used, multiplicand->used, + exp->used, mod->used, result->used); + } + else { + length = wc_MXC_MAA_Largest(4, multipler->used, multiplicand->used, + mod->used, result->used); + } + + /* Zero Pad everything if needed */ + ret = wc_MXC_MAA_zeroPad(multipler, multiplicand, exp, mod, result_tmp_ptr, + clc, length); + if (ret != 0) { + MAX3266X_MSG("Zero Padding Failed"); + return ret; + } + + /* Init MAA HW */ + ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8); + if (ret != 0) { + MAX3266X_MSG("HW Init Failed"); + wolfSSL_CryptHwMutexUnLock(); + return ret; + } + + /* Start Math And Cast to expect types for SDK */ + MAX3266X_MSG("Starting Computation in MAA"); + ret = MXC_TPU_MAA_Compute(clc, (char *)(multipler->dp), + (char *)(multiplicand->dp), + (char *)(exp->dp), (char *)(mod->dp), + (int *)(result_tmp_ptr->dp), + (length*sizeof(mp_digit))); + MAX3266X_MSG("MAA Finished Computation"); + if (wc_MXC_error(&ret) != 0) { + MAX3266X_MSG("HW Computation Error"); + wolfSSL_CryptHwMutexUnLock(); + return ret; + } + + ret = wc_MXC_MAA_Shutdown(); + if (ret != 0) { + MAX3266X_MSG("HW Shutdown Failure"); + wolfSSL_CryptHwMutexUnLock(); + return ret; + } + + /* Copy tmp result if needed */ + if ((multipler == result) || (multiplicand == result) || (exp == result) || + (mod == result)) { + mp_copy(result_tmp_ptr, result); + ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */ + } + + result->used = wc_MXC_MAA_adjustUsed(result->dp, length); + return ret; +} + + + +int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* result) +{ + mp_int multiplicand; + XMEMSET(&multiplicand, 0, sizeof(mp_int)); + multiplicand.dp[0] = 0x01; + multiplicand.used = mod->used; + MAX3266X_MSG("Preparing exptmod MAA HW Call"); + return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result, + WC_MXC_TPU_MAA_EXP); +} + +int wc_MXC_MAA_sqrmod(mp_int* multipler, mp_int* mod, mp_int* result) +{ + mp_int multiplicand; + XMEMSET(&multiplicand, 0, sizeof(mp_int)); + multiplicand.dp[0] = 0x01; + multiplicand.used = mod->used; + MAX3266X_MSG("Preparing sqrmod MAA HW Call"); + return wc_MXC_MAA_math(multipler, &multiplicand, NULL, mod, result, + WC_MXC_TPU_MAA_SQ); +} + +int wc_MXC_MAA_mulmod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, + mp_int* result) +{ + MAX3266X_MSG("Preparing mulmod MAA HW Call"); + return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + WC_MXC_TPU_MAA_MUL); +} + +int wc_MXC_MAA_sqrmulmod(mp_int* multipler, mp_int* multiplicand, + mp_int* exp, mp_int* mod, mp_int* result) +{ + MAX3266X_MSG("Preparing sqrmulmod MAA HW Call"); + return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + WC_MXC_TPU_MAA_SQMUL); +} + +int wc_MXC_MAA_addmod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, + mp_int* result) +{ + MAX3266X_MSG("Preparing addmod MAA HW Call"); + return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + WC_MXC_TPU_MAA_ADD); +} + +int wc_MXC_MAA_submod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, + mp_int* result) +{ + MAX3266X_MSG("Preparing submod MAA HW Call"); + if ((mod->used < multipler->used) || (mod->used < multiplicand->used)) { + MAX3266X_MSG("HW Limitation: Defaulting back to software"); + return mxc_submod(multipler, multiplicand, mod, result); + } + else { + return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + WC_MXC_TPU_MAA_SUB); + } +} + +/* General Function to call hardware control */ +int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, + mp_int* result) +{ + if ((multiplier->used == 0) || (multiplicand->used == 0)) { + mp_zero(result); + return 0; + } + else { + if (wc_MXC_MAA_Fallback(3, multiplier->used, mod->used, + multiplicand->used) != 0) { + return mxc_mulmod(multiplier, multiplicand, mod, result); + } + else { + return wc_MXC_MAA_mulmod(multiplier, multiplicand, mod, result); + } + } +} + +int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result) +{ + int err = MP_OKAY; + /* Validate parameters. */ + if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) { + err = MP_VAL; + } + if (err == MP_OKAY) { + if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) { + err = mxc_addmod(a, b, mod, result); + } + else { + err = wc_MXC_MAA_addmod(a, b, mod, result); + } + } + return err; +} + + +int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result) +{ + int err = MP_OKAY; + /* Validate parameters. */ + if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) { + err = MP_VAL; + } + if (err == MP_OKAY) { + if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) { + err = mxc_submod(a, b, mod, result); + } + else{ + err = wc_MXC_MAA_submod(a, b, mod, result); + } + } + return err; +} + +int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result) +{ + int err = MP_OKAY; + /* Validate parameters. */ + if ((base == NULL) || (exp == NULL) || (mod == NULL) || (result == NULL)) { + err = MP_VAL; + } + if (err == MP_OKAY) { + if ((mod->used < exp->used) || (mod->used < base->used)) { + err = mxc_exptmod(base, exp, mod, result); + } + else if (wc_MXC_MAA_Fallback(3, base->used, exp->used, mod->used) + != 0) { + return mxc_exptmod(base, exp, mod, result); + } + else{ + err = wc_MXC_MAA_expmod(base, exp, mod, result); + } + } + return err; +} + + +/* No mod function avaliable with hardware, however preform a submod */ +/* (a - 0) mod m will essentially preform the same operation as a mod m */ +int hw_mod(mp_int* a, mp_int* mod, mp_int* result) +{ + mp_int b; + if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0){ + return mxc_mod(a, mod, result); + } + XMEMSET(&b, 0, sizeof(mp_int)); + b.used = mod->used; /* assume mod is determining size */ + return hw_submod(a, &b, mod, result); +} + +int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result) +{ + if (base->used == 0) { + mp_zero(result); + return 0; + } + return wc_MXC_MAA_sqrmod(base, mod, result); +} + +#endif + + +#if defined(MAX3266X_RTC) +/* Initialize the RTC */ +int wc_MXC_RTC_Init(void) +{ + /* RTC Init for benchmark */ + if (MXC_RTC_Init(0, 0) != E_NO_ERROR) { + return WC_HW_E; + } + + /* Disable the Interrupt */ + if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) { + return WC_HW_E; + } + + if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) { + return E_BUSY; + } + + if (MXC_RTC_Start() != E_NO_ERROR){ + return WC_HW_E; + } + + return 0; +} + +/* Reset the RTC */ +int wc_MXC_RTC_Reset(void) +{ + if (MXC_RTC_Stop() != E_NO_ERROR) { + return WC_HW_E; + } + if (wc_MXC_RTC_Init() != E_NO_ERROR) { + return WC_HW_E; + } + return 0; +} + +/* Function to handle RTC read retries */ +void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*), + uint32_t* outValue, int32_t* err) +{ + *err = rtcGetFunction(outValue); /* Initial attempt to get the value */ + while (*err != E_NO_ERROR) { + *err = rtcGetFunction(outValue); /* Retry if the error persists */ + } +} + +/* Function to provide the current time as a double */ +double wc_MXC_RTC_Time(void) +{ + int32_t err; + uint32_t rtc_seconds, rtc_subseconds; + + /* Retrieve sub-seconds from RTC */ + wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds, + &rtc_subseconds, &err); + if (err != E_NO_ERROR){ + return (double)err; + } + /* Retrieve seconds from RTC */ + wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSeconds, + &rtc_seconds, &err); + if (err != E_NO_ERROR) { + return (double)err; + } + return ((double)rtc_seconds + ((double)rtc_subseconds / 4096)); +} + +#endif /* MAX3266X_RTC */ + + +#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ \ No newline at end of file diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index f1022edea..42e385af7 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -136,6 +136,8 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_GETRANDOM) #include #include +#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" #else /* include headers that may be needed to get good seed */ #include @@ -3834,6 +3836,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return maxq10xx_random(output, sz); } +#elif defined(MAX3266X_RNG) + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_MXC_TRNG_Random(output, sz); + } + #elif defined(WOLFSSL_GETRANDOM) /* getrandom() was added to the Linux kernel in version 3.17. diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 136369151..b7ee935f4 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -122,7 +122,9 @@ on the specific device platform. #elif defined(WOLFSSL_PSOC6_CRYPTO) - +#elif defined(MAX3266X_SHA) + /* Already brought in by sha256.h */ + /* #include */ #else #include @@ -2487,7 +2489,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ #elif defined(WOLFSSL_RENESAS_RX64_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ - +#elif defined(MAX3266X_SHA) + /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */ #else int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index a2e1dcdfe..3b87dec5c 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -44,6 +44,10 @@ #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #ifdef WOLFSSL_PSOC6_CRYPTO #include #endif @@ -251,6 +255,14 @@ int wolfCrypt_Init(void) } #endif + #if defined(MAX3266X_RTC) + ret = wc_MXC_RTC_Init(); + if (ret != 0){ + WOLFSSL_MSG("MXC RTC Init Failed"); + return WC_HW_E; + } + #endif + #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ defined(WOLFSSL_ATECC608A) ret = atmel_init(); @@ -3149,6 +3161,9 @@ time_t mqx_time(time_t* timer) #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */ +#if defined(MAX3266X_RTC) + #define XTIME wc_MXC_RTC_Time +#endif #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME) diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 3979c6744..490dadd9a 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -116,7 +116,8 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \ wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \ wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \ - wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h + wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \ + wolfssl/wolfcrypt/port/maxim/max3266x.h if BUILD_CRYPTOAUTHLIB nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h new file mode 100644 index 000000000..9c74ddef5 --- /dev/null +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -0,0 +1,289 @@ +/* max3266x.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_MAX3266X_H_ +#define _WOLFPORT_MAX3266X_H_ + +#include + +#ifndef WOLFSSL_MAX_HASH_SIZE + #define WOLFSSL_MAX_HASH_SIZE 64 +#endif + +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + +/* Default to all HW acceleration on unless specified in user_settings */ +#if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \ + !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \ + !defined(MAX3266X_MATH) + #define MAX3266X_RNG + #define MAX3266X_AES + #define MAX3266X_SHA + #define MAX3266X_ECDSA + #define MAX3266X_MATH +#endif + +#if defined(WOLFSSL_MAX3266X_OLD) + /* Support for older SDK API Maxim provides */ + + /* These are needed for older SDK */ + #define TARGET MAX32665 + #define TARGET_REV 0x4131 + #include "mxc_sys.h" + + + + #if defined(MAX3266X_RNG) + #include "trng.h" /* Provides TRNG Drivers */ + #define MXC_TPU_TRNG_Read TRNG_Read + #endif + #if defined(MAX3266X_AES) + #include "cipher.h" /* Provides Drivers for AES */ + /* AES Defines */ + #define MXC_TPU_CIPHER_TYPE tpu_ciphersel_t + #define MXC_TPU_CIPHER_AES128 TPU_CIPHER_AES128 + #define MXC_TPU_CIPHER_AES192 TPU_CIPHER_AES192 + #define MXC_TPU_CIPHER_AES256 TPU_CIPHER_AES256 + + #define MXC_TPU_MODE_TYPE tpu_modesel_t + #define MXC_TPU_MODE_ECB TPU_MODE_ECB + #define MXC_TPU_MODE_CBC TPU_MODE_CBC + #define MXC_TPU_MODE_CFB TPU_MODE_CFB + #define MXC_TPU_MODE_CTR TPU_MODE_CTR + + /* AES Functions */ + #define MXC_TPU_Cipher_Config TPU_Cipher_Config + #define MXC_TPU_Cipher_AES_Encrypt TPU_AES_Encrypt + #define MXC_TPU_Cipher_AES_Decrypt TPU_AES_Decrypt + + #endif + #if defined(MAX3266X_SHA) + #include "hash.h" /* Proivdes Drivers for SHA */ + /* SHA Defines */ + #define MXC_TPU_HASH_TYPE tpu_hashfunsel_t + #define MXC_TPU_HASH_SHA1 TPU_HASH_SHA1 + #define MXC_TPU_HASH_SHA224 TPU_HASH_SHA224 + #define MXC_TPU_HASH_SHA256 TPU_HASH_SHA256 + #define MXC_TPU_HASH_SHA384 TPU_HASH_SHA384 + #define MXC_TPU_HASH_SHA512 TPU_HASH_SHA512 + + /* SHA Functions */ + #define MXC_TPU_Hash_Config TPU_Hash_Config + #define MXC_TPU_Hash_SHA TPU_SHA + + #endif + #if defined(MAX3266X_MATH) + #include "maa.h" /* Provides Drivers for math acceleration for */ + /* ECDSA and RSA Acceleration */ + /* MAA Defines */ + #define MXC_TPU_MAA_TYPE tpu_maa_clcsel_t + #define WC_MXC_TPU_MAA_EXP 0b0000 + #define WC_MXC_TPU_MAA_SQ 0b0010 + #define WC_MXC_TPU_MAA_MUL 0b0100 + #define WC_MXC_TPU_MAA_SQMUL 0b0110 + #define WC_MXC_TPU_MAA_ADD 0b1000 + #define WC_MXC_TPU_MAA_SUB 0b1010 + + /* MAA Functions */ + #define MXC_TPU_MAA_Compute MAA_Compute + #define MXC_TPU_MAA_Shutdown MAA_Shutdown + #define MXC_TPU_MAA_Init MAA_Init + #define MXC_TPU_MAA_Reset MAA_Reset + + #endif + + /* TPU Functions */ + #define MXC_TPU_Init SYS_TPU_Init + #define MXC_TPU_Shutdown SYS_TPU_Shutdown + #define MXC_SYS_PERIPH_CLOCK_TPU SYS_PERIPH_CLOCK_TPU + + #define MXC_SYS_PERIPH_CLOCK_TPU SYS_PERIPH_CLOCK_TPU + #define MXC_SYS_PERIPH_CLOCK_TRNG SYS_PERIPH_CLOCK_TRNG + +#else + /* Defaults to expect newer SDK */ + #if defined(MAX3266X_RNG) + #include "trng.h" /* Provides Drivers for TRNG */ + #endif + #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \ + defined(MAX3266X_ECDSA) || defined(MAX3266X_RSA) || \ + defined(MAX3266X_RNG) + #include "tpu.h" /* SDK Drivers for the TPU unit */ + /* Handles AES, SHA, and */ + /* MAA driver to accelerate RSA/ECDSA */ + + /* AES Defines */ + #define MXC_TPU_CIPHER_TYPE mxc_tpu_ciphersel_t + #define MXC_TPU_MODE_TYPE mxc_tpu_modesel_t + + + /* SHA Defines */ + #define MXC_TPU_HASH_TYPE mxc_tpu_hashfunsel_t + + + /* MAA Defines */ + /* Current SDK for TPU does not handle bit mask correctly */ + /* with expected enum values, so calue need to be set */ + /* manually to work with intended naming scheme */ + #define MXC_TPU_MAA_TYPE mxc_tpu_maa_clcsel_t + #define WC_MXC_TPU_MAA_EXP 0b0000 + #define WC_MXC_TPU_MAA_SQ 0b0010 + #define WC_MXC_TPU_MAA_MUL 0b0100 + #define WC_MXC_TPU_MAA_SQMUL 0b0110 + #define WC_MXC_TPU_MAA_ADD 0b1000 + #define WC_MXC_TPU_MAA_SUB 0b1010 + + #endif + +#endif + + +/* Provide Driver for RTC if specified, meant for wolfCrypt benchmark only */ +#if defined(MAX3266X_RTC) + #if defined(WOLFSSL_MAX3266X_OLD) + #error Not Implemented with old SDK + #endif + #include "time.h" + #include "rtc.h" + #define MXC_SECS_PER_MIN (60) + #define MXC_SECS_PER_HR (60 * MXC_SECS_PER_MIN) + #define MXC_SECS_PER_DAY (24 * MXC_SECS_PER_HR) +#endif + +/* Variable Definitions */ +#ifdef __cplusplus + extern "C" { +#endif + + WOLFSSL_LOCAL int wc_MXC_TPU_Init(void); + WOLFSSL_LOCAL int wc_MXC_TPU_Shutdown(void); + /* Convert Errors to wolfCrypt Codes */ + WOLFSSL_LOCAL int wc_MXC_error(int *ret); + +#ifdef MAX3266X_RTC + WOLFSSL_LOCAL int wc_MXC_RTC_Init(void); + WOLFSSL_LOCAL int wc_MXC_RTC_Reset(void); + WOLFSSL_LOCAL double wc_MXC_RTC_Time(void); +#endif + +#ifdef MAX3266X_VERBOSE + #ifndef DEBUG_WOLFSSL + #error Need "#define DEBUG_WOLFSSL" to do use "#define MAX3266X_VERBOSE" + #else + #define MAX3266X_MSG(...) WOLFSSL_MSG(__VA_ARGS__) + #endif +#else + #define MAX3266X_MSG(...) /* Compile out Verbose MSGs */ +#endif + +#ifdef MAX3266X_RNG + WOLFSSL_LOCAL int wc_MXC_TRNG_Random(unsigned char* output, + unsigned int sz); +#endif + +#ifdef MAX3266X_AES + WOLFSSL_LOCAL int wc_MXC_TPU_AesEncrypt(const unsigned char* in, + const unsigned char* iv, + const unsigned char* enc_key, + MXC_TPU_MODE_TYPE mode, + unsigned int data_size, + unsigned char* out, unsigned int keySize); + + WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in, + const unsigned char* iv, + const unsigned char* enc_key, + MXC_TPU_MODE_TYPE mode, + unsigned int data_size, + unsigned char* out, unsigned int keySize); +#endif + +#ifdef MAX3266X_SHA + + typedef struct { + unsigned char *msg; + unsigned int used; + unsigned int size; + unsigned char hash[WOLFSSL_MAX_HASH_SIZE]; + } wc_MXC_Sha; + + #if !defined(NO_SHA256) + typedef wc_MXC_Sha wc_Sha256; + #define WC_SHA256_TYPE_DEFINED + + /* Define the SHA-256 digest for an empty string */ + /* as a constant byte array */ + static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = { + 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, + 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, + 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, + 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; + + #endif + + + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash); + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, + const unsigned char* data, + unsigned int size); + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, + unsigned char* digest, + MXC_TPU_HASH_TYPE algo); + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, + unsigned char* digest, + MXC_TPU_HASH_TYPE algo); + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst); + WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash); + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, + unsigned char* digest, + MXC_TPU_HASH_TYPE algo); + + +#endif + +#if defined(MAX3266X_MATH) + #define WOLFSSL_USE_HW_MP + /* Setup mapping to fallback if edge case is encountered */ + #if defined(USE_FAST_MATH) + #define mxc_mod fp_mod + #define mxc_addmod fp_addmod + #define mxc_submod fp_submod + #define mxc_mulmod fp_mulmod + #define mxc_exptmod fp_exptmod + #define mxc_sqrmod fp_sqrmod + #elif defined(WOLFSSL_SP_MATH_ALL) + #define mxc_mod sp_mod + #define mxc_addmod sp_addmod + #define mxc_submod sp_submod + #define mxc_mulmod sp_mulmod + #define mxc_exptmod sp_exptmod + #define mxc_sqrmod sp_sqrmod + #else + #error Need to use WOLFSSL_SP_MATH_ALL + #endif + +#endif + +#ifdef __cplusplus + } +#endif + +#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ +#endif /* _WOLFPORT_MAX3266X_H_ */ \ No newline at end of file diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 6ed595026..0e0582302 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -76,6 +76,9 @@ #if defined(WOLFSSL_SILABS_SE_ACCEL) #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif #if !defined(NO_OLD_SHA_NAMES) #define SHA WC_SHA diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index aa4632cf3..311bb3127 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -146,6 +146,10 @@ enum { #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h" #else +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" +#endif + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" #endif diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 53075c5c6..2a9a88014 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -1150,27 +1150,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); #define mp_div_2 sp_div_2 #define mp_add sp_add #define mp_sub sp_sub -#define mp_addmod sp_addmod -#define mp_submod sp_submod + #define mp_addmod_ct sp_addmod_ct #define mp_submod_ct sp_submod_ct #define mp_xor_ct sp_xor_ct #define mp_lshd sp_lshd #define mp_rshd sp_rshd #define mp_div sp_div -#define mp_mod sp_mod #define mp_mul sp_mul -#define mp_mulmod sp_mulmod #define mp_invmod sp_invmod #define mp_invmod_mont_ct sp_invmod_mont_ct #define mp_exptmod_ex sp_exptmod_ex -#define mp_exptmod sp_exptmod #define mp_exptmod_nct sp_exptmod_nct #define mp_div_2d sp_div_2d #define mp_mod_2d sp_mod_2d #define mp_mul_2d sp_mul_2d #define mp_sqr sp_sqr -#define mp_sqrmod sp_sqrmod #define mp_unsigned_bin_size sp_unsigned_bin_size #define mp_read_unsigned_bin sp_read_unsigned_bin @@ -1193,6 +1188,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); #define mp_memzero_add sp_memzero_add #define mp_memzero_check sp_memzero_check +/* Allow for Hardware Based Mod Math */ +/* Avoid redeclaration warnings */ +#ifndef WOLFSSL_USE_HW_MP + #define mp_mod sp_mod + #define mp_addmod sp_addmod + #define mp_submod sp_submod + #define mp_mulmod sp_mulmod + #define mp_exptmod sp_exptmod + #define mp_sqrmod sp_sqrmod +#endif + #ifdef WOLFSSL_DEBUG_MATH #define mp_dump(d, a, v) sp_print(a, d) #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7373e0550..7e4567f96 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -54,6 +54,10 @@ #endif #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #ifdef WOLFSSL_LINUXKM #include "../../linuxkm/linuxkm_wc_port.h" #endif /* WOLFSSL_LINUXKM */ diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index fe01ed5cd..e012ff655 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -52,6 +52,10 @@ This library provides big integer math functions. #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #ifndef MIN #define MIN(x,y) ((x)<(y)?(x):(y)) #endif @@ -118,6 +122,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, WOLFSSL_API const char *wc_GetMathInfo(void); #endif +/* Support for generic Hardware based Math Functions */ +#ifdef WOLFSSL_USE_HW_MP + +WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, + mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* result); +WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result); + +/* One to one mappings */ +#define mp_mod hw_mod +#define mp_addmod hw_addmod +#define mp_submod hw_submod +#define mp_mulmod hw_mulmod +#define mp_exptmod hw_exptmod +#define mp_sqrmod hw_sqrmod + +#endif + #ifdef __cplusplus } /* extern "C" */ #endif From d714e55a2bfd1baf9ccd65206bc3b263961b0e96 Mon Sep 17 00:00:00 2001 From: night1rider Date: Thu, 1 Aug 2024 10:32:08 -0600 Subject: [PATCH 012/325] Addressing PR comments typos and cleanup and support HAVE_AES_ECB, Sha1, and Sha224 --- wolfcrypt/benchmark/benchmark.c | 1 + wolfcrypt/src/aes.c | 42 ++++ wolfcrypt/src/port/maxim/README.md | 10 +- wolfcrypt/src/port/maxim/max3266x.c | 280 +++++++++++++++++------- wolfcrypt/src/sha.c | 10 + wolfcrypt/src/sha256.c | 6 + wolfcrypt/src/wc_port.c | 2 +- wolfssl/wolfcrypt/port/maxim/max3266x.h | 29 ++- 8 files changed, 291 insertions(+), 89 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 32e7a1283..042f73646 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -14259,6 +14259,7 @@ void bench_sphincsKeySign(byte level, byte optim) double current_time(int reset) { + (void)reset; return wc_MXC_RTC_Time(); } diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index fd8679b39..e28e8b59b 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11508,6 +11508,48 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */ +#elif defined(MAX3266X_AES) + +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, aes->reg, aes->key, MXC_TPU_MODE_ECB, + sz, out, keySize); + + return status; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesDecrypt(in, aes->reg, aes->key, MXC_TPU_MODE_ECB, + sz, out, keySize); + + return status; +} +#endif /* HAVE_AES_DECRYPT */ + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) /* Software AES - ECB */ diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md index fa8cd1cdd..17a66b692 100644 --- a/wolfcrypt/src/port/maxim/README.md +++ b/wolfcrypt/src/port/maxim/README.md @@ -6,7 +6,7 @@ wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666 wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic controllers. wolfSSL can also be configure to utilize the TPU (crypto accelerator), MAA (math accelerator), and TRNG available on select -MAX32665 and MAX32666 microcontrollers. +MAX32665 and MAX32666 microcontroller. Product datasheets, user guides and other resources can be found at Analog Devices website: @@ -41,7 +41,7 @@ all other operations will use the default software implementations. The other prerequisite is that a change needs to be made to the Maxim SDK. This is to use the MAA Math Accelerator, this change only needs to be made if you are using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves -or you are specifing `#define MAX3266X_MATH`. +or you are specifying `#define MAX3266X_MATH`. In the SDK you will need to find the underlying function that `MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the @@ -68,7 +68,7 @@ if you want to know more details on the issue. ## Supported Algos -Using these defines will replace software implentations with a call to the +Using these defines will replace software implementations with a call to the hardware. `#define MAX3266X_RNG` @@ -95,7 +95,7 @@ like RSA and ECC key generation): ## Extra Information For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with -`#define MAX3266X_VERBOSE` to see if errors are occuring during the hardware +`#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware setup/ To reproduce benchmark numbers you can use `#define MAX3266X_RTC`. @@ -104,7 +104,7 @@ Do note that this will only work with `#define WOLFSSL_MAX3266X` and not and not for any other application. Please implement your own rtc/time code for anything else. -For more infromation about the TPU, MAA, and TRNG please refer to the +For more information about the TPU, MAA, and TRNG please refer to the [MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf) # MAXQ1065/MAX1080 diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index ca2a508fb..49e3fe2fd 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -42,13 +42,15 @@ #include #endif -#if defined(USE_FAST_MATH) - #error MXC Not Compatible with Fast Math +#if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH) + #error MXC Not Compatible with Fast Math or Heap Math #include #define MXC_WORD_SIZE DIGIT_BIT #elif defined(WOLFSSL_SP_MATH_ALL) #include #define MXC_WORD_SIZE SP_WORD_SIZE +#else + #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL #endif #define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE) @@ -79,37 +81,45 @@ int wc_MXC_TPU_Shutdown(void) } -/* Convert Error Codes Correctly */ -/* TODO: Convert to correct wolfCrypt Codes */ -/* TODO: Add wolfssl Message Statements to report HW issue on bad return */ +/* Convert Error Codes Correctly and Report HW error when */ +/* using #define MAX3266X_VERBOSE */ int wc_MXC_error(int *ret) { switch(*ret){ case E_SUCCESS: return 0; - case E_NULL_PTR: - return E_NULL_PTR; - case E_INVALID: /* Process Failed */ - return E_INVALID; + MAX3266X_MSG("HW Reported: E_INVALID Error"); + *ret = WC_HW_E; + break; + + case E_NULL_PTR: + MAX3266X_MSG("HW Reported: E_NULL_PTR Error"); + *ret = BAD_FUNC_ARG; + break; case E_BAD_PARAM: - return BAD_FUNC_ARG; + MAX3266X_MSG("HW Reported: E_BAD_PARAM Error"); + *ret = BAD_FUNC_ARG; + break; case E_BAD_STATE: - return E_BAD_STATE; + MAX3266X_MSG("HW Reported: E_BAD_STATE Error"); + *ret = WC_HW_E; + break; default: + MAX3266X_MSG("HW Reported an Unknown Error"); *ret = WC_HW_E; /* If something else return HW Error */ - return *ret; + break; } + return *ret; } #if defined(MAX3266X_RNG) -/* Use this RNG_FAILURE_E for RNG Errors*/ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) { if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) { @@ -121,7 +131,7 @@ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) MAX3266X_MSG("TRNG Hardware Used"); return 0; } -#endif /* MAX3266x_RNG */ +#endif /* MAX3266X_RNG */ #if defined(MAX3266X_AES) int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, @@ -132,46 +142,46 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, int status; status = wolfSSL_CryptHwMutexLock(); MAX3266X_MSG("AES HW Encryption"); - if (status != 0) { - MAX3266X_MSG("Hardware Mutex Failure"); - return status; - } - switch (keySize) { - case MXC_AES_KEY_128_LEN: - MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128); - status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, - (const char*)iv, (const char*)enc_key, - MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out); - MAX3266X_MSG("AES HW Acceleration Used: 128 Bit"); - break; - case MXC_AES_KEY_192_LEN: - MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192); - status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, - (const char*)iv, (const char*)enc_key, - MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out); - MAX3266X_MSG("AES HW Acceleration Used: 192 Bit"); - break; - case MXC_AES_KEY_256_LEN: - MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256); - status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, - (const char*)iv, (const char*)enc_key, - MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out); - MAX3266X_MSG("AES HW Acceleration Used: 256 Bit"); - break; - default: - MAX3266X_MSG("AES HW ERROR: Length Not Supported"); - wolfSSL_CryptHwMutexUnLock(); - return WC_HW_E; + if (status != 0) { + MAX3266X_MSG("Hardware Mutex Failure"); + return status; + } + switch (keySize) { + case MXC_AES_KEY_128_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 128 Bit"); break; + case MXC_AES_KEY_192_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 192 Bit"); + break; + case MXC_AES_KEY_256_LEN: + MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256); + status = MXC_TPU_Cipher_AES_Encrypt((const char*)in, + (const char*)iv, (const char*)enc_key, + MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out); + MAX3266X_MSG("AES HW Acceleration Used: 256 Bit"); + break; + default: + MAX3266X_MSG("AES HW ERROR: Length Not Supported"); + wolfSSL_CryptHwMutexUnLock(); + return WC_HW_E; + break; } wolfSSL_CryptHwMutexUnLock(); if (status != 0) { - MAX3266X_MSG("AES HW Acceleration Error Occured"); + MAX3266X_MSG("AES HW Acceleration Error Occurred"); return WC_HW_E; } return 0; } - +#ifdef HAVE_AES_DECRYPT int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, const unsigned char* dec_key, MXC_TPU_MODE_TYPE mode, unsigned int data_size, @@ -212,13 +222,13 @@ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, } wolfSSL_CryptHwMutexUnLock(); if (status != 0) { - MAX3266X_MSG("AES HW Acceleration Error Occured"); + MAX3266X_MSG("AES HW Acceleration Error Occurred"); return WC_HW_E; } return 0; } - -#endif +#endif /* HAVE_AES_DECRYPT */ +#endif /* MAX3266X_AES */ #if defined(MAX3266X_SHA) @@ -296,11 +306,11 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, MAX3266X_MSG("SHA HW Acceleration Used"); wolfSSL_CryptHwMutexUnLock(); if (wc_MXC_error(&status) != 0) { - MAX3266X_MSG("SHA HW Error Occured"); + MAX3266X_MSG("SHA HW Error Occurred"); return status; } } - /* Error Occured */ + /* Error Occurred */ return status; } @@ -345,11 +355,21 @@ int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, { if (hash->msg == 0 && hash->size == 0 && digest != NULL) { switch(algo) { + #ifndef NO_SHA + case MXC_TPU_HASH_SHA1: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE); + break; + #endif /* NO_SHA */ #ifndef NO_SHA256 case MXC_TPU_HASH_SHA256: XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); break; - #endif + #endif /* NO_SHA256 */ + #ifdef WOLFSSL_SHA224 + case MXC_TPU_HASH_SHA224: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA224 */ default: return BAD_FUNC_ARG; } @@ -358,6 +378,97 @@ int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, return 0; /* False */ } +#if !defined(NO_SHA) + +WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) +{ + if (sha == NULL) { + return BAD_FUNC_ARG; + } + (void)heap; + (void)devId; + return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha); +} + +WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data, + unsigned int len) +{ + return wc_MXC_TPU_SHA_Update(sha, data, len); +} + +WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha, hash, + MXC_TPU_HASH_SHA1); +} + +WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha, hash, + MXC_TPU_HASH_SHA1); +} + +WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) +{ + return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); +} + +WOLFSSL_API void wc_ShaFree(wc_Sha* sha) +{ + wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha); + return; +} + +#endif /* NO_SHA */ + +#if defined(WOLFSSL_SHA224) + +WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) +{ + if (sha224 == NULL) { + return BAD_FUNC_ARG; + } + (void)heap; + (void)devId; + return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha224); +} + +WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) +{ + return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID); +} + +WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data, + unsigned int len) +{ + return wc_MXC_TPU_SHA_Update(sha224, data, len); +} + +WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha224, hash, + MXC_TPU_HASH_SHA224); +} + +WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha224, hash, + MXC_TPU_HASH_SHA224); +} + +WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) +{ + return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); +} + +WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224) +{ + wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha224); + return; +} + +#endif /* WOLFSSL_SHA224 */ + #if !defined(NO_SHA256) WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) @@ -404,13 +515,13 @@ WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) return; } -#endif +#endif /* NO_SHA256 */ #endif /* MAX3266X_SHA */ #if defined(MAX3266X_MATH) -/* Sets mutex and initializes hardware according to need operation size */ +/* Sets mutex and initializes hardware according to needed operation size */ int wc_MXC_MAA_init(unsigned int len) { int status; @@ -511,17 +622,20 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, /* Create an array to compare values to to check edge for error edge case */ zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if(zero_tmp == NULL){ + MAX3266X_MSG("NULL pointer found after XMALLOC call"); + return WC_HW_E; + } XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit)); /* Check for invalid arguments befor padding */ - switch((char)clc){ + switch ((char)clc) { case WC_MXC_TPU_MAA_EXP: /* Cannot be 0 for a^e mod m operation */ if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) { XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); MAX3266X_MSG("Cannot use Value 0 for Exp"); return BAD_FUNC_ARG; - break; } /* Padd out rest of data if used != length to ensure no */ @@ -545,13 +659,12 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); MAX3266X_MSG("Cannot use Value 0 for Exp"); return BAD_FUNC_ARG; - break; } - /* Padd out rest of data if used != length to ensure no */ + /* Pad out rest of data if used != length to ensure no */ /* garbage is used in calculation */ if ((multiplier->dp != NULL) && (multiplier->used < length)) { - MAX3266X_MSG("Zero Padding Multipler Buffer"); + MAX3266X_MSG("Zero Padding Multiplier Buffer"); XMEMSET(multiplier->dp + multiplier->used, 0x00, sizeof(int) * (length - multiplier->used)); } @@ -567,6 +680,8 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, } break; default: + /* Free the zero array used to check values */ + XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return BAD_FUNC_ARG; /* Invalid clc given */ } /* Free the zero array used to check values */ @@ -586,7 +701,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, /* General Control Over MAA Hardware to handle all needed Cases */ -int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, +int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, mp_int* mod, mp_int* result, MXC_TPU_MAA_TYPE clc) { @@ -595,7 +710,7 @@ int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, mp_int* result_tmp_ptr; mp_int result_tmp; /* Check if result shares struct pointer */ - if ((multipler == result) || (multiplicand == result) || (exp == result) || + if ((multiplier == result) || (multiplicand == result) || (exp == result) || (mod == result)) { MAX3266X_MSG("Creating Temp Result Buffer for Hardware"); result_tmp_ptr = &result_tmp; /* Assign point to temp struct */ @@ -609,16 +724,16 @@ int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, } if (clc == WC_MXC_TPU_MAA_EXP) { - length = wc_MXC_MAA_Largest(5, multipler->used, multiplicand->used, + length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used, exp->used, mod->used, result->used); } else { - length = wc_MXC_MAA_Largest(4, multipler->used, multiplicand->used, + length = wc_MXC_MAA_Largest(4, multiplier->used, multiplicand->used, mod->used, result->used); } /* Zero Pad everything if needed */ - ret = wc_MXC_MAA_zeroPad(multipler, multiplicand, exp, mod, result_tmp_ptr, + ret = wc_MXC_MAA_zeroPad(multiplier, multiplicand, exp, mod, result_tmp_ptr, clc, length); if (ret != 0) { MAX3266X_MSG("Zero Padding Failed"); @@ -635,7 +750,7 @@ int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, /* Start Math And Cast to expect types for SDK */ MAX3266X_MSG("Starting Computation in MAA"); - ret = MXC_TPU_MAA_Compute(clc, (char *)(multipler->dp), + ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp), (char *)(multiplicand->dp), (char *)(exp->dp), (char *)(mod->dp), (int *)(result_tmp_ptr->dp), @@ -655,7 +770,7 @@ int wc_MXC_MAA_math(mp_int* multipler, mp_int* multiplicand, mp_int* exp, } /* Copy tmp result if needed */ - if ((multipler == result) || (multiplicand == result) || (exp == result) || + if ((multiplier == result) || (multiplicand == result) || (exp == result) || (mod == result)) { mp_copy(result_tmp_ptr, result); ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */ @@ -679,51 +794,51 @@ int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod, WC_MXC_TPU_MAA_EXP); } -int wc_MXC_MAA_sqrmod(mp_int* multipler, mp_int* mod, mp_int* result) +int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result) { mp_int multiplicand; XMEMSET(&multiplicand, 0, sizeof(mp_int)); multiplicand.dp[0] = 0x01; multiplicand.used = mod->used; MAX3266X_MSG("Preparing sqrmod MAA HW Call"); - return wc_MXC_MAA_math(multipler, &multiplicand, NULL, mod, result, + return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result, WC_MXC_TPU_MAA_SQ); } -int wc_MXC_MAA_mulmod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, +int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { MAX3266X_MSG("Preparing mulmod MAA HW Call"); - return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, WC_MXC_TPU_MAA_MUL); } -int wc_MXC_MAA_sqrmulmod(mp_int* multipler, mp_int* multiplicand, +int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, mp_int* mod, mp_int* result) { MAX3266X_MSG("Preparing sqrmulmod MAA HW Call"); - return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, WC_MXC_TPU_MAA_SQMUL); } -int wc_MXC_MAA_addmod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, +int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { MAX3266X_MSG("Preparing addmod MAA HW Call"); - return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, WC_MXC_TPU_MAA_ADD); } -int wc_MXC_MAA_submod(mp_int* multipler, mp_int* multiplicand, mp_int* mod, +int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { MAX3266X_MSG("Preparing submod MAA HW Call"); - if ((mod->used < multipler->used) || (mod->used < multiplicand->used)) { + if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) { MAX3266X_MSG("HW Limitation: Defaulting back to software"); - return mxc_submod(multipler, multiplicand, mod, result); + return mxc_submod(multiplier, multiplicand, mod, result); } else { - return wc_MXC_MAA_math(multipler, multiplicand, NULL, mod, result, + return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, WC_MXC_TPU_MAA_SUB); } } @@ -807,7 +922,7 @@ int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result) } -/* No mod function avaliable with hardware, however preform a submod */ +/* No mod function available with hardware, however preform a submod */ /* (a - 0) mod m will essentially preform the same operation as a mod m */ int hw_mod(mp_int* a, mp_int* mod, mp_int* result) { @@ -829,8 +944,7 @@ int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result) return wc_MXC_MAA_sqrmod(base, mod, result); } -#endif - +#endif /* MAX3266X_MATH */ #if defined(MAX3266X_RTC) /* Initialize the RTC */ @@ -880,6 +994,7 @@ void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*), } /* Function to provide the current time as a double */ +/* Returns seconds and millisecond */ double wc_MXC_RTC_Time(void) { int32_t err; @@ -897,10 +1012,11 @@ double wc_MXC_RTC_Time(void) if (err != E_NO_ERROR) { return (double)err; } + /* Per the device documentation, subsecond register holds up to 1 second */ + /* subsecond register is size 2^12, so divide by 4096 to get milliseconds */ return ((double)rtc_seconds + ((double)rtc_subseconds / 4096)); } #endif /* MAX3266X_RTC */ - #endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ \ No newline at end of file diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 44db74822..6bbb1c530 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -308,6 +308,10 @@ !defined(WOLFSSL_QNX_CAAM) /* wolfcrypt/src/port/caam/caam_sha.c */ +#elif defined(MAX3266X_SHA) + /* Already brought in by sha.h */ + /* #include */ + #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \ defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) @@ -1035,6 +1039,8 @@ int wc_InitSha(wc_Sha* sha) #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) +#ifndef MAX3266X_SHA + void wc_ShaFree(wc_Sha* sha) { if (sha == NULL) @@ -1066,6 +1072,7 @@ void wc_ShaFree(wc_Sha* sha) #endif } +#endif /* !MAX3266X_SHA */ #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ #endif /* !WOLFSSL_TI_HASH */ @@ -1080,6 +1087,8 @@ void wc_ShaFree(wc_Sha* sha) #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) +#ifndef MAX3266X_SHA + /* wc_ShaGetHash get hash value */ int wc_ShaGetHash(wc_Sha* sha, byte* hash) { @@ -1150,6 +1159,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) return ret; } #endif /* WOLFSSL_RENESAS_RX64_HASH */ +#endif /* !MAX3266X_SHA */ #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) || diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index b7ee935f4..18adbbd84 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1965,6 +1965,9 @@ static int InitSha256(wc_Sha256* sha256) #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ +#elif defined(MAX3266X_SHA) + /* implemented in wolfcrypt/src/port/maxim/max3266x.c */ + #elif defined(WOLFSSL_RENESAS_RX64_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ @@ -2355,6 +2358,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ +#elif defined(MAX3266X_SHA) + /* implemented in wolfcrypt/src/port/maxim/max3266x.c */ + #else int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 3b87dec5c..5d3e9123b 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -257,7 +257,7 @@ int wolfCrypt_Init(void) #if defined(MAX3266X_RTC) ret = wc_MXC_RTC_Init(); - if (ret != 0){ + if (ret != 0) { WOLFSSL_MSG("MXC RTC Init Failed"); return WC_HW_E; } diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index 9c74ddef5..bf578a229 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -224,6 +224,33 @@ unsigned char hash[WOLFSSL_MAX_HASH_SIZE]; } wc_MXC_Sha; + #if !defined(NO_SHA) + typedef wc_MXC_Sha wc_Sha; + #define WC_SHA_TYPE_DEFINED + + /* Define the SHA digest for an empty string */ + /* as a constant byte array */ + static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = { + 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, + 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, + 0xaf, 0xd8, 0x07, 0x09}; + + #endif /* NO_SHA */ + + #if defined(WOLFSSL_SHA224) + typedef wc_MXC_Sha wc_Sha224; + #define WC_SHA224_TYPE_DEFINED + + /* Define the SHA-224 digest for an empty string */ + /* as a constant byte array */ + static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = { + 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, + 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, + 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, + 0xc5, 0xb3, 0xe4, 0x2f}; + + #endif /* WOLFSSL_SHA224 */ + #if !defined(NO_SHA256) typedef wc_MXC_Sha wc_Sha256; #define WC_SHA256_TYPE_DEFINED @@ -236,7 +263,7 @@ 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; - #endif + #endif /* NO_SHA256 */ WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash); From fe7987f2419c7df1f2363badec3c2327c1bd669b Mon Sep 17 00:00:00 2001 From: night1rider Date: Mon, 5 Aug 2024 12:32:42 -0600 Subject: [PATCH 013/325] Adding SHA-384/512 support, Null Checks, RNG Health Test for HW, and MAA call update for MAX3266X Port. --- wolfcrypt/src/aes.c | 43 ++++--- wolfcrypt/src/port/maxim/README.md | 38 +++--- wolfcrypt/src/port/maxim/max3266x.c | 148 ++++++++++++++++++++---- wolfcrypt/src/random.c | 10 ++ wolfcrypt/src/sha512.c | 33 ++++++ wolfssl/wolfcrypt/port/maxim/max3266x.h | 75 ++++++++---- wolfssl/wolfcrypt/sha512.h | 3 + 7 files changed, 272 insertions(+), 78 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e28e8b59b..7e212685f 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5412,16 +5412,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int status; byte *iv; -#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { - return BAD_LENGTH_E; + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; } -#endif - if (sz == 0) + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + } + #endif + if (sz == 0) { return 0; + } iv = (byte*)aes->reg; - status = wc_AesGetKeySize(aes, &keySize); if (status != 0) { return status; @@ -5430,12 +5437,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key, MXC_TPU_MODE_CBC, sz, out, (unsigned int)keySize); - /* store iv for next call */ if (status == 0) { XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); } - return (status == 0) ? 0 : -1; } @@ -5447,16 +5452,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv) byte *iv; byte temp_block[AES_BLOCK_SIZE]; -#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { - return BAD_LENGTH_E; + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; } -#endif - if (sz == 0) + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + } + #endif + if (sz == 0) { return 0; + } iv = (byte*)aes->reg; - status = wc_AesGetKeySize(aes, &keySize); if (status != 0) { return status; @@ -5464,17 +5476,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* get IV for next call */ XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key, MXC_TPU_MODE_CBC, sz, out, keySize); - /* store iv for next call */ if (status == 0) { XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); } - return (status == 0) ? 0 : -1; } #endif /* HAVE_AES_DECRYPT */ diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md index 17a66b692..c3a6d4bb1 100644 --- a/wolfcrypt/src/port/maxim/README.md +++ b/wolfcrypt/src/port/maxim/README.md @@ -41,30 +41,26 @@ all other operations will use the default software implementations. The other prerequisite is that a change needs to be made to the Maxim SDK. This is to use the MAA Math Accelerator, this change only needs to be made if you are using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves -or you are specifying `#define MAX3266X_MATH`. +or you are specifying `#define MAX3266X_MATH`. This is only needed if you are +not using the latest Maxim SDK. In the SDK you will need to find the underlying function that `MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying -function you will need to change this error check: +function you will need to this: ``` -// Check that we're performing a valid operation -if (clc >= 0x6) { - return E_INVALID; -} +MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, clc); ``` to ``` -// Check that we're performing a valid operation -if (clc >= 0b1111) { - return E_INVALID; -} +MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, + clc << MXC_F_TPU_REVA_MAA_CTRL_CLC_POS); ``` -This bug has been reported to Analog Devices -[here](https://github.com/analogdevicesinc/msdk/issues/1089) -if you want to know more details on the issue. +This bug has been reported to Analog Devices and a PR has been made +[here](https://github.com/analogdevicesinc/msdk/pull/1104) +if you want to know more details on the issue, or use a patch. ## Supported Algos @@ -81,17 +77,21 @@ hardware. `#define MAX3266X_SHA`: +- SHA-1 +- SHA-224 - SHA-256 +- SHA-384 +- SHA-512 `#define MAX3266X_MATH` (Replaces math operation calls for algos like RSA and ECC key generation): -- mod - `a mod m = r` -- addmod - `(a+b)mod m = r` -- submod - `(a-b)mod m = r` -- mulmod - `(a*b)mod m = r` -- sqrmod - `(b^2)mod m = r` -- exptmod - `(b^e)mod m = r` +- mod: `a mod m = r` +- addmod: `(a+b)mod m = r` +- submod: `(a-b)mod m = r` +- mulmod: `(a*b)mod m = r` +- sqrmod: `(b^2)mod m = r` +- exptmod: `(b^e)mod m = r` ## Extra Information For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index 49e3fe2fd..1e59a16bd 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -360,16 +360,26 @@ int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE); break; #endif /* NO_SHA */ - #ifndef NO_SHA256 - case MXC_TPU_HASH_SHA256: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); - break; - #endif /* NO_SHA256 */ #ifdef WOLFSSL_SHA224 case MXC_TPU_HASH_SHA224: XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE); break; #endif /* WOLFSSL_SHA224 */ + #ifndef NO_SHA256 + case MXC_TPU_HASH_SHA256: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); + break; + #endif /* NO_SHA256 */ + #ifdef WOLFSSL_SHA384 + case MXC_TPU_HASH_SHA384: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case MXC_TPU_HASH_SHA512: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA512 */ default: return BAD_FUNC_ARG; } @@ -517,6 +527,102 @@ WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) #endif /* NO_SHA256 */ +#if defined(WOLFSSL_SHA384) + +WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) +{ + if (sha384 == NULL) { + return BAD_FUNC_ARG; + } + (void)heap; + (void)devId; + return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha384); +} + +WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) +{ + return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID); +} + +WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data, + unsigned int len) +{ + return wc_MXC_TPU_SHA_Update(sha384, data, len); +} + +WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha384, hash, + MXC_TPU_HASH_SHA384); +} + +WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha384, hash, + MXC_TPU_HASH_SHA384); +} + +WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) +{ + return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); +} + +WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384) +{ + wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha384); + return; +} + +#endif /* WOLFSSL_SHA384 */ + +#if defined(WOLFSSL_SHA512) + +WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) +{ + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + (void)heap; + (void)devId; + return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha512); +} + +WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) +{ + return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID); +} + +WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data, + unsigned int len) +{ + return wc_MXC_TPU_SHA_Update(sha512, data, len); +} + +WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha512, hash, + MXC_TPU_HASH_SHA512); +} + +WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash) +{ + return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha512, hash, + MXC_TPU_HASH_SHA512); +} + +WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); +} + +WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512) +{ + wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha512); + return; +} + +#endif /* WOLFSSL_SHA512 */ + #endif /* MAX3266X_SHA */ #if defined(MAX3266X_MATH) @@ -615,7 +721,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, return BAD_FUNC_ARG; } if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) || - ((exp == NULL) && (clc == WC_MXC_TPU_MAA_EXP)) || (mod == NULL)) { + ((exp == NULL) && (clc == MXC_TPU_MAA_EXP)) || (mod == NULL)) { return BAD_FUNC_ARG; } @@ -630,7 +736,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, /* Check for invalid arguments befor padding */ switch ((char)clc) { - case WC_MXC_TPU_MAA_EXP: + case MXC_TPU_MAA_EXP: /* Cannot be 0 for a^e mod m operation */ if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) { XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -638,9 +744,9 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, return BAD_FUNC_ARG; } - /* Padd out rest of data if used != length to ensure no */ + /* Pad out rest of data if used != length to ensure no */ /* garbage is used in calculation */ - if ((exp != NULL) && (clc == WC_MXC_TPU_MAA_EXP)) { + if ((exp != NULL) && (clc == MXC_TPU_MAA_EXP)) { if ((exp->dp != NULL) && (exp->used < length)) { MAX3266X_MSG("Zero Padding Exp Buffer"); XMEMSET(exp->dp + exp->used, 0x00, @@ -649,11 +755,11 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, } /* Fall through to check mod is not 0 */ - case WC_MXC_TPU_MAA_SQ: - case WC_MXC_TPU_MAA_MUL: - case WC_MXC_TPU_MAA_SQMUL: - case WC_MXC_TPU_MAA_ADD: - case WC_MXC_TPU_MAA_SUB: + case MXC_TPU_MAA_SQ: + case MXC_TPU_MAA_MUL: + case MXC_TPU_MAA_SQMUL: + case MXC_TPU_MAA_ADD: + case MXC_TPU_MAA_SUB: /* Cannot be 0 for mod m value */ if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) { XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -723,7 +829,7 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, return MP_VAL; } - if (clc == WC_MXC_TPU_MAA_EXP) { + if (clc == MXC_TPU_MAA_EXP) { length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used, exp->used, mod->used, result->used); } @@ -791,7 +897,7 @@ int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod, multiplicand.used = mod->used; MAX3266X_MSG("Preparing exptmod MAA HW Call"); return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result, - WC_MXC_TPU_MAA_EXP); + MXC_TPU_MAA_EXP); } int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result) @@ -802,7 +908,7 @@ int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result) multiplicand.used = mod->used; MAX3266X_MSG("Preparing sqrmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result, - WC_MXC_TPU_MAA_SQ); + MXC_TPU_MAA_SQ); } int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, @@ -810,7 +916,7 @@ int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, { MAX3266X_MSG("Preparing mulmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, - WC_MXC_TPU_MAA_MUL); + MXC_TPU_MAA_MUL); } int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand, @@ -818,7 +924,7 @@ int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand, { MAX3266X_MSG("Preparing sqrmulmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, - WC_MXC_TPU_MAA_SQMUL); + MXC_TPU_MAA_SQMUL); } int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, @@ -826,7 +932,7 @@ int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, { MAX3266X_MSG("Preparing addmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, - WC_MXC_TPU_MAA_ADD); + MXC_TPU_MAA_ADD); } int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, @@ -839,7 +945,7 @@ int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, } else { return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, - WC_MXC_TPU_MAA_SUB); + MXC_TPU_MAA_SUB); } } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 42e385af7..5f2320315 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3839,7 +3839,17 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(MAX3266X_RNG) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { + static int initDone = 0; (void)os; + if (initDone == 0) { + if(MXC_TRNG_HealthTest() != 0) { + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("TRNG HW Health Test Failed"); + #endif + return WC_HW_E; + } + initDone = 1; + } return wc_MXC_TRNG_Random(output, sz); } diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 77313f7a2..fd9acc1e2 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -96,6 +96,11 @@ #include #endif +#if defined(MAX3266X_SHA) + /* Already brought in by sha512.h */ + /* #include */ +#endif + #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) #if defined(__GNUC__) && ((__GNUC__ < 4) || \ (__GNUC__ == 4 && __GNUC_MINOR__ <= 8)) @@ -149,6 +154,9 @@ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) int wc_InitSha512(wc_Sha512* sha512) { @@ -1158,6 +1166,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static WC_INLINE int Sha512Final(wc_Sha512* sha512) @@ -1318,6 +1329,9 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) @@ -1394,6 +1408,10 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) #endif /* WOLFSSL_KCAPI_HASH */ +#if defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + +#else #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH) int wc_InitSha512(wc_Sha512* sha512) { @@ -1442,6 +1460,8 @@ void wc_Sha512Free(wc_Sha512* sha512) ForceZero(sha512, sizeof(*sha512)); } +#endif + #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \ && !defined(WOLFSSL_KCAPI_HASH) /* Apply SHA512 transformation to the data */ @@ -1560,6 +1580,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int InitSha384(wc_Sha384* sha384) @@ -1755,6 +1778,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */ +#if defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + +#else int wc_InitSha384(wc_Sha384* sha384) { int devId = INVALID_DEVID; @@ -1813,6 +1840,7 @@ void wc_Sha384Free(wc_Sha384* sha384) ForceZero(sha384, sizeof(*sha384)); } +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -1824,6 +1852,9 @@ void wc_Sha384Free(wc_Sha384* sha384) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, @@ -2115,6 +2146,8 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) #elif defined(WOLFSSL_RENESAS_RSIP) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ #else int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index bf578a229..5fa12a1be 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -53,7 +53,9 @@ #if defined(MAX3266X_RNG) #include "trng.h" /* Provides TRNG Drivers */ - #define MXC_TPU_TRNG_Read TRNG_Read + #define MXC_TPU_TRNG_Read TRNG_Read + #warning "TRNG Health Test not available in older Maxim SDK" + #define MXC_TRNG_HealthTest(...) 0 #endif #if defined(MAX3266X_AES) #include "cipher.h" /* Provides Drivers for AES */ @@ -95,12 +97,12 @@ /* ECDSA and RSA Acceleration */ /* MAA Defines */ #define MXC_TPU_MAA_TYPE tpu_maa_clcsel_t - #define WC_MXC_TPU_MAA_EXP 0b0000 - #define WC_MXC_TPU_MAA_SQ 0b0010 - #define WC_MXC_TPU_MAA_MUL 0b0100 - #define WC_MXC_TPU_MAA_SQMUL 0b0110 - #define WC_MXC_TPU_MAA_ADD 0b1000 - #define WC_MXC_TPU_MAA_SUB 0b1010 + #define MXC_TPU_MAA_EXP TPU_MAA_EXP + #define MXC_TPU_MAA_SQ TPU_MAA_SQ + #define MXC_TPU_MAA_MUL TPU_MAA_MUL + #define MXC_TPU_MAA_SQMUL TPU_MAA_SQMUL + #define MXC_TPU_MAA_ADD TPU_MAA_ADD + #define MXC_TPU_MAA_SUB TPU_MAA_SUB /* MAA Functions */ #define MXC_TPU_MAA_Compute MAA_Compute @@ -134,22 +136,12 @@ #define MXC_TPU_CIPHER_TYPE mxc_tpu_ciphersel_t #define MXC_TPU_MODE_TYPE mxc_tpu_modesel_t - /* SHA Defines */ #define MXC_TPU_HASH_TYPE mxc_tpu_hashfunsel_t - /* MAA Defines */ - /* Current SDK for TPU does not handle bit mask correctly */ - /* with expected enum values, so calue need to be set */ - /* manually to work with intended naming scheme */ #define MXC_TPU_MAA_TYPE mxc_tpu_maa_clcsel_t - #define WC_MXC_TPU_MAA_EXP 0b0000 - #define WC_MXC_TPU_MAA_SQ 0b0010 - #define WC_MXC_TPU_MAA_MUL 0b0100 - #define WC_MXC_TPU_MAA_SQMUL 0b0110 - #define WC_MXC_TPU_MAA_ADD 0b1000 - #define WC_MXC_TPU_MAA_SUB 0b1010 + #endif @@ -234,7 +226,6 @@ 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09}; - #endif /* NO_SHA */ #if defined(WOLFSSL_SHA224) @@ -248,7 +239,6 @@ 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4, 0x2f}; - #endif /* WOLFSSL_SHA224 */ #if !defined(NO_SHA256) @@ -262,9 +252,52 @@ 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}; - #endif /* NO_SHA256 */ + #if defined(WOLFSSL_SHA384) + typedef wc_MXC_Sha wc_Sha384; + #define WC_SHA384_TYPE_DEFINED + + /* Define the SHA-384 digest for an empty string */ + /* as a constant byte array */ + static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = { + 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, + 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, + 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, + 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, + 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, + 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b}; + #endif /* WOLFSSL_SHA384 */ + + #if defined(WOLFSSL_SHA512) + typedef wc_MXC_Sha wc_Sha512; + typedef wc_MXC_Sha wc_Sha512_224; + typedef wc_MXC_Sha wc_Sha512_256; + #define WC_SHA512_TYPE_DEFINED + + /* Does not support these SHA512 Macros */ + #ifndef WOLFSSL_NOSHA512_224 + #warning "MAX3266X Port does not support SHA-512/224" + #define WOLFSSL_NOSHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + #warning "MAX3266X Port does not support SHA-512/256" + #define WOLFSSL_NOSHA512_256 + #endif + + /* Define the SHA-512 digest for an empty string */ + /* as a constant byte array */ + static const unsigned char MXC_EMPTY_DIGEST_SHA512[64] = { + 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, + 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, + 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, + 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, + 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, + 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, + 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, + 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e}; + #endif /* WOLFSSL_SHA512 */ + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash); WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 4b2dd2a19..307c987fc 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -135,6 +135,9 @@ enum { #include "mcapi.h" #include "mcapi_error.h" #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" +#endif /* wc_Sha512 digest */ struct wc_Sha512 { #ifdef WOLFSSL_PSOC6_CRYPTO From 8f8b4e666593f4bdcd614c34bb35d1fb4998abec Mon Sep 17 00:00:00 2001 From: night1rider Date: Fri, 9 Aug 2024 14:19:00 -0600 Subject: [PATCH 014/325] Addressing Feedback, Adding Null Checks and Mutex Around TRNG --- wolfcrypt/src/aes.c | 18 ++- wolfcrypt/src/port/maxim/README.md | 4 + wolfcrypt/src/port/maxim/max3266x.c | 218 +++++++++++++++++++--------- 3 files changed, 165 insertions(+), 75 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 7e212685f..f226156e6 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2209,7 +2209,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, } #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ - !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \ + !defined(MAX3266X_AES) /* Encrypt a number of blocks using AES. * * @param [in] aes AES object. @@ -3187,7 +3188,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, } #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ - !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \ + !defined(MAX3266X_AES) /* Decrypt a number of blocks using AES. * * @param [in] aes AES object. @@ -5422,8 +5424,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return BAD_LENGTH_E; #else return BAD_FUNC_ARG; - } #endif + } if (sz == 0) { return 0; } @@ -5462,8 +5464,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return BAD_LENGTH_E; #else return BAD_FUNC_ARG; - } #endif + } if (sz == 0) { return 0; } @@ -11532,8 +11534,8 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return status; } - status = wc_MXC_TPU_AesEncrypt(in, aes->reg, aes->key, MXC_TPU_MODE_ECB, - sz, out, keySize); + status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, sz, out, keySize); return status; } @@ -11552,8 +11554,8 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return status; } - status = wc_MXC_TPU_AesDecrypt(in, aes->reg, aes->key, MXC_TPU_MODE_ECB, - sz, out, keySize); + status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, sz, out, keySize); return status; } diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md index c3a6d4bb1..2898c897c 100644 --- a/wolfcrypt/src/port/maxim/README.md +++ b/wolfcrypt/src/port/maxim/README.md @@ -83,6 +83,10 @@ hardware. - SHA-384 - SHA-512 +Please note that when using `MAX3266X_SHA` there will be a limitation when +attempting to do a larger sized hash as the SDK for the hardware currently +expects a the whole msg buffer to be given. + `#define MAX3266X_MATH` (Replaces math operation calls for algos like RSA and ECC key generation): diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index 1e59a16bd..de293ea78 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -53,6 +53,7 @@ #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL #endif +/* Max size MAA can handle */ #define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE) int wc_MXC_TPU_Init(void) @@ -85,7 +86,11 @@ int wc_MXC_TPU_Shutdown(void) /* using #define MAX3266X_VERBOSE */ int wc_MXC_error(int *ret) { - switch(*ret){ + if (ret == NULL) { + /* In case somehow pointer to the return code is NULL */ + return BAD_FUNC_ARG; + } + switch (*ret) { case E_SUCCESS: return 0; @@ -119,27 +124,44 @@ int wc_MXC_error(int *ret) #if defined(MAX3266X_RNG) - +/* Simple call to SDK's TRNG HW */ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) { - if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) { - MAX3266X_MSG("TRNG Device did not initialize"); - return RNG_FAILURE_E; + int status; + if (output == NULL) { + return BAD_FUNC_ARG; } - /* void return function */ - MXC_TPU_TRNG_Read(MXC_TRNG, output, sz); - MAX3266X_MSG("TRNG Hardware Used"); - return 0; + status = wolfSSL_CryptHwMutexLock(); /* Lock Mutex needed since */ + /* calling TPU init */ + if (status != 0) { + return status; + } + status = MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG); + if (status == 0) { + /* void return function */ + MXC_TPU_TRNG_Read(MXC_TRNG, output, sz); + MAX3266X_MSG("TRNG Hardware Used"); + } + else { + MAX3266X_MSG("TRNG Device did not initialize"); + status = RNG_FAILURE_E; + } + wolfSSL_CryptHwMutexUnLock(); /* Unlock Mutex no matter status value */ + return status; } #endif /* MAX3266X_RNG */ #if defined(MAX3266X_AES) +/* Generic call to the SDK's AES 1 shot Encrypt based on inputs given */ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, const unsigned char* enc_key, MXC_TPU_MODE_TYPE mode, unsigned int data_size, unsigned char* out, unsigned int keySize) { int status; + if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) { + return BAD_FUNC_ARG; + } status = wolfSSL_CryptHwMutexLock(); MAX3266X_MSG("AES HW Encryption"); if (status != 0) { @@ -182,12 +204,16 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, return 0; } #ifdef HAVE_AES_DECRYPT +/* Generic call to the SDK's AES 1 shot decrypt based on inputs given */ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, const unsigned char* dec_key, MXC_TPU_MODE_TYPE mode, unsigned int data_size, unsigned char* out, unsigned int keySize) { int status; + if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) { + return BAD_FUNC_ARG; + } status = wolfSSL_CryptHwMutexLock(); if (status != 0) { return status; @@ -243,42 +269,48 @@ int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash) return 0; } +/* Used to update the msg. Currently the SDK only supports 1 shots, so the */ +/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */ +/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */ +/* wc_MXC_TPU_SHA_GetHash is called */ int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data, unsigned int size) { void *p; - if (size != (0 || NULL)) { - if ((hash == NULL) || (data == NULL)) { - return BAD_FUNC_ARG; - } - if (hash->size < hash->used+size) { - if (hash->msg == NULL) { - p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - else { - #ifdef WOLFSSL_NO_REALLOC - p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (p != NULL) { - XMEMCPY(p, hash->msg, hash->used); - XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - #else - p = XREALLOC(hash->msg, hash->used+size, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - #endif - - } - if (p == NULL) { - return -1; - } - hash->msg = p; - hash->size = hash->used+size; - } - XMEMCPY(hash->msg+hash->used, data, size); - hash->used += size; + /* Only update if size is not 0 */ + if (size == 0) { + return 0; + } + /* Check for NULL pointers After Size Check */ + if (hash == NULL || data == NULL) { + return BAD_FUNC_ARG; + } + if (hash->size < hash->used+size) { if (hash->msg == NULL) { - return BAD_FUNC_ARG; + p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + else { + #ifdef WOLFSSL_NO_REALLOC + p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (p != NULL) { + XMEMCPY(p, hash->msg, hash->used); + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + #else + p = XREALLOC(hash->msg, hash->used+size, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + if (p == NULL) { + return -1; + } + hash->msg = p; + hash->size = hash->used+size; + } + XMEMCPY(hash->msg+hash->used, data, size); + hash->used += size; + if (hash->msg == NULL) { + return BAD_FUNC_ARG; } return 0; } @@ -287,16 +319,20 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, MXC_TPU_HASH_TYPE algo) { int status; + if (hash == NULL || digest == NULL) { + return BAD_FUNC_ARG; + } status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo); /* True Case that msg is an empty string */ if (status == 1) { + /* Hardware cannot handle the case of an empty string */ + /* so in the case of this we will provide the hash via software */ return 0; } /* False Case where msg needs to be processed */ else if (status == 0) { - status = wolfSSL_CryptHwMutexLock(); - if (wc_MXC_error(&status) != 0) { - + status = wolfSSL_CryptHwMutexLock(); /* Set Mutex **/ + if (status != 0) { /* Mutex Call Check */ return status; } MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU); @@ -304,7 +340,7 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size, (char *)digest); MAX3266X_MSG("SHA HW Acceleration Used"); - wolfSSL_CryptHwMutexUnLock(); + wolfSSL_CryptHwMutexUnLock(); /* Release Mutex */ if (wc_MXC_error(&status) != 0) { MAX3266X_MSG("SHA HW Error Occurred"); return status; @@ -314,15 +350,21 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, return status; } +/* Calls GetHash to determine the digest and then reinitialize the hash */ +/* struct */ int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest, MXC_TPU_HASH_TYPE algo) { int status; + if (hash == NULL || digest == NULL) { + return BAD_FUNC_ARG; + } status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo); + /* Free hash->msg no matter result */ + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (status != 0) { return status; } - XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); status = wc_MXC_TPU_SHA_Init(hash); if (status != 0) { return status; @@ -330,6 +372,7 @@ int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest, return status; } +/* Copies Struct values from SRC struct to DST struct */ int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst) { if (src == NULL || dst == NULL) { @@ -341,8 +384,14 @@ int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst) return 0; } +/* Free the given struct's msg buffer and then reinitialize the struct to 0 */ +/* returns void to match other wc_Sha*Free api */ void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash) { + if (hash == NULL) { + return; /* Hash Struct is Null already, dont edit potentially */ + /* undefined memory */ + } XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */ return; @@ -353,8 +402,11 @@ void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash) int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, MXC_TPU_HASH_TYPE algo) { - if (hash->msg == 0 && hash->size == 0 && digest != NULL) { - switch(algo) { + if (hash == NULL || digest == NULL) { + return BAD_FUNC_ARG; + } + if (hash->msg == 0 && hash->size == 0) { + switch (algo) { #ifndef NO_SHA case MXC_TPU_HASH_SHA1: XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE); @@ -633,10 +685,9 @@ int wc_MXC_MAA_init(unsigned int len) int status; MAX3266X_MSG("Setting Hardware Mutex and Starting MAA"); status = wolfSSL_CryptHwMutexLock(); - if (status != 0) { - return status; + if (status == 0) { + status = MXC_TPU_MAA_Init(len); } - status = MXC_TPU_MAA_Init(len); return wc_MXC_error(&status); /* Return Status of Init */ } @@ -648,13 +699,10 @@ int wc_MXC_MAA_Shutdown(void) status = MXC_TPU_MAA_Shutdown(); if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */ /* This is returned when MAA cannot stop */ - return WC_HW_E; + status = WC_HW_E; } - else if(wc_MXC_error(&status) != 0) { - return status; - } - wolfSSL_CryptHwMutexUnLock(); - return status; + wolfSSL_CryptHwMutexUnLock(); /* Always call Unlock in shutdown */ + return wc_MXC_error(&status); } /* Update used number for mp_int struct for results */ @@ -706,8 +754,6 @@ int wc_MXC_MAA_Fallback(unsigned int count, ...) return 0; } - - /* Have to zero pad the entire data array up to 256 bytes(2048 bits) */ /* If length > 256 bytes then error */ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, @@ -728,7 +774,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, /* Create an array to compare values to to check edge for error edge case */ zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(zero_tmp == NULL){ + if (zero_tmp == NULL) { MAX3266X_MSG("NULL pointer found after XMALLOC call"); return WC_HW_E; } @@ -806,7 +852,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, - /* General Control Over MAA Hardware to handle all needed Cases */ +/* General Control Over MAA Hardware to handle all needed Cases */ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, mp_int* mod, mp_int* result, MXC_TPU_MAA_TYPE clc) @@ -815,6 +861,11 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, int length; mp_int* result_tmp_ptr; mp_int result_tmp; + if (multiplier == NULL || multiplicand == NULL || mod == NULL || + (exp == NULL && clc == MXC_TPU_MAA_EXP) || result == NULL) { + return BAD_FUNC_ARG; + } + /* Check if result shares struct pointer */ if ((multiplier == result) || (multiplicand == result) || (exp == result) || (mod == result)) { @@ -871,7 +922,8 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, ret = wc_MXC_MAA_Shutdown(); if (ret != 0) { MAX3266X_MSG("HW Shutdown Failure"); - wolfSSL_CryptHwMutexUnLock(); + /* Shutdown will always call wolfSSL_CryptHwMutexUnLock(); */ + /* before returning */ return ret; } @@ -892,6 +944,9 @@ int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result) { mp_int multiplicand; + if (base == NULL || exp == NULL || mod == NULL || result == NULL) { + return BAD_FUNC_ARG; + } XMEMSET(&multiplicand, 0, sizeof(mp_int)); multiplicand.dp[0] = 0x01; multiplicand.used = mod->used; @@ -903,6 +958,9 @@ int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod, int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result) { mp_int multiplicand; + if (multiplier == NULL || mod == NULL || result == NULL) { + return BAD_FUNC_ARG; + } XMEMSET(&multiplicand, 0, sizeof(mp_int)); multiplicand.dp[0] = 0x01; multiplicand.used = mod->used; @@ -914,6 +972,10 @@ int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result) int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { + if (multiplier == NULL || multiplicand == NULL || mod == NULL || + result == NULL) { + return BAD_FUNC_ARG; + } MAX3266X_MSG("Preparing mulmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, MXC_TPU_MAA_MUL); @@ -922,6 +984,10 @@ int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, mp_int* mod, mp_int* result) { + if (multiplier == NULL || multiplicand == NULL || exp == NULL || + mod == NULL || result == NULL) { + return BAD_FUNC_ARG; + } MAX3266X_MSG("Preparing sqrmulmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, MXC_TPU_MAA_SQMUL); @@ -930,6 +996,10 @@ int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand, int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { + if (multiplier == NULL || multiplicand == NULL || mod == NULL || + result == NULL) { + return BAD_FUNC_ARG; + } MAX3266X_MSG("Preparing addmod MAA HW Call"); return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result, MXC_TPU_MAA_ADD); @@ -938,6 +1008,10 @@ int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { + if (multiplier == NULL || multiplicand == NULL || mod == NULL || + result == NULL) { + return BAD_FUNC_ARG; + } MAX3266X_MSG("Preparing submod MAA HW Call"); if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) { MAX3266X_MSG("HW Limitation: Defaulting back to software"); @@ -953,6 +1027,10 @@ int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod, mp_int* result) { + if (multiplier == NULL || multiplicand == NULL || mod == NULL || + result == NULL) { + return MP_VAL; + } if ((multiplier->used == 0) || (multiplicand->used == 0)) { mp_zero(result); return 0; @@ -1033,7 +1111,10 @@ int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result) int hw_mod(mp_int* a, mp_int* mod, mp_int* result) { mp_int b; - if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0){ + if (a == NULL || mod == NULL || result == NULL) { + return MP_VAL; + } + if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0) { return mxc_mod(a, mod, result); } XMEMSET(&b, 0, sizeof(mp_int)); @@ -1043,6 +1124,9 @@ int hw_mod(mp_int* a, mp_int* mod, mp_int* result) int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result) { + if (base == NULL || mod == NULL || result == NULL) { + return MP_VAL; + } if (base->used == 0) { mp_zero(result); return 0; @@ -1060,29 +1144,29 @@ int wc_MXC_RTC_Init(void) if (MXC_RTC_Init(0, 0) != E_NO_ERROR) { return WC_HW_E; } - /* Disable the Interrupt */ if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) { return WC_HW_E; } - + /* Start Clock for RTC */ if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) { return E_BUSY; } - - if (MXC_RTC_Start() != E_NO_ERROR){ + /* Begin RTC count */ + if (MXC_RTC_Start() != E_NO_ERROR) { return WC_HW_E; } - return 0; } /* Reset the RTC */ int wc_MXC_RTC_Reset(void) { + /* Stops Counts */ if (MXC_RTC_Stop() != E_NO_ERROR) { return WC_HW_E; } + /* Restart RTC via Init */ if (wc_MXC_RTC_Init() != E_NO_ERROR) { return WC_HW_E; } @@ -1109,7 +1193,7 @@ double wc_MXC_RTC_Time(void) /* Retrieve sub-seconds from RTC */ wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds, &rtc_subseconds, &err); - if (err != E_NO_ERROR){ + if (err != E_NO_ERROR) { return (double)err; } /* Retrieve seconds from RTC */ From a7ef54034451bda7180ae7b7e2251ac692d0fa1f Mon Sep 17 00:00:00 2001 From: night1rider Date: Fri, 23 Aug 2024 15:21:24 -0600 Subject: [PATCH 015/325] Making so hw mutex define is not needed --- wolfssl/wolfcrypt/wc_port.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7e4567f96..7f39ce726 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -422,7 +422,8 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ - defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) + defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \ + defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif From 1cb324affad7fa43c9bd648d3edab473bd295262 Mon Sep 17 00:00:00 2001 From: night1rider Date: Tue, 3 Sep 2024 14:26:49 -0600 Subject: [PATCH 016/325] Expanding mutexing and Adding in AES Callbacks for HW --- wolfcrypt/benchmark/benchmark.c | 8 +- wolfcrypt/src/aes.c | 52 +++- wolfcrypt/src/cryptocb.c | 4 + wolfcrypt/src/port/maxim/max3266x.c | 261 ++++++++++++++++-- wolfcrypt/src/random.c | 19 +- wolfcrypt/src/wc_port.c | 201 ++++++++++++++ wolfcrypt/test/test.c | 3 + wolfssl/wolfcrypt/aes.h | 5 + wolfssl/wolfcrypt/include.am | 3 +- .../wolfcrypt/port/maxim/max3266x-cryptocb.h | 70 +++++ wolfssl/wolfcrypt/port/maxim/max3266x.h | 27 +- wolfssl/wolfcrypt/wc_port.h | 68 +++++ 12 files changed, 689 insertions(+), 32 deletions(-) create mode 100644 wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 042f73646..60f500c43 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -220,6 +220,9 @@ #ifdef HAVE_RENESAS_SYNC #include #endif + #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include + #endif #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -3167,8 +3170,9 @@ static void* benchmarks_do(void* args) #endif #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \ defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \ - defined(HAVE_RENESAS_SYNC) || defined(WOLFSSL_CAAM)) && \ - !defined(NO_HW_BENCH) + defined(HAVE_RENESAS_SYNC) || defined(WOLFSSL_CAAM)) || \ + ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ + defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH) bench_aes_aad_options_wrap(bench_aesgcm, 1); #endif #ifndef NO_SW_BENCH diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index f226156e6..1073c4e01 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -84,6 +84,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #include +#ifdef WOLF_CRYPTO_CB + /* Revert back to SW so HW CB works */ + /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */ + #include + /* Turn off MAX3266X_AES in the context of this file when using CB */ + #undef MAX3266X_AES +#endif #endif #if defined(WOLFSSL_TI_CRYPT) @@ -2794,9 +2801,12 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz); static WARN_UNUSED_RESULT int wc_AesEncrypt( Aes* aes, const byte* inBlock, byte* outBlock) { - #if defined(MAX3266X_AES) +#if defined(MAX3266X_AES) word32 keySize; - #endif +#endif +#if defined(MAX3266X_CB) + int ret_cb; +#endif word32 r; if (aes == NULL) { @@ -2907,6 +2917,18 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( outBlock, (unsigned int)keySize); } #endif +#ifdef MAX3266X_CB /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret_cb; + /* fall-through when unavailable */ + } +#endif AesEncrypt_C(aes, inBlock, outBlock, r); @@ -3556,9 +3578,12 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) static WARN_UNUSED_RESULT int wc_AesDecrypt( Aes* aes, const byte* inBlock, byte* outBlock) { - #if defined(MAX3266X_AES) +#if defined(MAX3266X_AES) word32 keySize; - #endif +#endif +#if defined(MAX3266X_CB) + int ret_cb; +#endif word32 r; if (aes == NULL) { @@ -3643,6 +3668,19 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( } #endif +#ifdef MAX3266X_CB /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret_cb; + /* fall-through when unavailable */ + } +#endif + AesDecrypt_C(aes, inBlock, outBlock, r); return 0; @@ -4130,6 +4168,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) unsigned int i = 0; XMEMCPY(rk, key, keySz); +#ifdef MAX3266X_CB /* Copies needed values to use later if CB is used */ + XMEMCPY(aes->cb_key, key, keySz); +#endif #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \ !defined(MAX3266X_AES) @@ -4572,6 +4613,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif XMEMCPY(aes->key, userKey, keylen); +#ifdef MAX3266X_CB /* Copy Key for CB for use later if needed */ + XMEMCMP(aes->cb_key, userKey, keylen); +#endif #ifndef WC_AES_BITSLICED #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index d510bb438..47c333cf0 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -56,6 +56,10 @@ #include #endif +#if defined (WOLFSSL_MAX3266X) || defined (WOLFSSL_MAX3266X_OLD) + #include +#endif + /* TODO: Consider linked list with mutex */ #ifndef MAX_CRYPTO_DEVID_CALLBACKS #define MAX_CRYPTO_DEVID_CALLBACKS 8 diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index de293ea78..615af9fe5 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -42,6 +42,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + #if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH) #error MXC Not Compatible with Fast Math or Heap Math #include @@ -82,6 +86,85 @@ int wc_MXC_TPU_Shutdown(void) } +#ifdef WOLF_CRYPTO_CB +int wc_MxcAesCryptoCb(wc_CryptoInfo* info) +{ + switch (info->cipher.type) { +#ifdef HAVE_AES_CBC + case WC_CIPHER_AES_CBC: + if (info->cipher.enc == 1) { + return wc_MxcCb_AesCbcEncrypt(info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + } + #ifdef HAVE_AES_DECRYPT + else if (info->cipher.enc == 0) { + return wc_MxcCb_AesCbcDecrypt(info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + } + #endif + break; /* Break out and return error */ +#endif +#ifdef HAVE_AES_ECB + case WC_CIPHER_AES_ECB: + if (info->cipher.enc == 1) { + return wc_MxcCb_AesEcbEncrypt(info->cipher.aesecb.aes, + info->cipher.aesecb.out, + info->cipher.aesecb.in, + info->cipher.aesecb.sz); + } + #ifdef HAVE_AES_DECRYPT + else if (info->cipher.enc == 0) { + return wc_MxcCb_AesEcbDecrypt(info->cipher.aesecb.aes, + info->cipher.aesecb.out, + info->cipher.aesecb.in, + info->cipher.aesecb.sz); + } + #endif + break; /* Break out and return error */ +#endif + default: + /* Is not ECB/CBC/GCM */ + return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + } + /* Just in case code breaks of switch statement return error */ + return BAD_FUNC_ARG; +} + +/* Determines AES Type for Callback */ +/* General Callback Function to determine ALGO Type */ +int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret; + (void)ctx; + + if (info == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef DEBUG_CRYPTOCB + wc_CryptoCb_InfoString(info); +#endif + + switch (info->algo_type) { + case WC_ALGO_TYPE_CIPHER: + /* return this to bypass HW and use SW */ + MAX3266X_MSG("Using MXC HW Callback:"); + ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */ + break; + default: + MAX3266X_MSG("Callback not support with MXC, using SW"); + /* return this to bypass HW and use SW */ + ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + } + + return ret; +} +#endif + /* Convert Error Codes Correctly and Report HW error when */ /* using #define MAX3266X_VERBOSE */ int wc_MXC_error(int *ret) @@ -131,7 +214,7 @@ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) if (output == NULL) { return BAD_FUNC_ARG; } - status = wolfSSL_CryptHwMutexLock(); /* Lock Mutex needed since */ + status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */ /* calling TPU init */ if (status != 0) { return status; @@ -146,7 +229,7 @@ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz) MAX3266X_MSG("TRNG Device did not initialize"); status = RNG_FAILURE_E; } - wolfSSL_CryptHwMutexUnLock(); /* Unlock Mutex no matter status value */ + wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */ return status; } #endif /* MAX3266X_RNG */ @@ -162,7 +245,7 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) { return BAD_FUNC_ARG; } - status = wolfSSL_CryptHwMutexLock(); + status = wolfSSL_HwAesMutexLock(); MAX3266X_MSG("AES HW Encryption"); if (status != 0) { MAX3266X_MSG("Hardware Mutex Failure"); @@ -192,17 +275,84 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv, break; default: MAX3266X_MSG("AES HW ERROR: Length Not Supported"); - wolfSSL_CryptHwMutexUnLock(); - return WC_HW_E; - break; + wolfSSL_HwAesMutexUnLock(); + return BAD_FUNC_ARG; } - wolfSSL_CryptHwMutexUnLock(); + wolfSSL_HwAesMutexUnLock(); if (status != 0) { MAX3266X_MSG("AES HW Acceleration Error Occurred"); return WC_HW_E; } - return 0; + return status; } + + +/* Encrypt AES Crypto Callbacks*/ +#if defined(WOLF_CRYPTO_CB) + +#ifdef HAVE_AES_ECB +int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->cb_key, + MXC_TPU_MODE_ECB, sz, out, keySize); + + return status; +} +#endif /* HAVE_AES_ECB */ + +#ifdef HAVE_AES_CBC +int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + word32 keySize; + int status; + byte *iv; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + #endif + } + if (sz == 0) { + return 0; + } + + iv = (byte*)aes->reg; + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->cb_key, + MXC_TPU_MODE_CBC, sz, out, + (unsigned int)keySize); + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + return (status == 0) ? 0 : -1; +} +#endif /* HAVE_AES_CBC */ +#endif /* WOLF_CRYPTO_CB */ + #ifdef HAVE_AES_DECRYPT /* Generic call to the SDK's AES 1 shot decrypt based on inputs given */ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, @@ -214,7 +364,7 @@ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) { return BAD_FUNC_ARG; } - status = wolfSSL_CryptHwMutexLock(); + status = wolfSSL_HwAesMutexLock(); if (status != 0) { return status; } @@ -242,17 +392,86 @@ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, break; default: MAX3266X_MSG("AES HW ERROR: Length Not Supported"); - wolfSSL_CryptHwMutexUnLock(); - return WC_HW_E; - break; + wolfSSL_HwAesMutexUnLock(); + return BAD_FUNC_ARG; } - wolfSSL_CryptHwMutexUnLock(); + wolfSSL_HwAesMutexUnLock(); if (status != 0) { MAX3266X_MSG("AES HW Acceleration Error Occurred"); return WC_HW_E; } - return 0; + return status; } + +/* Decrypt Aes Crypto Callbacks*/ +#if defined(WOLF_CRYPTO_CB) + +#ifdef HAVE_AES_ECB +int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->cb_key, + MXC_TPU_MODE_ECB, sz, out, keySize); + + return status; +} +#endif /* HAVE_AES_ECB */ + +#ifdef HAVE_AES_CBC +int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + word32 keySize; + int status; + byte *iv; + byte temp_block[AES_BLOCK_SIZE]; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + #endif + } + if (sz == 0) { + return 0; + } + + iv = (byte*)aes->reg; + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + /* get IV for next call */ + XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->cb_key, + MXC_TPU_MODE_CBC, sz, out, + keySize); + + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + } + return (status == 0) ? 0 : -1; +} +#endif /* HAVE_AES_CBC */ +#endif /* WOLF_CRYPTO_CB */ #endif /* HAVE_AES_DECRYPT */ #endif /* MAX3266X_AES */ @@ -331,7 +550,7 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, } /* False Case where msg needs to be processed */ else if (status == 0) { - status = wolfSSL_CryptHwMutexLock(); /* Set Mutex **/ + status = wolfSSL_HwHashMutexLock(); /* Set Mutex */ if (status != 0) { /* Mutex Call Check */ return status; } @@ -340,7 +559,7 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size, (char *)digest); MAX3266X_MSG("SHA HW Acceleration Used"); - wolfSSL_CryptHwMutexUnLock(); /* Release Mutex */ + wolfSSL_HwHashMutexUnLock(); /* Release Mutex */ if (wc_MXC_error(&status) != 0) { MAX3266X_MSG("SHA HW Error Occurred"); return status; @@ -684,7 +903,7 @@ int wc_MXC_MAA_init(unsigned int len) { int status; MAX3266X_MSG("Setting Hardware Mutex and Starting MAA"); - status = wolfSSL_CryptHwMutexLock(); + status = wolfSSL_HwPkMutexLock(); if (status == 0) { status = MXC_TPU_MAA_Init(len); } @@ -701,7 +920,7 @@ int wc_MXC_MAA_Shutdown(void) /* This is returned when MAA cannot stop */ status = WC_HW_E; } - wolfSSL_CryptHwMutexUnLock(); /* Always call Unlock in shutdown */ + wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */ return wc_MXC_error(&status); } @@ -901,7 +1120,7 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8); if (ret != 0) { MAX3266X_MSG("HW Init Failed"); - wolfSSL_CryptHwMutexUnLock(); + wolfSSL_HwPkMutexUnLock(); return ret; } @@ -915,14 +1134,14 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp, MAX3266X_MSG("MAA Finished Computation"); if (wc_MXC_error(&ret) != 0) { MAX3266X_MSG("HW Computation Error"); - wolfSSL_CryptHwMutexUnLock(); + wolfSSL_HwPkMutexUnLock(); return ret; } ret = wc_MXC_MAA_Shutdown(); if (ret != 0) { MAX3266X_MSG("HW Shutdown Failure"); - /* Shutdown will always call wolfSSL_CryptHwMutexUnLock(); */ + /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */ /* before returning */ return ret; } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 5f2320315..d6c32f692 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3839,15 +3839,30 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(MAX3266X_RNG) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { + #ifdef WOLFSSL_MAX3266X + int status; + #endif /* WOLFSSL_MAX3266X */ static int initDone = 0; (void)os; if (initDone == 0) { + #ifdef WOLFSSL_MAX3266X + status = wolfSSL_HwRngMutexLock(); + if (status != 0) { + return status; + } + #endif /* WOLFSSL_MAX3266X */ if(MXC_TRNG_HealthTest() != 0) { - #if defined(DEBUG_WOLFSSL) + #ifdef DEBUG_WOLFSSL WOLFSSL_MSG("TRNG HW Health Test Failed"); - #endif + #endif /* DEBUG_WOLFSSL */ + #ifdef WOLFSSL_MAX3266X + wolfSSL_HwRngMutexUnLock(); + #endif /* WOLFSSL_MAX3266X */ return WC_HW_E; } + #ifdef WOLFSSL_MAX3266X + wolfSSL_HwRngMutexUnLock(); + #endif /* WOLFSSL_MAX3266X */ initDone = 1; } return wc_MXC_TRNG_Random(output, sz); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 5d3e9123b..772231ba0 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -46,6 +46,9 @@ #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #include +#ifdef WOLF_CRYPTO_CB + #include +#endif #endif #ifdef WOLFSSL_PSOC6_CRYPTO @@ -255,6 +258,14 @@ int wolfCrypt_Init(void) } #endif + /* Crypto Callbacks only works on AES for MAX32666/5 HW */ + #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB) + ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb, + NULL); + if(ret != 0) { + return ret; + } + #endif #if defined(MAX3266X_RTC) ret = wc_MXC_RTC_Init(); if (ret != 0) { @@ -1362,6 +1373,196 @@ int wolfSSL_CryptHwMutexUnLock(void) #endif /* WOLFSSL_CRYPT_HW_MUTEX */ +#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) +/* Mutex for protection of cryptography hardware */ +#ifndef NO_RNG_MUTEX +static wolfSSL_Mutex wcCryptHwRngMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex); +#endif /* NO_RNG_MUTEX */ +#ifndef NO_AES_MUTEX +static wolfSSL_Mutex wcCryptHwAesMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex); +#endif /* NO_AES_MUTEX */ +#ifndef NO_HASH_MUTEX +static wolfSSL_Mutex wcCryptHwHashMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex); +#endif /* NO_HASH_MUTEX */ +#ifndef NO_PK_MUTEX +static wolfSSL_Mutex wcCryptHwPkMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex); +#endif /* NO_PK_MUTEX */ + +#ifndef WOLFSSL_MUTEX_INITIALIZER +#ifndef NO_RNG_MUTEX +static int wcCryptHwRngMutexInit = 0; +#endif /* NO_RNG_MUTEX */ +#ifndef NO_AES_MUTEX +static int wcCryptHwAesMutexInit = 0; +#endif /* NO_AES_MUTEX */ +#ifndef NO_HASH_MUTEX +static int wcCryptHwHashMutexInit = 0; +#endif /* NO_HASH_MUTEX */ +#ifndef NO_PK_MUTEX +static int wcCryptHwPkMutexInit = 0; +#endif /* NO_PK_MUTEX */ +#endif /* WOLFSSL_MUTEX_INITIALIZER */ + + +/* Allows ability to switch to different mutex based on enum type */ +/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */ +static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr, + int** wcHwAlgoInitPtr) +{ + if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) { + return BAD_FUNC_ARG; + } + switch (hwAlgo) { + #ifndef NO_RNG_MUTEX + case rng_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwRngMutex; + *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit; + break; + #endif + #ifndef NO_AES_MUTEX + case aes_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwAesMutex; + *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit; + break; + #endif + #ifndef NO_HASH_MUTEX + case hash_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwHashMutex; + *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit; + break; + #endif + #ifndef NO_PK_MUTEX + case pk_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwPkMutex; + *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit; + break; + #endif + default: + return BAD_FUNC_ARG; + } + return 0; +} + +static int hwAlgoMutexInit(hw_mutex_algo hwAlgo) +{ + int ret = 0; +#ifndef WOLFSSL_MUTEX_INITIALIZER + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr); + if (ret != 0) { + return ret; + } + if (*wcHwAlgoInitPtr == 0) { + ret = wc_InitMutex(wcHwAlgoMutexPtr); + if (ret == 0) { + *wcHwAlgoInitPtr = 1; + } + } +#endif + return ret; +} + +static int hwAlgoMutexLock(hw_mutex_algo hwAlgo) +{ + /* Make sure HW Mutex has been initialized */ + int ret = 0; + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr); + if (ret != 0) { + return ret; + } + ret = hwAlgoMutexInit(hwAlgo); + if (ret == 0) { + ret = wc_LockMutex(wcHwAlgoMutexPtr); + } + return ret; +} + +static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo) +{ + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) { + return BAD_FUNC_ARG; + } + if (*wcHwAlgoInitPtr) { + return wc_UnLockMutex(wcHwAlgoMutexPtr); + } + else { + return BAD_MUTEX_E; + } +} + +/* Wrap around generic hwAlgo* functions and use correct */ +/* global mutex to determine if it can be unlocked/locked */ +#ifndef NO_RNG_MUTEX +int wolfSSL_HwRngMutexInit(void) +{ + return hwAlgoMutexInit(rng_mutex); +} +int wolfSSL_HwRngMutexLock(void) +{ + return hwAlgoMutexLock(rng_mutex); +} +int wolfSSL_HwRngMutexUnLock(void) +{ + return hwAlgoMutexUnLock(rng_mutex); +} +#endif /* NO_RNG_MUTEX */ + +#ifndef NO_AES_MUTEX +int wolfSSL_HwAesMutexInit(void) +{ + return hwAlgoMutexInit(aes_mutex); +} +int wolfSSL_HwAesMutexLock(void) +{ + return hwAlgoMutexLock(aes_mutex); +} +int wolfSSL_HwAesMutexUnLock(void) +{ + return hwAlgoMutexUnLock(aes_mutex); +} +#endif /* NO_AES_MUTEX */ + +#ifndef NO_HASH_MUTEX +int wolfSSL_HwHashMutexInit(void) +{ + return hwAlgoMutexInit(hash_mutex); +} +int wolfSSL_HwHashMutexLock(void) +{ + return hwAlgoMutexLock(hash_mutex); +} +int wolfSSL_HwHashMutexUnLock(void) +{ + return hwAlgoMutexUnLock(hash_mutex); +} +#endif /* NO_HASH_MUTEX */ + +#ifndef NO_PK_MUTEX +int wolfSSL_HwPkMutexInit(void) +{ + return hwAlgoMutexInit(pk_mutex); +} +int wolfSSL_HwPkMutexLock(void) +{ + return hwAlgoMutexLock(pk_mutex); +} +int wolfSSL_HwPkMutexUnLock(void) +{ + return hwAlgoMutexUnLock(pk_mutex); +} +#endif /* NO_PK_MUTEX */ + +#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */ + /* ---------------------------------------------------------------------------*/ /* Mutex Ports */ /* ---------------------------------------------------------------------------*/ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c14d712e2..7be838e60 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -390,6 +390,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef HAVE_RENESAS_SYNC #include #endif + #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include + #endif #endif #ifdef _MSC_VER diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index cf08ec3a5..eab2ea5b5 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -263,6 +263,11 @@ struct Aes { word32 rounds; #ifdef WC_C_DYNAMIC_FALLBACK word32 key_C_fallback[60]; +#endif +#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ + defined(WOLF_CRYPTO_CB) + /* Need backup key for MXC CB */ + word32 cb_key[60]; #endif int keylen; diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 490dadd9a..d091946c0 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -117,7 +117,8 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \ wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \ wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \ - wolfssl/wolfcrypt/port/maxim/max3266x.h + wolfssl/wolfcrypt/port/maxim/max3266x.h \ + wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h if BUILD_CRYPTOAUTHLIB nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h new file mode 100644 index 000000000..371af11ed --- /dev/null +++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h @@ -0,0 +1,70 @@ +/* max3266x-cryptocb.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_MAX3266X_CRYPTO_CB_H_ +#define _WOLFPORT_MAX3266X_CRYPTO_CB_H_ + +#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ + defined(WOLF_CRYPTO_CB) + +#ifndef WOLFSSL_MAX3266X_DEVID + #define WOLFSSL_MAX3266X_DEVID 9 +#endif +#ifndef MAX_CRYPTO_DEVID_CALLBACKS + #define MAX_CRYPTO_DEVID_CALLBACKS WOLFSSL_MAX3266X_DEVID +#endif +#define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + WOLFSSL_LOCAL int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, + void* ctx); +#ifdef HAVE_AES_ECB + WOLFSSL_LOCAL int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif +#ifdef HAVE_AES_CBC + WOLFSSL_LOCAL int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif + +#ifdef HAVE_AES_DECRYPT +#ifdef HAVE_AES_ECB + WOLFSSL_LOCAL int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif +#ifdef HAVE_AES_CBC + WOLFSSL_LOCAL int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif +#endif /* HAVE_AES_DECRYPT */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* (WOLFSSL_MAX3266X || WOLFSSL_MAX3266X_OLD) && WOLF_CRYPTO_CB) */ +#endif /* _WOLFPORT_MAX3266X_CRYPTO_CB_H_ */ diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index 5fa12a1be..39c79b9c0 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -41,6 +41,21 @@ #define MAX3266X_MATH #endif +/* Some extra conditions when using callbacks */ +#if defined(WOLF_CRYPTO_CB) + #define MAX3266X_CB +#endif + +/* Crypto HW can be used in parallel on this device */ +/* Sets up new Mutexing if desired */ +#ifdef WOLFSSL_ALGO_HW_MUTEX + /* SDK only supports using RNG in parallel with crypto HW */ + /* AES, HASH, and PK must share some mutex */ + #define NO_AES_MUTEX + #define NO_HASH_MUTEX + #define NO_PK_MUTEX +#endif /* WOLFSSL_ALGO_HW_MUTEX */ + #if defined(WOLFSSL_MAX3266X_OLD) /* Support for older SDK API Maxim provides */ @@ -198,14 +213,15 @@ MXC_TPU_MODE_TYPE mode, unsigned int data_size, unsigned char* out, unsigned int keySize); - +#ifdef HAVE_AES_DECRYPT WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv, const unsigned char* enc_key, MXC_TPU_MODE_TYPE mode, unsigned int data_size, unsigned char* out, unsigned int keySize); -#endif +#endif /* HAVE_AES_DECRYPT */ +#endif /* MAX3266X_AES */ #ifdef MAX3266X_SHA @@ -214,6 +230,13 @@ unsigned int used; unsigned int size; unsigned char hash[WOLFSSL_MAX_HASH_SIZE]; + #ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; /* generic crypto callback context */ + #endif + #ifdef WOLFSSL_HASH_FLAGS + unsigned int flags; /* enum wc_HashFlags in hash.h */ + #endif } wc_MXC_Sha; #if !defined(NO_SHA) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7f39ce726..58aba6bec 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -448,6 +448,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #define wolfSSL_CryptHwMutexUnLock() (void)0 /* Success */ #endif /* WOLFSSL_CRYPT_HW_MUTEX */ +#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \ + defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX)) + #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexs off +#endif +/* To support HW that can do different Crypto in parallel */ +#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) + typedef enum { + #ifndef NO_RNG_MUTEX + rng_mutex, + #endif + #ifndef NO_AES_MUTEX + aes_mutex, + #endif + #ifndef NO_HASH_MUTEX + hash_mutex, + #endif + #ifndef NO_PK_MUTEX + pk_mutex, + #endif + } hw_mutex_algo; +#endif + +/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */ +/* to using the generic wolfSSL_CryptHwMutex */ +#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + int wolfSSL_HwRngMutexInit(void); + int wolfSSL_HwRngMutexLock(void); + int wolfSSL_HwRngMutexUnLock(void); +#else + #define wolfSSL_HwRngMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwRngMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwRngMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + int wolfSSL_HwAesMutexInit(void); + int wolfSSL_HwAesMutexLock(void); + int wolfSSL_HwAesMutexUnLock(void); +#else + #define wolfSSL_HwAesMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwAesMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwAesMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + int wolfSSL_HwHashMutexInit(void); + int wolfSSL_HwHashMutexLock(void); + int wolfSSL_HwHashMutexUnLock(void); +#else + #define wolfSSL_HwHashMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwHashMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + int wolfSSL_HwPkMutexInit(void); + int wolfSSL_HwPkMutexLock(void); + int wolfSSL_HwPkMutexUnLock(void); +#else + #define wolfSSL_HwPkMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwPkMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwPkMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + /* Mutex functions */ WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m); WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); From 9881edfabe6d439b85210ce3be058fdcc021f00d Mon Sep 17 00:00:00 2001 From: ZackLabPC Date: Fri, 13 Sep 2024 17:40:18 -0600 Subject: [PATCH 017/325] Crypto Callback Support for ARM ASM: AES-ECB/CBC, SHA-1/256/384/512 + Fix SP SHA CB Bug --- wolfcrypt/src/aes.c | 8 +- wolfcrypt/src/cryptocb.c | 5 - wolfcrypt/src/port/arm/armv8-aes.c | 146 ++++++++++++++++- wolfcrypt/src/port/arm/armv8-sha256.c | 60 ++++++- wolfcrypt/src/port/arm/armv8-sha512.c | 108 ++++++++++++- wolfcrypt/src/port/maxim/README.md | 33 +++- wolfcrypt/src/port/maxim/max3266x.c | 147 ++++++++++++++++-- wolfcrypt/src/sha.c | 17 ++ wolfcrypt/src/sha256.c | 21 ++- wolfcrypt/src/sha512.c | 35 +++++ wolfssl/wolfcrypt/aes.h | 5 - .../wolfcrypt/port/maxim/max3266x-cryptocb.h | 11 +- wolfssl/wolfcrypt/port/maxim/max3266x.h | 52 ++++--- wolfssl/wolfcrypt/sha.h | 3 + wolfssl/wolfcrypt/sha256.h | 3 + wolfssl/wolfcrypt/sha512.h | 3 + 16 files changed, 588 insertions(+), 69 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 1073c4e01..4c9a8d181 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -84,7 +84,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #include -#ifdef WOLF_CRYPTO_CB +#ifdef MAX3266X_CB /* Revert back to SW so HW CB works */ /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */ #include @@ -4168,9 +4168,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) unsigned int i = 0; XMEMCPY(rk, key, keySz); -#ifdef MAX3266X_CB /* Copies needed values to use later if CB is used */ - XMEMCPY(aes->cb_key, key, keySz); -#endif #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \ !defined(MAX3266X_AES) @@ -4613,9 +4610,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif XMEMCPY(aes->key, userKey, keylen); -#ifdef MAX3266X_CB /* Copy Key for CB for use later if needed */ - XMEMCMP(aes->cb_key, userKey, keylen); -#endif #ifndef WC_AES_BITSLICED #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 47c333cf0..23355493e 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -55,11 +55,6 @@ #ifdef WOLFSSL_CAAM #include #endif - -#if defined (WOLFSSL_MAX3266X) || defined (WOLFSSL_MAX3266X_OLD) - #include -#endif - /* TODO: Consider linked list with mutex */ #ifndef MAX_CRYPTO_DEVID_CALLBACKS #define MAX_CRYPTO_DEVID_CALLBACKS 8 diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 4a3e3dc24..87df6f089 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -44,6 +44,17 @@ #endif #endif +#ifdef WOLF_CRYPTO_CB + #include + +/* Enable Hardware Callback */ +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + /* Revert back to SW so HW CB works */ + /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */ + #include +#endif +#endif + #include #include @@ -14928,6 +14939,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = + wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, + authTag, authTagSz, authIn, authInSz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } +#endif + XMEMCPY(B+1, nonce, nonceSz); lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; B[0] = (authInSz > 0 ? 64 : 0) @@ -15000,6 +15025,20 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = + wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, + authTag, authTagSz, authIn, authInSz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } +#endif + o = out; oSz = inSz; XMEMCPY(B+1, nonce, nonceSz); @@ -16534,7 +16573,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } #endif - +#ifdef WOLF_CRYPTO_CB + if (aes->devId != INVALID_DEVID) { + if (keylen > sizeof(aes->devKey)) { + return BAD_FUNC_ARG; + } + XMEMCPY(aes->devKey, userKey, keylen); + } +#endif #ifdef WOLFSSL_AES_COUNTER aes->left = 0; #endif /* WOLFSSL_AES_COUNTER */ @@ -16584,6 +16630,20 @@ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) return KEYUSAGE_E; } +#ifdef MAX3266X_CB /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + return ret_cb; + } + /* fall-through when unavailable */ + } +#endif + AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE, (const unsigned char*)aes->key, aes->rounds); return 0; @@ -16598,6 +16658,19 @@ static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return KEYUSAGE_E; } +#ifdef MAX3266X_CB /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret_cb; + /* fall-through when unavailable */ + } +#endif + AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (const unsigned char*)aes->key, aes->rounds); return 0; @@ -16652,6 +16725,18 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } +#endif + AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds, (unsigned char*)aes->reg); @@ -16681,6 +16766,18 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif } + #ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } + #endif + AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds, (unsigned char*)aes->reg); @@ -16703,6 +16800,18 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E); return KEYUSAGE_E; } + #ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } + #endif + tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; /* consume any unused bytes left in aes->tmp */ @@ -17080,6 +17189,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) return BAD_FUNC_ARG; } + + #ifdef WOLF_CRYPTO_CB + if (aes->devId != INVALID_DEVID) { + XMEMCPY(aes->devKey, key, len); + } + #endif + XMEMSET(iv, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); @@ -17241,6 +17357,20 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return KEYUSAGE_E; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = + wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } +#endif + XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); @@ -17329,6 +17459,20 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int crypto_cb_ret = + wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); + if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return crypto_cb_ret; + /* fall-through when unavailable */ + } +#endif + XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index 45d4292a5..dabe7af9c 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -57,6 +57,10 @@ #include #endif +#ifdef WOLF_CRYPTO_CB + #include +#endif + #if defined(FREESCALE_MMCAU_SHA) #ifdef FREESCALE_MMCAU_CLASSIC_SHA #include "cau_api.h" @@ -1513,25 +1517,44 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { + int ret = 0; if (sha256 == NULL) return BAD_FUNC_ARG; + ret = InitSha256(sha256); + if (ret != 0) + return ret; sha256->heap = heap; #ifdef WOLF_CRYPTO_CB sha256->devId = devId; + sha256->devCtx = NULL; +#endif + +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); + if (ret != 0) { + return ret; + } #endif (void)devId; - - return InitSha256(sha256); + return ret; } int wc_InitSha256(wc_Sha256* sha256) { - return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID); + int devId = INVALID_DEVID; + +#ifdef WOLF_CRYPTO_CB + devId = wc_CryptoCb_DefaultDevID(); +#endif + return wc_InitSha256_ex(sha256, NULL, devId); } void wc_Sha256Free(wc_Sha256* sha256) { +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); +#endif (void)sha256; } @@ -1541,6 +1564,18 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha256->devId != INVALID_DEVID) + #endif + { + int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif + return Sha256Update(sha256, data, len); } @@ -1573,6 +1608,18 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha256->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = Sha256Final(sha256, hash); if (ret != 0) return ret; @@ -1621,6 +1668,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) XMEMCPY(dst, src, sizeof(wc_Sha256)); +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c index 145f6b5eb..5a0691bee 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512.c +++ b/wolfcrypt/src/port/arm/armv8-sha512.c @@ -172,6 +172,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, #ifdef WOLFSSL_SMALL_STACK_CACHE sha512->W = NULL; #endif +#ifdef WOLF_CRYPTO_CB + sha512->devId = devId; + sha512->devCtx = NULL; +#endif if (type == WC_HASH_TYPE_SHA512) { ret = InitSha512(sha512); @@ -201,6 +205,12 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) { +#ifdef MAX3266X_SHA_CB + if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0) { + return BAD_FUNC_ARG; + } +#endif + return InitSha512_Family(sha512, heap, devId, WC_HASH_TYPE_SHA512); } @@ -508,6 +518,18 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha512->devId != INVALID_DEVID) + #endif + { + int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif + return Sha512Update(sha512, data, len); } @@ -626,13 +648,20 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, return BAD_FUNC_ARG; #ifdef WOLF_CRYPTO_CB - if (sha512->devId != INVALID_DEVID) { - ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + #ifndef WOLF_CRYPTO_CB_FIND + if (sha512->devId != INVALID_DEVID) + #endif + { + byte localHash[WC_SHA512_DIGEST_SIZE]; + ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + XMEMCPY(hash, localHash, digestSz); return ret; + } /* fall-through when unavailable */ } #endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { #if defined(HAVE_INTEL_QA) @@ -661,7 +690,12 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) int wc_InitSha512(wc_Sha512* sha512) { - return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID); + int devId = INVALID_DEVID; + +#ifdef WOLF_CRYPTO_CB + devId = wc_CryptoCb_DefaultDevID(); +#endif + return wc_InitSha512_ex(sha512, NULL, devId); } void wc_Sha512Free(wc_Sha512* sha512) @@ -673,6 +707,11 @@ void wc_Sha512Free(wc_Sha512* sha512) XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); sha512->W = NULL; #endif + +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); +#endif + } #ifdef OPENSSL_EXTRA @@ -724,6 +763,18 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha384->devId != INVALID_DEVID) + #endif + { + int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif + return Sha512Update((wc_Sha512*)sha384, data, len); } @@ -757,6 +808,18 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash) return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (sha384->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + } +#endif + ret = Sha512Final((wc_Sha512*)sha384); if (ret != 0) return ret; @@ -782,7 +845,16 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #ifdef WOLFSSL_SMALL_STACK_CACHE sha384->W = NULL; #endif - +#ifdef WOLF_CRYPTO_CB + sha384->devId = devId; + sha384->devCtx = NULL; +#endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif (void)devId; return ret; @@ -790,7 +862,12 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) int wc_InitSha384(wc_Sha384* sha384) { - return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID); + int devId = INVALID_DEVID; + +#ifdef WOLF_CRYPTO_CB + devId = wc_CryptoCb_DefaultDevID(); +#endif + return wc_InitSha384_ex(sha384, NULL, devId); } void wc_Sha384Free(wc_Sha384* sha384) @@ -802,6 +879,11 @@ void wc_Sha384Free(wc_Sha384* sha384) XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER); sha384->W = NULL; #endif + +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); +#endif + } #endif /* WOLFSSL_SHA384 */ @@ -880,6 +962,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) dst->flags |= WC_HASH_FLAG_ISCOPY; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } @@ -1037,6 +1126,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) dst->flags |= WC_HASH_FLAG_ISCOPY; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md index 2898c897c..3919ffd0f 100644 --- a/wolfcrypt/src/port/maxim/README.md +++ b/wolfcrypt/src/port/maxim/README.md @@ -34,9 +34,10 @@ this can be done by adding any combination of these defines: #define MAX3266X_SHA - Allows usage of TPU for Hash Acceleration #define MAX3266X_MATH - Allows usage of MAA for MOD based Math Acceleration ``` -For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`. When you use a specific hardware define like -`#define MAX3266X_RNG` this will mean only the TRNG device is being used, and -all other operations will use the default software implementations. +For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`. +When you use a specific hardware define like `#define MAX3266X_RNG` this will +mean only the TRNG device is being used, and all other operations will use the +default software implementations. The other prerequisite is that a change needs to be made to the Maxim SDK. This is to use the MAA Math Accelerator, this change only needs to be made if you are @@ -97,6 +98,32 @@ like RSA and ECC key generation): - sqrmod: `(b^2)mod m = r` - exptmod: `(b^e)mod m = r` +## Crypto Callback Support +This port also supports using the Crypto Callback functionality in wolfSSL. +When `WOLF_CRYPTO_CB` is defined in `user_settings.h` along with +`WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` it will build the library to allow +the ability to switch between hardware and software implementations. + +Crypto Callbacks only support using the hardware for these Algorithms: + +- AES ECB: 128, 192, 256 +- AES CBC: 128, 192, 256 +- SHA-1 +- SHA-256 +- SHA-384 +- SHA-512 + +When using `WOLF_CRYPTO_CB` and `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD`, +`MAX3266X_MATH` is turned off and is is currently not supported to use with +`WOLF_CRYPTO_CB`. + +The Hardware of the port will be used by default when no devId is set. +To use software versions of the support Callback Algorithms the devId will need +to be set to `INVALID_DEVID`. + +For more information about Crypto Callbacks and how to use them please refer to +the [wolfSSL manual](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter06.html). + ## Extra Information For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with `#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index 615af9fe5..6dc324df0 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -134,6 +134,112 @@ int wc_MxcAesCryptoCb(wc_CryptoInfo* info) return BAD_FUNC_ARG; } +#ifdef MAX3266X_SHA_CB + +int wc_MxcShaCryptoCb(wc_CryptoInfo* info) +{ + switch (info->hash.type) { + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + MAX3266X_MSG("SHA-1 CB:"); + /* Update Case */ + if (info->hash.in != NULL && info->hash.digest == NULL) { + MAX3266X_MSG("Update CB"); + return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx), + info->hash.in, info->hash.inSz); + } + /* Sha 1 Final Case */ + if (info->hash.in == NULL && info->hash.digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx), + info->hash.digest, + MXC_TPU_HASH_SHA1); + } + break; /* Break Out and Return Error */ + #endif + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + MAX3266X_MSG("SHA-224 CB:"); + /* Update Case */ + if (info->hash.in != NULL && info->hash.digest == NULL) { + MAX3266X_MSG("Update CB"); + return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx), + info->hash.in, info->hash.inSz); + } + /* Sha 256 Final Case */ + if (info->hash.in == NULL && info->hash.digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx), + info->hash.digest, + MXC_TPU_HASH_SHA224); + } + break; /* Break Out and Return Error */ + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + MAX3266X_MSG("SHA-256 CB:"); + /* Update Case */ + if (info->hash.in != NULL && info->hash.digest == NULL) { + MAX3266X_MSG("Update CB"); + return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx), + info->hash.in, info->hash.inSz); + } + /* Sha 256 Final Case */ + if (info->hash.in == NULL && info->hash.digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx), + info->hash.digest, + MXC_TPU_HASH_SHA256); + } + break; /* Break Out and Return Error */ + #endif + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + MAX3266X_MSG("SHA-384 CB:"); + /* Update Case */ + if (info->hash.in != NULL && info->hash.digest == NULL) { + MAX3266X_MSG("Update CB"); + return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx), + info->hash.in, info->hash.inSz); + } + /* Sha 384 Final Case */ + if (info->hash.in == NULL && info->hash.digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx), + info->hash.digest, + MXC_TPU_HASH_SHA384); + } + break; /* Break Out and Return Error */ + #endif + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + MAX3266X_MSG("SHA-512 CB:"); + /* Update Case */ + if (info->hash.in != NULL && info->hash.digest == NULL) { + MAX3266X_MSG("Update CB"); + return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx), + info->hash.in, info->hash.inSz); + } + /* Sha 512 Final Case */ + if (info->hash.in == NULL && info->hash.digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx), + info->hash.digest, + MXC_TPU_HASH_SHA512); + } + break; /* Break Out and Return Error */ + #endif + default: + /* Hash type not supported */ + return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + } + if (info->hash.inSz == 0) { + return 0; /* Dont need to Update when Size is Zero */ + } + return BAD_FUNC_ARG; +} +#endif /* MAX3266X_SHA_CB */ + /* Determines AES Type for Callback */ /* General Callback Function to determine ALGO Type */ int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) @@ -151,10 +257,15 @@ int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) switch (info->algo_type) { case WC_ALGO_TYPE_CIPHER: - /* return this to bypass HW and use SW */ - MAX3266X_MSG("Using MXC HW Callback:"); + MAX3266X_MSG("Using MXC AES HW Callback:"); ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */ break; +#ifdef MAX3266X_SHA_CB + case WC_ALGO_TYPE_HASH: + MAX3266X_MSG("Using MXC SHA HW Callback:"); + ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */ + break; +#endif /* MAX3266X_SHA_CB */ default: MAX3266X_MSG("Callback not support with MXC, using SW"); /* return this to bypass HW and use SW */ @@ -305,7 +416,7 @@ int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return status; } - status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->cb_key, + status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->devKey, MXC_TPU_MODE_ECB, sz, out, keySize); return status; @@ -341,7 +452,7 @@ int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return status; } - status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->cb_key, + status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->devKey, MXC_TPU_MODE_CBC, sz, out, (unsigned int)keySize); /* store iv for next call */ @@ -421,7 +532,7 @@ int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return status; } - status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->cb_key, + status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->devKey, MXC_TPU_MODE_ECB, sz, out, keySize); return status; @@ -460,7 +571,7 @@ int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* get IV for next call */ XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->cb_key, + status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->devKey, MXC_TPU_MODE_CBC, sz, out, keySize); @@ -475,7 +586,7 @@ int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* HAVE_AES_DECRYPT */ #endif /* MAX3266X_AES */ -#if defined(MAX3266X_SHA) +#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash) { @@ -521,7 +632,7 @@ int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data, #endif } if (p == NULL) { - return -1; + return MEMORY_E; } hash->msg = p; hash->size = hash->used+size; @@ -599,7 +710,16 @@ int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst) } dst->used = src->used; dst->size = src->size; - XMEMCPY(dst->hash, src->hash, sizeof(dst->hash)); + if (dst->msg == src->msg && src->msg != 0) { + /* Allocate new memory for dst->msg if it points to the same location */ + /* as src->msg */ + dst->msg = (unsigned char*)XMALLOC(src->size, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (dst->msg == NULL) { + return MEMORY_E; /* Handle memory allocation failure */ + } + } + XMEMCPY(dst->msg, src->msg, src->size); return 0; } @@ -659,6 +779,7 @@ int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, return 0; /* False */ } +#ifndef MAX3266X_SHA_CB #if !defined(NO_SHA) WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) @@ -893,8 +1014,8 @@ WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512) } #endif /* WOLFSSL_SHA512 */ - -#endif /* MAX3266X_SHA */ +#endif /* !MAX3266X_SHA_CB*/ +#endif /* MAX3266X_SHA || MAX3266X_SHA_CB */ #if defined(MAX3266X_MATH) @@ -995,7 +1116,7 @@ int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand, DYNAMIC_TYPE_TMP_BUFFER); if (zero_tmp == NULL) { MAX3266X_MSG("NULL pointer found after XMALLOC call"); - return WC_HW_E; + return MEMORY_E; } XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit)); @@ -1428,4 +1549,4 @@ double wc_MXC_RTC_Time(void) #endif /* MAX3266X_RTC */ -#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ \ No newline at end of file +#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 6bbb1c530..78ce918e2 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -564,6 +564,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) sha->devCtx = NULL; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW if (sha->ctx.mode != ESP32_SHA_INIT) { /* it may be interesting to see old values during debugging */ @@ -1057,6 +1064,9 @@ void wc_ShaFree(wc_Sha* sha) #ifdef WOLFSSL_PIC32MZ_HASH wc_ShaPic32Free(sha); #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); +#endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) se050_hash_free(&sha->se050Ctx); #endif @@ -1153,6 +1163,13 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) esp_sha_ctx_copy(src, dst); #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 18adbbd84..c9c3b100b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -279,10 +279,6 @@ static int InitSha256(wc_Sha256* sha256) #endif #endif -#ifdef WOLF_CRYPTO_CB - sha256->devId = wc_CryptoCb_DefaultDevID(); -#endif - #ifdef WOLFSSL_MAXQ10XX_CRYPTO XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx)); #endif @@ -1096,6 +1092,12 @@ static int InitSha256(wc_Sha256* sha256) sha256->devId = devId; sha256->devCtx = NULL; #endif + #ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); + if (ret != 0) { + return ret; + } + #endif #ifdef WOLFSSL_SMALL_STACK_CACHE sha256->W = NULL; #endif @@ -2246,6 +2248,10 @@ void wc_Sha256Free(wc_Sha256* sha256) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256); #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -2547,6 +2553,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) wc_MAXQ10XX_Sha256Copy(src); #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_SMALL_STACK_CACHE dst->W = NULL; #endif diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index fd9acc1e2..7f3e745c6 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -773,6 +773,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) sha512->ctx.mode = ESP32_SHA_INIT; #endif +#ifdef MAX3266X_SHA_CB + if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){ + return BAD_FUNC_ARG; + } +#endif + return InitSha512_Family(sha512, heap, devId, InitSha512); } @@ -1454,6 +1460,10 @@ void wc_Sha512Free(wc_Sha512* sha512) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512); #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -1759,6 +1769,13 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) sha384->ctx.mode = ESP32_SHA_INIT; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + ret = InitSha384(sha384); if (ret != 0) { return ret; @@ -1837,6 +1854,10 @@ void wc_Sha384Free(wc_Sha384* sha384) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); +#endif + ForceZero(sha384, sizeof(*sha384)); } @@ -1958,6 +1979,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) } #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } @@ -2247,6 +2275,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) } #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index eab2ea5b5..cf08ec3a5 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -263,11 +263,6 @@ struct Aes { word32 rounds; #ifdef WC_C_DYNAMIC_FALLBACK word32 key_C_fallback[60]; -#endif -#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ - defined(WOLF_CRYPTO_CB) - /* Need backup key for MXC CB */ - word32 cb_key[60]; #endif int keylen; diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h index 371af11ed..e25dba7bb 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h @@ -24,13 +24,9 @@ #if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ defined(WOLF_CRYPTO_CB) - #ifndef WOLFSSL_MAX3266X_DEVID #define WOLFSSL_MAX3266X_DEVID 9 #endif -#ifndef MAX_CRYPTO_DEVID_CALLBACKS - #define MAX_CRYPTO_DEVID_CALLBACKS WOLFSSL_MAX3266X_DEVID -#endif #define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID #include #include @@ -62,6 +58,13 @@ #endif #endif /* HAVE_AES_DECRYPT */ + + WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256, + const unsigned char* data, + unsigned int len); + WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256, + unsigned char* hash); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index 39c79b9c0..10c1188b4 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -30,20 +30,31 @@ #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) +/* Some extra conditions when using callbacks */ +#if defined(WOLF_CRYPTO_CB) + #define MAX3266X_CB + #ifdef MAX3266X_MATH + #error Cannot have MAX3266X_MATH and MAX3266X_CB + #endif + #ifdef MAX3266X_SHA + #undef MAX3266X_SHA /* Turn Off Normal Sha Definition */ + #define MAX3266X_SHA_CB /* Turn On Callback for SHA */ + #endif +#endif + /* Default to all HW acceleration on unless specified in user_settings */ #if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \ !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \ !defined(MAX3266X_MATH) #define MAX3266X_RNG #define MAX3266X_AES - #define MAX3266X_SHA - #define MAX3266X_ECDSA - #define MAX3266X_MATH -#endif - -/* Some extra conditions when using callbacks */ -#if defined(WOLF_CRYPTO_CB) - #define MAX3266X_CB + #ifndef MAX3266X_CB + #define MAX3266X_SHA /* SHA is Supported, but need new definitions */ + #define MAX3266X_MATH /* MATH is not supported with callbacks */ + #endif + #ifdef MAX3266X_CB + #define MAX3266X_SHA_CB /* Turn on Callback for SHA */ + #endif #endif /* Crypto HW can be used in parallel on this device */ @@ -92,7 +103,7 @@ #define MXC_TPU_Cipher_AES_Decrypt TPU_AES_Decrypt #endif - #if defined(MAX3266X_SHA) + #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) #include "hash.h" /* Proivdes Drivers for SHA */ /* SHA Defines */ #define MXC_TPU_HASH_TYPE tpu_hashfunsel_t @@ -141,7 +152,7 @@ #include "trng.h" /* Provides Drivers for TRNG */ #endif #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \ - defined(MAX3266X_ECDSA) || defined(MAX3266X_RSA) || \ + defined(MAX3266X_MATH) || defined(MAX3266X_RSA) || \ defined(MAX3266X_RNG) #include "tpu.h" /* SDK Drivers for the TPU unit */ /* Handles AES, SHA, and */ @@ -223,25 +234,22 @@ #endif /* HAVE_AES_DECRYPT */ #endif /* MAX3266X_AES */ -#ifdef MAX3266X_SHA +#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) typedef struct { unsigned char *msg; unsigned int used; unsigned int size; - unsigned char hash[WOLFSSL_MAX_HASH_SIZE]; - #ifdef WOLF_CRYPTO_CB - int devId; - void* devCtx; /* generic crypto callback context */ - #endif #ifdef WOLFSSL_HASH_FLAGS unsigned int flags; /* enum wc_HashFlags in hash.h */ #endif } wc_MXC_Sha; #if !defined(NO_SHA) + #ifndef MAX3266X_SHA_CB typedef wc_MXC_Sha wc_Sha; #define WC_SHA_TYPE_DEFINED + #endif /* !MAX3266X_SHA_CB */ /* Define the SHA digest for an empty string */ /* as a constant byte array */ @@ -252,8 +260,10 @@ #endif /* NO_SHA */ #if defined(WOLFSSL_SHA224) + #ifndef MAX3266X_SHA_CB typedef wc_MXC_Sha wc_Sha224; #define WC_SHA224_TYPE_DEFINED + #endif /* !MAX3266X_SHA_CB */ /* Define the SHA-224 digest for an empty string */ /* as a constant byte array */ @@ -265,8 +275,10 @@ #endif /* WOLFSSL_SHA224 */ #if !defined(NO_SHA256) + #ifndef MAX3266X_SHA_CB typedef wc_MXC_Sha wc_Sha256; #define WC_SHA256_TYPE_DEFINED + #endif /* !MAX3266X_SHA_CB */ /* Define the SHA-256 digest for an empty string */ /* as a constant byte array */ @@ -278,8 +290,10 @@ #endif /* NO_SHA256 */ #if defined(WOLFSSL_SHA384) + #ifndef MAX3266X_SHA_CB typedef wc_MXC_Sha wc_Sha384; #define WC_SHA384_TYPE_DEFINED + #endif /* !MAX3266X_SHA_CB */ /* Define the SHA-384 digest for an empty string */ /* as a constant byte array */ @@ -293,10 +307,12 @@ #endif /* WOLFSSL_SHA384 */ #if defined(WOLFSSL_SHA512) + #ifndef MAX3266X_SHA_CB typedef wc_MXC_Sha wc_Sha512; typedef wc_MXC_Sha wc_Sha512_224; typedef wc_MXC_Sha wc_Sha512_256; #define WC_SHA512_TYPE_DEFINED + #endif /* !MAX3266X_SHA_CB */ /* Does not support these SHA512 Macros */ #ifndef WOLFSSL_NOSHA512_224 @@ -339,7 +355,7 @@ MXC_TPU_HASH_TYPE algo); -#endif +#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */ #if defined(MAX3266X_MATH) #define WOLFSSL_USE_HW_MP @@ -369,4 +385,4 @@ #endif #endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */ -#endif /* _WOLFPORT_MAX3266X_H_ */ \ No newline at end of file +#endif /* _WOLFPORT_MAX3266X_H_ */ diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 0e0582302..dd9d8b90a 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -163,6 +163,9 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_Sha mxcCtx; +#endif #ifdef WOLFSSL_IMXRT1170_CAAM caam_hash_ctx_t ctx; caam_handle_t hndl; diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 311bb3127..c435cf061 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -213,6 +213,9 @@ struct wc_Sha256 { #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_Sha mxcCtx; +#endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 307c987fc..9bcebdc62 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -188,6 +188,9 @@ struct wc_Sha512 { int devId; void* devCtx; /* generic crypto callback context */ #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_Sha mxcCtx; +#endif #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif From 55cd8a800fd26aa99c4fec5ddd60ee7dbaca677c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 20 Sep 2024 13:53:36 -0500 Subject: [PATCH 018/325] FIPS v5 gating fixes: configure.ac: * fix logic in "Forcing off" test expressions, first flubbed in 19106a9510; * fix auto-enable of compkey to exclude v5 even if v5-dev. src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3). wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings. wolfcrypt/test/test.c: * in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings; * in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k()); * in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3. --- configure.ac | 16 +++++++------- src/tls13.c | 10 ++++----- wolfcrypt/src/error.c | 6 +++--- wolfcrypt/test/test.c | 50 ++++++++++++++++++++++++------------------- 4 files changed, 44 insertions(+), 38 deletions(-) diff --git a/configure.ac b/configure.ac index 0841cc534..e07b0bb11 100644 --- a/configure.ac +++ b/configure.ac @@ -4083,7 +4083,7 @@ AC_ARG_ENABLE([compkey], ) if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes") && - (test "$HAVE_FIPS_VERSION" != "5" || test "$FIPS_VERSION" = "v5-dev") + (test "$HAVE_FIPS_VERSION" != "5") then ENABLED_COMPKEY=yes fi @@ -5434,7 +5434,7 @@ AS_CASE([$FIPS_VERSION], [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"]) AS_IF([test "$ENABLED_COMPKEY" = "yes" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_compkey" = "yes")], [AC_MSG_WARN([Forcing off compkey for FIPS ${FIPS_VERSION}.]) ENABLED_COMPKEY="no"]) @@ -5452,13 +5452,13 @@ AS_CASE([$FIPS_VERSION], # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list AS_IF([test "$ENABLED_SHAKE128" != "no" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")], [AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.]) ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"]) # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list AS_IF([test "$ENABLED_SHAKE256" != "no" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")], [AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.]) ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"]) @@ -5470,7 +5470,7 @@ AS_CASE([$FIPS_VERSION], [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) AS_IF([test "$ENABLED_AESXTS" = "yes" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")], [AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.]) ENABLED_AESXTS="no"]) @@ -5510,7 +5510,7 @@ AS_CASE([$FIPS_VERSION], # AES-GCM streaming isn't part of the v5 FIPS suite. AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")], [AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.]) ENABLED_AESGCM_STREAM="no"]) @@ -5525,12 +5525,12 @@ AS_CASE([$FIPS_VERSION], [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])]) AS_IF([test "$ENABLED_SRTP" != "no" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_srtp" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")], [AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.]) ENABLED_SRTP="no"]) AS_IF([test "$ENABLED_SRTP_KDF" != "no" && - (test "$FIPS_VERSION" != "v5-dev" || test "$enable_srtp_kdf" != "yes")], + ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")], [AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.]) ENABLED_SRTP_KDF="no"]) diff --git a/src/tls13.c b/src/tls13.c index d40a74f72..df4ab791b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -221,7 +221,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, #endif (void)ssl; PRIVATE_KEY_UNLOCK(); -#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, @@ -261,7 +261,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, return ret; #endif -#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, @@ -1137,7 +1137,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, #endif { #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest, ssl->heap, ssl->devId); #else @@ -4840,7 +4840,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, if (ret == 0) { PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); @@ -4978,7 +4978,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, if (ret == 0) { PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 11f56d31f..deedcbe1a 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -364,13 +364,13 @@ const char* wc_GetErrorString(int error) return "ECC is point on curve failed"; case ECC_INF_E: - return " ECC point at infinity error"; + return "ECC point at infinity error"; case ECC_OUT_OF_RANGE_E: - return " ECC Qx or Qy out of range error"; + return "ECC Qx or Qy out of range error"; case ECC_PRIV_KEY_E: - return " ECC private key is not valid error"; + return "ECC private key is not valid error"; case SRP_CALL_ORDER_E: return "SRP function called in the wrong order error"; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c14d712e2..a6dddd65d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -810,10 +810,16 @@ static void render_error_message(const char* msg, wc_test_ret_t es) #ifdef NO_ERROR_STRINGS err_sys_printf("%s error L=%d code=%d\n", msg, WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es)); +#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED) + err_sys_printf("%s error L=%d code=%d (%s)\n", msg, + WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es), + wc_GetErrorString(-WC_TEST_RET_DEC_I(es)) + ); #else err_sys_printf("%s error L=%d code=%d (%s)\n", msg, WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es), - wc_GetErrorString(-WC_TEST_RET_DEC_I(es))); + wolfSSL_ERR_reason_error_string(-WC_TEST_RET_DEC_I(es)) + ); #endif break; case WC_TEST_RET_TAG_ERRNO: @@ -29327,7 +29333,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) 0xA8 }; #endif -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = { 0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ @@ -29342,7 +29348,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) 0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54 }; #endif -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = { 0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ @@ -29385,7 +29391,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif /* !NO_SHA256 */ -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-384 */ ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng, expSig384, sizeof(expSig384)); @@ -29393,7 +29399,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-512 */ ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng, expSig512, sizeof(expSig512)); @@ -29491,7 +29497,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" "EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; #endif -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C" "81A648152E44ACF96E36DD1E80FABE46"; @@ -29499,7 +29505,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F" "A329C145786E679E7B82C71A38628AC8"; #endif -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C" "FE30F35CC900056D7C99CD7882433709"; @@ -29549,27 +29555,27 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* NO_SHA256 */ -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-384 */ mp_read_radix(expR, expRstr384, MP_RADIX_HEX); mp_read_radix(expS, expSstr384, MP_RADIX_HEX); ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-512 */ mp_read_radix(expR, expRstr512, MP_RADIX_HEX); mp_read_radix(expS, expSstr512, MP_RADIX_HEX); ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* WOLFSSL_SHA512 */ done: @@ -29630,7 +29636,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" "CFC"; #endif -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4" "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67" @@ -29640,7 +29646,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65" "D61"; #endif -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1" "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37" @@ -29693,27 +29699,27 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* NO_SHA256 */ -#ifdef WOLFSSL_SHA384 +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-384 */ mp_read_radix(expR, expRstr384, MP_RADIX_HEX); mp_read_radix(expS, expSstr384, MP_RADIX_HEX); ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) /* Test for SHA2-512 */ mp_read_radix(expR, expRstr512, MP_RADIX_HEX); mp_read_radix(expS, expSstr512, MP_RADIX_HEX); ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, r, s, expR, expS); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ERROR_OUT(ret, done); #endif /* WOLFSSL_SHA512 */ done: @@ -48821,7 +48827,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); -#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3) +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz, tc->k, tc->kSz, NULL, devId); #else @@ -48832,7 +48838,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3) +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz, tc->k, tc->kSz, HEAP_HINT, devId); #else @@ -48842,7 +48848,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3) +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) /* Test that keyless generate with init is the same */ XMEMSET(tag, 0, sizeof(tag)); tagSz = sizeof(tag); From 1ffcf4000b19754b04d298439e88da69d2185c48 Mon Sep 17 00:00:00 2001 From: ZackLabPC Date: Fri, 20 Sep 2024 15:21:27 -0600 Subject: [PATCH 019/325] Making HW Mutex Functions Private Api --- wolfssl/wolfcrypt/wc_port.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 58aba6bec..cb8d0f732 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -438,9 +438,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); however it's recommended to call this directly on Hw init to avoid possible race condition where two calls to wolfSSL_CryptHwMutexLock are made at the same time. */ - int wolfSSL_CryptHwMutexInit(void); - int wolfSSL_CryptHwMutexLock(void); - int wolfSSL_CryptHwMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void); #else /* Define stubs, since HW mutex is disabled */ #define wolfSSL_CryptHwMutexInit() 0 /* Success */ @@ -474,9 +474,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); /* to using the generic wolfSSL_CryptHwMutex */ #if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ WOLFSSL_CRYPT_HW_MUTEX - int wolfSSL_HwRngMutexInit(void); - int wolfSSL_HwRngMutexLock(void); - int wolfSSL_HwRngMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void); #else #define wolfSSL_HwRngMutexInit wolfSSL_CryptHwMutexInit #define wolfSSL_HwRngMutexLock wolfSSL_CryptHwMutexLock @@ -485,9 +485,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ WOLFSSL_CRYPT_HW_MUTEX - int wolfSSL_HwAesMutexInit(void); - int wolfSSL_HwAesMutexLock(void); - int wolfSSL_HwAesMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void); #else #define wolfSSL_HwAesMutexInit wolfSSL_CryptHwMutexInit #define wolfSSL_HwAesMutexLock wolfSSL_CryptHwMutexLock @@ -496,9 +496,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ WOLFSSL_CRYPT_HW_MUTEX - int wolfSSL_HwHashMutexInit(void); - int wolfSSL_HwHashMutexLock(void); - int wolfSSL_HwHashMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void); #else #define wolfSSL_HwHashMutexInit wolfSSL_CryptHwMutexInit #define wolfSSL_HwHashMutexLock wolfSSL_CryptHwMutexLock @@ -507,9 +507,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ WOLFSSL_CRYPT_HW_MUTEX - int wolfSSL_HwPkMutexInit(void); - int wolfSSL_HwPkMutexLock(void); - int wolfSSL_HwPkMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void); #else #define wolfSSL_HwPkMutexInit wolfSSL_CryptHwMutexInit #define wolfSSL_HwPkMutexLock wolfSSL_CryptHwMutexLock From 3f0a17b331290b9c87bfcc1a9b6aaee1f7b0441e Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 19 Sep 2024 09:31:55 +0900 Subject: [PATCH 020/325] Update TSIP driver version to v1.21 Use ASN_TEMPLATE Extracting YEAR and MONTH from __DATE__ --- .../RX65N/GR-ROSE/common/user_settings.h | 2 - .../RX65N/GR-ROSE/common/wolfssl_dummy.c | 25 ++- .../RX65N/RSK/wolfssl_demo/key_data.c | 200 ++++++++++-------- .../RX65N/RSK/wolfssl_demo/user_settings.h | 16 +- .../RX65N/RSK/wolfssl_demo/wolfssl_demo.c | 29 ++- wolfcrypt/src/asn.c | 100 +++++---- 6 files changed, 220 insertions(+), 152 deletions(-) diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h index 875afd165..ecf532359 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h @@ -271,5 +271,3 @@ #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) -/* use original ASN parsing */ -#define WOLFSSL_ASN_ORIGINAL diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c index ae1a2ab6e..b26cd7d6b 100644 --- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c @@ -18,18 +18,33 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #include -#define YEAR 2024 -#define MON 9 - static int tick = 0; +#define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ +) + +#define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) time_t time(time_t *t) { (void)t; - return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++; + return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++; } #include diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c index 4d176ccaa..9ddda19e4 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c @@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data = }, /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */ { - 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, + 0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 0x34, 0xB2, 0x4D, 0x92 }, /* @@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */ { - 0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1, - 0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65, - 0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F, - 0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B, - 0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8, - 0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33, - 0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A, - 0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C, - 0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF, - 0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3, - 0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56, - 0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C, - 0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37, - 0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B, - 0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12, - 0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10, - 0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B, - 0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7, - 0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8, - 0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4, - 0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5, - 0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56, - 0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C, - 0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87 + 0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B, + 0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73, + 0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB, + 0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88, + 0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87, + 0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C, + 0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D, + 0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92, + 0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43, + 0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29, + 0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0, + 0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B, + 0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E, + 0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19, + 0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83, + 0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74, + 0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43, + 0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC, + 0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD, + 0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E, + 0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8, + 0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3, + 0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89, + 0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45 }, /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */ { @@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16] */ { - 0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, + 0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6, 0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9, 0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30, @@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data = * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16] */ { - 0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, + 0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6, 0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9, 0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30, @@ -187,84 +187,96 @@ const uint32_t encrypted_user_key_type = const unsigned char ca_ecc_cert_der_sig[] = { - 0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa, - 0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c, - 0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6, - 0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a, - 0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd, - 0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba, - 0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44, - 0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc, - 0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61, - 0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35, - 0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a, - 0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6, - 0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e, - 0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b, - 0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18, - 0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5, - 0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f, - 0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c, - 0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b, - 0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8, - 0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99, - 0xc0, 0x73, 0x11, 0x1e + 0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35, + 0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1, + 0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B, + 0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08, + 0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C, + 0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95, + 0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C, + 0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC, + 0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27, + 0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7, + 0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC, + 0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19, + 0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC, + 0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E, + 0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D, + 0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F, + 0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9, + 0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73, + 0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42, + 0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2, + 0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC, + 0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD, + 0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E, + 0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25, + 0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12, + 0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31 }; const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig); /* ./ca-cert.der.sign, */ const unsigned char ca_cert_der_sig[] = { - 0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba, - 0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89, - 0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18, - 0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1, - 0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74, - 0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a, - 0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7, - 0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed, - 0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2, - 0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7, - 0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34, - 0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47, - 0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52, - 0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84, - 0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e, - 0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa, - 0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89, - 0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4, - 0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0, - 0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8, - 0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae, - 0x1d, 0xdb, 0x57, 0xb8 + 0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC, + 0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF, + 0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C, + 0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34, + 0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7, + 0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B, + 0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD, + 0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27, + 0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92, + 0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC, + 0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE, + 0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9, + 0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D, + 0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3, + 0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED, + 0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F, + 0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33, + 0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21, + 0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C, + 0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14, + 0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77, + 0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26, + 0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45, + 0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D, + 0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4, + 0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81 }; const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig); /* ./client-cert.der.sign, */ const unsigned char client_cert_der_sign[] = { - 0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, 0x8A, 0x16, - 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, 0x58, 0xC6, 0x5A, 0xED, - 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, - 0x15, 0x84, 0x00, 0xE1, 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, - 0x8A, 0x95, 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21, - 0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, 0x5B, 0x3F, - 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, 0x1D, 0xBE, 0xEB, 0x8E, - 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, - 0x7E, 0xB6, 0xC8, 0xE1, 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, - 0xCC, 0xCA, 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81, - 0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, 0x55, 0xB6, - 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, 0xD7, 0xEB, 0x1D, 0x08, - 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, - 0xAC, 0x89, 0x63, 0xD5, 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, - 0x9B, 0x71, 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5, - 0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, 0x58, 0x3A, - 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, 0x2D, 0xC5, 0xCD, 0x62, - 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, - 0xC6, 0x2E, 0xDF, 0xD9, 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, - 0x35, 0x4F, 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C, - 0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, 0x3E, 0x95, - 0x2A, 0x10, 0x01, 0x05 + 0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0, + 0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41, + 0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED, + 0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77, + 0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9, + 0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1, + 0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06, + 0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF, + 0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59, + 0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06, + 0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9, + 0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D, + 0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC, + 0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6, + 0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A, + 0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8, + 0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A, + 0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F, + 0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D, + 0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45, + 0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65, + 0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A, + 0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32, + 0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18, + 0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70, + 0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC }; const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign); - +uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 }; #endif diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h index 840477a88..e35feacb9 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h @@ -38,9 +38,10 @@ * 114: TSIPv1.14 * 115: TSIPv1.15 * 117: TSIPv1.17 + * 121: TSIPv1.21 *----------------------------------------------------------------------------*/ #define WOLFSSL_RENESAS_TSIP - #define WOLFSSL_RENESAS_TSIP_VER 117 + #define WOLFSSL_RENESAS_TSIP_VER 121 /*-- TLS version definitions -------------------------------------------------- @@ -143,7 +144,7 @@ * *----------------------------------------------------------------------------*/ #define SIZEOF_LONG_LONG 8 - + #define WOLFSSL_SMALL_STACK /* * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation -- @@ -233,7 +234,6 @@ #define WOLFSSL_RENESAS_TSIP_TLS #if !defined(NO_RENESAS_TSIP_CRYPT) - #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define HAVE_PK_CALLBACKS #define WOLF_CRYPTO_CB #if defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -247,7 +247,14 @@ # undef WOLFSSL_RENESAS_TSIP_TLS # undef WOLFSSL_RENESAS_TSIP_CRYPT #endif - + /*------------------------------------------------------------------------- + * TSIP generates random numbers using the CRT-DRBG described + * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK + * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API + * directly. Comment out the macro will generate random number by + * wolfSSL Hash DRBG by using a seed which is generated by TSIP API. + *-----------------------------------------------------------------------*/ + #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock #else #define OPENSSL_EXTRA #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */ @@ -263,3 +270,4 @@ /*-- strcasecmp */ #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c index bbe486cbc..1d9c1e147 100644 --- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c +++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c @@ -30,7 +30,6 @@ #include "platform/iot_network.h" #include "platform.h" - #include #include "wolfssl/ssl.h" #include @@ -59,22 +58,40 @@ static WOLFSSL_CTX* client_ctx; #endif /* TLS_CLIENT */ -#define TLSSERVER_IP "192.168.1.14" +#define TLSSERVER_IP "192.168.10.6" #define TLSSERVER_PORT 11111 -#define YEAR 2023 -#define MON 3 #define FREQ 10000 /* Hz */ static long tick; static int tmTick; +#define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ +) + +#define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) + /* time * returns seconds from EPOCH */ time_t time(time_t *t) { (void)t; - return ((YEAR-1970)*365+30*MON)*24*60*60 + tmTick++; + return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tmTick++; } /* timeTick @@ -94,8 +111,6 @@ double current_time(int reset) return ((double)tick/FREQ) ; } - - /* --------------------------------------------------------*/ /* Benchmark_demo */ /* --------------------------------------------------------*/ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3f76da809..bea4c89d0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9490,6 +9490,42 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, #endif /* NO_PWDBASED */ #ifndef NO_RSA +#ifdef WOLFSSL_ASN_TEMPLATE +/* ASN.1 template for an RSA public key. + * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo + * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey + */ +static const ASNItem rsaPublicKeyASN[] = { +/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALGOID_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 }, +#ifdef WC_RSA_PSS +/* ALGOID_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, +#endif +/* PUBKEY */ { 1, ASN_BIT_STRING, 0, 1, 0 }, + /* RSAPublicKey */ +/* PUBKEY_RSA_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, +/* PUBKEY_RSA_N */ { 3, ASN_INTEGER, 0, 0, 0 }, +/* PUBKEY_RSA_E */ { 3, ASN_INTEGER, 0, 0, 0 }, +}; +enum { + RSAPUBLICKEYASN_IDX_SEQ = 0, + RSAPUBLICKEYASN_IDX_ALGOID_SEQ, + RSAPUBLICKEYASN_IDX_ALGOID_OID, + RSAPUBLICKEYASN_IDX_ALGOID_NULL, +#ifdef WC_RSA_PSS + RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ, +#endif + RSAPUBLICKEYASN_IDX_PUBKEY, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E +}; + +/* Number of items in ASN.1 template for an RSA public key. */ +#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem)) +#endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) /* This function is to retrieve key position information in a cert.* @@ -9500,9 +9536,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, word32* key_n_len, word32* key_e, word32* key_e_len) { - +#ifndef WOLFSSL_ASN_TEMPLATE int ret = 0; int length = 0; + #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) byte b; #endif @@ -9565,48 +9602,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, } if (key_e_len) *key_e_len = length; - return ret; +#else + int ret = 0; + const byte* n = NULL; + const byte* e = NULL; /* pointer to modulus/exponent */ + word32 rawIndex = 0; + + ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz, + &n, key_n_len, &e, key_e_len); + if (ret == 0) { + /* convert pointer to offset */ + if (key_n != NULL) { + rawIndex = n - input; + *key_n += rawIndex; + } + if (key_e != NULL) { + rawIndex = e - input; + *key_e += rawIndex; + } + } + return ret; +#endif + } #endif /* WOLFSSL_RENESAS_TSIP */ - -#ifdef WOLFSSL_ASN_TEMPLATE -/* ASN.1 template for an RSA public key. - * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo - * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey - */ -static const ASNItem rsaPublicKeyASN[] = { -/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, -/* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, -/* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, -/* ALGOID_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 }, -#ifdef WC_RSA_PSS -/* ALGOID_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, -#endif -/* PUBKEY */ { 1, ASN_BIT_STRING, 0, 1, 0 }, - /* RSAPublicKey */ -/* PUBKEY_RSA_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, -/* PUBKEY_RSA_N */ { 3, ASN_INTEGER, 0, 0, 0 }, -/* PUBKEY_RSA_E */ { 3, ASN_INTEGER, 0, 0, 0 }, -}; -enum { - RSAPUBLICKEYASN_IDX_SEQ = 0, - RSAPUBLICKEYASN_IDX_ALGOID_SEQ, - RSAPUBLICKEYASN_IDX_ALGOID_OID, - RSAPUBLICKEYASN_IDX_ALGOID_NULL, -#ifdef WC_RSA_PSS - RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ, -#endif - RSAPUBLICKEYASN_IDX_PUBKEY, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E -}; - -/* Number of items in ASN.1 template for an RSA public key. */ -#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem)) -#endif - /* Decode RSA public key. * * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo From 735c0f6b3ae4c8e1684770edec65da68237fbd4c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 20 Sep 2024 17:25:21 -0700 Subject: [PATCH 021/325] ECC Test Fix The ECC key generation test was failing due not using large enough of a buffer. Fixed to use a better size. 1. Set the shared digest/sig buffer size in _ecc_pairwise_consistency_test() to the maximum possible based on the math in wc_ecc_sig_sz(). --- wolfcrypt/src/ecc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 5c14b94ef..ee031a6aa 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -10229,7 +10229,8 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) { #ifndef WOLFSSL_SMALL_STACK - byte sig[MAX_ECC_BYTES + WC_SHA256_DIGEST_SIZE]; + #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ) + byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE]; #else byte* sig; #endif From 67528f91b3f022bee4c43c4bdb6938de4d5792a5 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 23 Sep 2024 09:05:17 +1000 Subject: [PATCH 022/325] Dilithium: fixes Fixes to hint error dectection. Fix public key decode to fail when DER length is zero for the public key data. --- wolfcrypt/src/dilithium.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index da465efcc..8b29994b0 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -3411,7 +3411,7 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega) } } /* Ensure the last hint is less than the current hint. */ - else if (h[i - 1] > h[i]) { + else if (h[i - 1] >= h[i]) { ret = SIG_VERIFY_E; break; } @@ -9654,7 +9654,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = dilitihium_get_der_length(input, &idx, &length, inSz); } if (ret == 0) { - if (input[idx] != 0) { + if ((input[idx] != 0) || (length == 0)) { ret = ASN_PARSE_E; } idx++; From 634e547fba66bab89334d9b436efc9e615d06e62 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 23 Sep 2024 10:04:33 -0700 Subject: [PATCH 023/325] Initial implementation of new option to always copy over key to SSL ctx --- src/internal.c | 7 +++++++ src/ssl.c | 7 +++++++ wolfssl/wolfcrypt/settings.h | 5 +++++ 3 files changed, 19 insertions(+) diff --git a/src/internal.c b/src/internal.c index 2fc63753f..bae404677 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6829,7 +6829,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.certChainCnt = ctx->certChainCnt; #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY +#ifdef WOLFSSL_COPY_KEY + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + ssl->buffers.weOwnKey = 1; +#else ssl->buffers.key = ctx->privateKey; +#endif #else if (ctx->privateKey != NULL) { AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, diff --git a/src/ssl.c b/src/ssl.c index 264f2c04e..310a1ed2d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20410,7 +20410,14 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.certChainCnt = ctx->certChainCnt; #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY +#ifdef WOLFSSL_COPY_KEY + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + ssl->buffers.weOwnKey = 1; +#else ssl->buffers.key = ctx->privateKey; +#endif #else if (ctx->privateKey != NULL) { AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 03cd5e550..07c4f746b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3581,6 +3581,11 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_COPY_CERT #endif +#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY) + #undef WOLFSSL_COPY_KEY + #define WOLFSSL_COPY_KEY +#endif + /* * Keeps the "Finished" messages after a TLS handshake for use as the so-called * "tls-unique" channel binding. See comment in internal.h around clientFinished From cad2bbd7a7d9200f40e7fa8446c75bfabd196db3 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 23 Sep 2024 10:18:23 -0700 Subject: [PATCH 024/325] Add NULL checks on key copy --- src/internal.c | 16 ++++++++++++---- src/ssl.c | 16 ++++++++++++---- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index bae404677..d05238ec8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6830,10 +6830,18 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY #ifdef WOLFSSL_COPY_KEY - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, - ctx->privateKey->length, ctx->privateKey->type, - ctx->privateKey->heap); - ssl->buffers.weOwnKey = 1; + if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL) { + FreeDer(&ssl->buffers.key); + } + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + ssl->buffers.weOwnKey = 1; + } + else { + ssl->buffers.key = ctx->privateKey; + } #else ssl->buffers.key = ctx->privateKey; #endif diff --git a/src/ssl.c b/src/ssl.c index 310a1ed2d..de97c8e5f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20411,10 +20411,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY #ifdef WOLFSSL_COPY_KEY - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, - ctx->privateKey->length, ctx->privateKey->type, - ctx->privateKey->heap); - ssl->buffers.weOwnKey = 1; + if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL) { + FreeDer(&ssl->buffers.key); + } + AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + ssl->buffers.weOwnKey = 1; + } + else { + ssl->buffers.key = ctx->privateKey; + } #else ssl->buffers.key = ctx->privateKey; #endif From 27adc66cca0598d8de5f171ead8322b0083677cc Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 23 Sep 2024 11:30:58 -0700 Subject: [PATCH 025/325] Add conditional repository_owner to workflow, remove socat strategy --- .github/workflows/async.yml | 1 + .github/workflows/curl.yml | 2 ++ .github/workflows/cyrus-sasl.yml | 2 ++ .github/workflows/disabled/haproxy.yml | 1 + .github/workflows/disabled/hostap.yml | 2 ++ .github/workflows/docker-Espressif.yml | 3 +++ .github/workflows/docker-OpenWrt.yml | 2 ++ .github/workflows/grpc.yml | 2 ++ .github/workflows/hitch.yml | 2 ++ .github/workflows/hostap-vm.yml | 3 +++ .github/workflows/ipmitool.yml | 2 ++ .github/workflows/jwt-cpp.yml | 2 ++ .github/workflows/krb5.yml | 2 ++ .github/workflows/libssh2.yml | 2 ++ .github/workflows/libvncserver.yml | 2 ++ .github/workflows/memcached.yml | 2 ++ .github/workflows/mosquitto.yml | 2 ++ .github/workflows/multi-arch.yml | 1 + .github/workflows/multi-compiler.yml | 1 + .github/workflows/net-snmp.yml | 2 ++ .github/workflows/nginx.yml | 2 ++ .github/workflows/no-malloc.yml | 1 + .github/workflows/ntp.yml | 2 ++ .github/workflows/ocsp.yml | 1 + .github/workflows/openssh.yml | 2 ++ .github/workflows/openvpn.yml | 2 ++ .github/workflows/os-check.yml | 5 +++++ .github/workflows/packaging.yml | 1 + .github/workflows/pam-ipmi.yml | 2 ++ .github/workflows/rng-tools.yml | 2 ++ .github/workflows/socat.yml | 4 ++-- .github/workflows/stunnel.yml | 2 ++ .github/workflows/zephyr.yml | 1 + 33 files changed, 63 insertions(+), 2 deletions(-) diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index d2c4d0c84..3ad8e8686 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -23,6 +23,7 @@ jobs: '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"', ] name: make check + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index ba3ff3ff7..06cd338cb 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -38,6 +39,7 @@ jobs: test_curl: name: ${{ matrix.curl_ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 15 diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 9f2aab72c..790d8886a 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -46,6 +47,7 @@ jobs: # List of releases to test ref: [ 2.1.28 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml index 1943a6269..0a92dac0c 100644 --- a/.github/workflows/disabled/haproxy.yml +++ b/.github/workflows/disabled/haproxy.yml @@ -20,6 +20,7 @@ jobs: # List of refs to test ref: [ master ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest steps: - name: Build wolfSSL diff --git a/.github/workflows/disabled/hostap.yml b/.github/workflows/disabled/hostap.yml index 97a03ce32..46c413195 100644 --- a/.github/workflows/disabled/hostap.yml +++ b/.github/workflows/disabled/hostap.yml @@ -22,6 +22,7 @@ jobs: - build_id: hostap-build2 wolf_extra_config: --enable-brainpool --enable-wpas-dpp name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-20.04 # This should be a safe limit for the tests to run. @@ -99,6 +100,7 @@ jobs: build_id: hostap-build2 } name: hwsim test + if: github.repository_owner == 'wolfssl' # For openssl 1.1 runs-on: ubuntu-20.04 # This should be a safe limit for the tests to run. diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml index c2b6ff0ba..184dced8d 100644 --- a/.github/workflows/docker-Espressif.yml +++ b/.github/workflows/docker-Espressif.yml @@ -14,6 +14,7 @@ concurrency: jobs: espressif_latest: name: latest Docker container + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 12 @@ -25,6 +26,7 @@ jobs: run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh espressif_v4_4: name: v4.4 Docker container + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest container: image: espressif/idf:release-v4.4 @@ -34,6 +36,7 @@ jobs: run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh espressif_v5_0: name: v5.0 Docker container + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest container: image: espressif/idf:release-v5.0 diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index 283e3b92e..0a3768d61 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -17,6 +17,7 @@ concurrency: jobs: build_library: name: Compile libwolfssl.so + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -40,6 +41,7 @@ jobs: retention-days: 5 compile_container: name: Compile container + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 2 diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 4e145cc6c..e8d549b7a 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -50,6 +51,7 @@ jobs: test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test h2_ssl_cert_test h2_ssl_session_reuse_test name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 30 diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index 60ee38dba..5f0b58986 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -47,6 +48,7 @@ jobs: ignore-tests: >- test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 22a073ce6..94f305d1f 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -27,6 +27,7 @@ jobs: --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 --enable-tlsv10 --enable-oldtls name: Build wolfSSL + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 @@ -64,6 +65,7 @@ jobs: build_uml_linux: name: Build UML (UserMode Linux) + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 @@ -140,6 +142,7 @@ jobs: } name: hwsim test # For openssl 1.1 + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 45 diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 2fb6403d7..36411261c 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -18,6 +18,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target runs-on: ubuntu-latest + if: github.repository_owner == 'wolfssl' # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,6 +47,7 @@ jobs: matrix: git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] name: ${{ matrix.git_ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 13569574f..2b82ca6b3 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -45,6 +46,7 @@ jobs: matrix: ref: [ 0.6.0 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index ce96479ce..2b69761d2 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 5 @@ -48,6 +49,7 @@ jobs: # List of releases to test ref: [ 1.21.1 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 8 diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index 0f5f24100..121595954 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -45,6 +46,7 @@ jobs: # List of releases to test ref: [ 1.11.0 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 8 diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml index cdef79dde..942b7aa3f 100644 --- a/.github/workflows/libvncserver.yml +++ b/.github/workflows/libvncserver.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -45,6 +46,7 @@ jobs: matrix: ref: [ 0.9.13 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index e1cbb3784..a111e3002 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest steps: - name: Build wolfSSL @@ -46,6 +47,7 @@ jobs: include: - ref: 1.6.22 name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 8ba047779..44a47ce92 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -16,6 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -43,6 +44,7 @@ jobs: matrix: ref: [ 2.0.18 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml index c8f227019..33ea970ae 100644 --- a/.github/workflows/multi-arch.yml +++ b/.github/workflows/multi-arch.yml @@ -36,6 +36,7 @@ jobs: CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6 ARCH: armel EXTRA_OPTS: --enable-sp-asm + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 08e1e4e0d..3edf533f2 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -46,6 +46,7 @@ jobs: - CC: clang-14 CXX: clang++-14 OS: ubuntu-latest + if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.OS }} # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 709b59f5e..0275e0f12 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -46,6 +47,7 @@ jobs: - ref: 5.9.3 test_opts: -e 'agentxperl' name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 0d4f1448e..e6729f11e 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -105,6 +106,7 @@ jobs: stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t stream_proxy_ssl_verify.t name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml index d3ba9b2d2..a5888caa4 100644 --- a/.github/workflows/no-malloc.yml +++ b/.github/workflows/no-malloc.yml @@ -21,6 +21,7 @@ jobs: '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"', ] name: make check + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index fcc084324..89f330f9a 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -45,6 +46,7 @@ jobs: # List of releases to test ref: [ 4.2.8p15 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml index 3937b2e7f..fab41650a 100644 --- a/.github/workflows/ocsp.yml +++ b/.github/workflows/ocsp.yml @@ -15,6 +15,7 @@ concurrency: jobs: ocsp_stapling: name: ocsp stapling + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest timeout-minutes: 10 steps: diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 3e717af01..586d21edf 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -47,6 +48,7 @@ jobs: - git_ref: 'V_9_6_P1' osp_ver: '9.6' name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index a547e8d8f..97274daf8 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -44,6 +45,7 @@ jobs: # List of refs to test ref: [ release/2.6, v2.6.0, master ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 8b337c1f0..939402992 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -40,6 +40,7 @@ jobs: --enable-dtls-mtu', ] name: make check + if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} # This should be a safe limit for the tests to run. timeout-minutes: 14 @@ -60,6 +61,7 @@ jobs: 'examples/configs/user_settings_all.h', ] name: make user_setting.h + if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} # This should be a safe limit for the tests to run. timeout-minutes: 14 @@ -85,6 +87,7 @@ jobs: 'examples/configs/user_settings_tls12.h', ] name: make user_setting.h (testwolfcrypt only) + if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} # This should be a safe limit for the tests to run. timeout-minutes: 14 @@ -106,6 +109,7 @@ jobs: matrix: os: [ ubuntu-latest, macos-latest ] name: make user_setting.h (with sed) + if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} # This should be a safe limit for the tests to run. timeout-minutes: 14 @@ -124,6 +128,7 @@ jobs: windows_build: name: Windows Build Test + if: github.repository_owner == 'wolfssl' runs-on: windows-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index b9d3378ff..83eff907a 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Package wolfSSL + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index dda320064..af127651f 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -16,6 +16,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -46,6 +47,7 @@ jobs: matrix: git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] name: ${{ matrix.git_ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest needs: build_wolfssl steps: diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml index 98a428007..859c6e6bd 100644 --- a/.github/workflows/rng-tools.yml +++ b/.github/workflows/rng-tools.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -45,6 +46,7 @@ jobs: # List of releases to test ref: [ 6.16 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index fe2c8252a..270c005fc 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest timeout-minutes: 4 steps: @@ -37,8 +38,7 @@ jobs: socat_check: - strategy: - fail-fast: false + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 30 diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index fdb6623f4..0bef67a8f 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -15,6 +15,7 @@ concurrency: jobs: build_wolfssl: name: Build wolfSSL + if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target runs-on: ubuntu-latest # This should be a safe limit for the tests to run. @@ -44,6 +45,7 @@ jobs: # List of releases to test ref: [ 5.67 ] name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 2bb059c29..52f1a21eb 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -25,6 +25,7 @@ jobs: zephyr-sdk: 0.16.3 - zephyr-ref: v2.7.4 zephyr-sdk: 0.16.3 + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 25 From 1a4b821c6417d6dd06707d6c3e8bd04e89be85c8 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 23 Sep 2024 11:46:19 -0700 Subject: [PATCH 026/325] Add pthread link for liboqs testing --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e07b0bb11..31a85bcfe 100644 --- a/configure.ac +++ b/configure.ac @@ -1237,7 +1237,7 @@ AC_ARG_WITH([liboqs], tryliboqsdir="/usr/local" fi - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include" + CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread" LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib" AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ]) From c16ebaeb473a5c42e7414db3bd963fe6492525ed Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Mon, 23 Sep 2024 15:33:52 -0400 Subject: [PATCH 027/325] Update to seperate CMAC and AES conditional compiles. Correct update. --- wolfcrypt/src/cmac.c | 178 ++++++++++++++++++++++++--------------- wolfcrypt/src/cryptocb.c | 32 ++++++- wolfssl/wolfcrypt/cmac.h | 27 ++++-- 3 files changed, 157 insertions(+), 80 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 8accb1a87..2b8eaae30 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -32,7 +32,7 @@ #include #endif -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) +#if defined(WOLFSSL_CMAC) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ @@ -80,7 +80,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz) } #endif /* WOLFSSL_HASH_KEEP */ - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) /* Used by AES-SIV. See aes.c. */ void ShiftAndXorRb(byte* out, byte* in) { @@ -100,6 +100,7 @@ void ShiftAndXorRb(byte* out, byte* in) } } } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ /* returns 0 on success */ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, @@ -146,30 +147,41 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, return BAD_FUNC_ARG; } - ret = wc_AesInit(&cmac->aes, heap, devId); + switch (type) { +#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + cmac->type = WC_CMAC_AES; + ret = wc_AesInit(&cmac->aes, heap, devId); -#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) - cmac->useSWCrypt = useSW; - if (cmac->useSWCrypt == 1) { - cmac->aes.useSWCrypt = 1; - } -#endif - - if (ret == 0) { - ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); - } - - if (ret == 0) { - byte l[AES_BLOCK_SIZE]; - - XMEMSET(l, 0, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, l, l); - if (ret == 0) { - ShiftAndXorRb(cmac->k1, l); - ShiftAndXorRb(cmac->k2, cmac->k1); - ForceZero(l, AES_BLOCK_SIZE); + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) + cmac->useSWCrypt = useSW; + if (cmac->useSWCrypt == 1) { + cmac->aes.useSWCrypt = 1; } + #endif + + if (ret == 0) { + ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); + } + + if (ret == 0) { + byte l[AES_BLOCK_SIZE]; + + XMEMSET(l, 0, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, l, l); + if (ret == 0) { + ShiftAndXorRb(cmac->k1, l); + ShiftAndXorRb(cmac->k2, cmac->k1); + ForceZero(l, AES_BLOCK_SIZE); + } + } + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + + return BAD_FUNC_ARG; } + return ret; } @@ -201,7 +213,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, 0, NULL); + NULL, NULL, cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -211,26 +223,34 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) /* Clear CRYPTOCB_UNAVAILABLE return code */ ret = 0; - while ((ret == 0) && (inSz != 0)) { - word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); - XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + while ((ret == 0) && (inSz != 0)) { + word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); + XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); - cmac->bufferSz += add; - in += add; - inSz -= add; + cmac->bufferSz += add; + in += add; + inSz -= add; - if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { - if (cmac->totalSz != 0) { - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - } - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - cmac->totalSz += AES_BLOCK_SIZE; - cmac->bufferSz = 0; + if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { + if (cmac->totalSz != 0) { + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + } + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + if (ret == 0) { + cmac->totalSz += AES_BLOCK_SIZE; + cmac->bufferSz = 0; + } } } + }; break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default : + ret = BAD_FUNC_ARG; } - return ret; } @@ -244,7 +264,16 @@ int wc_CmacFree(Cmac* cmac) * wc_CmacFinal() not called. */ XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - wc_AesFree(&cmac->aes); + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + wc_AesFree(&cmac->aes); + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default : + /* Nothing to do */ + (void)cmac; + } ForceZero(cmac, sizeof(Cmac)); return 0; } @@ -252,8 +281,6 @@ int wc_CmacFree(Cmac* cmac) int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) { int ret = 0; - const byte* subKey; - word32 remainder; if (cmac == NULL || out == NULL || outSz == NULL) { return BAD_FUNC_ARG; @@ -267,41 +294,53 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ } + ret = 0; #endif + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + const byte* subKey; + word32 remainder; - if (cmac->bufferSz == AES_BLOCK_SIZE) { - subKey = cmac->k1; - } - else { - /* ensure we will have a valid remainder value */ - if (cmac->bufferSz > AES_BLOCK_SIZE) { - return BAD_STATE_E; + if (cmac->bufferSz == AES_BLOCK_SIZE) { + subKey = cmac->k1; } - remainder = AES_BLOCK_SIZE - cmac->bufferSz; + else { + /* ensure we will have a valid remainder value */ + if (cmac->bufferSz > AES_BLOCK_SIZE) { + return BAD_STATE_E; + } + remainder = AES_BLOCK_SIZE - cmac->bufferSz; - if (remainder == 0) { - remainder = AES_BLOCK_SIZE; - } - if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); - } + if (remainder == 0) { + remainder = AES_BLOCK_SIZE; + } + if (remainder > 1) { + XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); + } - cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; - subKey = cmac->k2; - } - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - XMEMCPY(out, cmac->digest, *outSz); + cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; + subKey = cmac->k2; + } + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + if (ret == 0) { + XMEMCPY(out, cmac->digest, *outSz); + } + }; break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default : + ret = BAD_FUNC_ARG; } - return 0; + return ret; } int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { @@ -314,7 +353,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { return ret; } - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) int wc_AesCmacGenerate_ex(Cmac* cmac, byte* out, word32* outSz, const byte* in, word32 inSz, @@ -334,8 +373,6 @@ int wc_AesCmacGenerate_ex(Cmac* cmac, if (devId != INVALID_DEVID) #endif { - cmac->devCtx = NULL; - ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz, WC_CMAC_AES, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) @@ -498,5 +535,6 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, return ret; } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ -#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */ +#endif /* WOLFSSL_CMAC */ diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index d510bb438..1b64220d7 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -85,6 +85,7 @@ static const char* GetAlgoTypeStr(int algo) case WC_ALGO_TYPE_RNG: return "RNG"; case WC_ALGO_TYPE_SEED: return "Seed"; case WC_ALGO_TYPE_HMAC: return "HMAC"; + case WC_ALGO_TYPE_CMAC: return "CMAC"; } return NULL; } @@ -104,6 +105,7 @@ static const char* GetPkTypeStr(int pk) } return NULL; } +#if !defined(NO_AES) || !defined(NO_DES3) static const char* GetCipherTypeStr(int cipher) { switch (cipher) { @@ -119,6 +121,7 @@ static const char* GetCipherTypeStr(int cipher) } return NULL; } +#endif /* !NO_AES || !NO_DES3 */ static const char* GetHashTypeStr(int hash) { switch (hash) { @@ -141,6 +144,16 @@ static const char* GetHashTypeStr(int hash) return NULL; } +#ifdef WOLFSSL_CMAC +static const char* GetCmacTypeStr(int type) +{ + switch (type) { + case WC_CMAC_AES: return "AES"; + } + return NULL; +} +#endif /* WOLFSSL_CMAC */ + #ifndef NO_RSA static const char* GetRsaType(int type) { @@ -186,12 +199,14 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) GetPkTypeStr(info->pk.type), info->pk.type); } } +#if !defined(NO_AES) || !defined(NO_DES3) else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), GetCipherTypeStr(info->cipher.type), info->cipher.type, info->cipher.ctx); } +#endif /* !NO_AES || !NO_DES3 */ else if (info->algo_type == WC_ALGO_TYPE_HASH) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -206,6 +221,17 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->hmac.macType, info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } +#ifdef WOLFSSL_CMAC + else if (info->algo_type == WC_ALGO_TYPE_CMAC) { + printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n", + GetAlgoTypeStr(info->algo_type), + GetCmacTypeStr(info->cmac.type), + info->cmac.type, info->cmac.cmac, + (info->cmac.key != NULL) ? "Init " : "", + (info->cmac.in != NULL) ? "Update " : "", + (info->cmac.out != NULL) ? "Final" : ""); + } +#endif #ifdef WOLF_CRYPTO_CB_CMD else if (info->algo_type == WC_ALGO_TYPE_NONE) { printf("Crypto CB: %s %s (%d)\n", @@ -1775,7 +1801,8 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz) return wc_CryptoCb_TranslateErrorCode(ret); } #endif /* !WC_NO_RNG */ -#ifdef WOLFSSL_CMAC + +#if defined(WOLFSSL_CMAC) int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32* outSz, int type, void* ctx) @@ -1791,7 +1818,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, /* locate first callback and try using it */ dev = wc_CryptoCb_FindDeviceByIndex(0); } - if (dev && dev->cb) { wc_CryptoInfo cryptoInfo; XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); @@ -1812,7 +1838,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif +#endif /* WOLFSSL_CMAC && !NO_AES */ /* returns the default dev id for the current build */ int wc_CryptoCb_DefaultDevID(void) diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 015a9a0a6..6db332652 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -24,9 +24,10 @@ #define WOLF_CRYPT_CMAC_H #include -#include -#if !defined(NO_AES) && defined(WOLFSSL_CMAC) +#ifdef WOLFSSL_CMAC + +#include #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) @@ -40,16 +41,23 @@ /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) +typedef enum CmacType { + WC_CMAC_AES = 1 +} CmacType; + #ifndef WC_CMAC_TYPE_DEFINED typedef struct Cmac Cmac; #define WC_CMAC_TYPE_DEFINED #endif struct Cmac { + CmacType type; +#ifndef NO_AES Aes aes; byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ byte digest[AES_BLOCK_SIZE]; /* running digest */ byte k1[AES_BLOCK_SIZE]; byte k2[AES_BLOCK_SIZE]; +#endif word32 bufferSz; word32 totalSz; #ifdef WOLF_CRYPTO_CB @@ -74,12 +82,15 @@ struct Cmac { -typedef enum CmacType { - WC_CMAC_AES = 1 -} CmacType; +#ifndef NO_AES #define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE #define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) +#else +/* Reasonable defaults */ +#define WC_CMAC_TAG_MAX_SZ 16 +#define WC_CMAC_TAG_MIN_SZ 4 +#endif #if FIPS_VERSION3_GE(6,0,0) extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2]; @@ -111,6 +122,7 @@ int wc_CmacFinal(Cmac* cmac, WOLFSSL_API int wc_CmacFree(Cmac* cmac); +#ifndef NO_AES WOLFSSL_API int wc_AesCmacGenerate(byte* out, word32* outSz, const byte* in, word32 inSz, @@ -134,10 +146,11 @@ int wc_AesCmacVerify_ex(Cmac* cmac, const byte* key, word32 keySz, void* heap, int devId); - WOLFSSL_LOCAL void ShiftAndXorRb(byte* out, byte* in); +#endif /* !NO_AES */ + #ifdef WOLFSSL_HASH_KEEP WOLFSSL_API int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); @@ -148,6 +161,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); #endif -#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* WOLFSSL_CMAC */ #endif /* WOLF_CRYPT_CMAC_H */ From 09b5362ed89b82aa30880b1a4ddc7f76052a4eaa Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 23 Sep 2024 16:16:08 -0400 Subject: [PATCH 028/325] Fix '--depth=1' repos When the repo was checked out as a shallow copy, we need to unshallow so FIPS builds can successfully find all the required tags and branches. --- fips-check.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fips-check.sh b/fips-check.sh index a134bddab..806c8a142 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -334,6 +334,9 @@ function copy_fips_files() { done } +# Check to make sure this is not a shallow repo +$GIT fetch --unshallow 2>/dev/null + if ! $GIT clone . "$TEST_DIR"; then echo "fips-check: Couldn't duplicate current working directory." exit 1 From 0f646b6e4b8880c016155f9ee4c883a11f1396b8 Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 23 Sep 2024 23:24:36 -0500 Subject: [PATCH 029/325] asn: cleanup around edPubKeyASN. --- wolfcrypt/src/asn.c | 57 ++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bea4c89d0..8736d2d89 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -57,7 +57,7 @@ ASN Options: * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to restore 3.13.0 behavior. * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined, - allow a length=1, but zero value serial numnber. + allow a length=1, but zero value serial number. * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer must still be trusted) * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert @@ -12015,34 +12015,38 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT) -/* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo). +/* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key. + * Used with Ed448/Ed25519, Curve448/Curve25519, sphincs, falcon, dilithium, + * etc. + * + * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo * RFC 8410, 4 - Subject Public Key Fields */ -static const ASNItem edPubKeyASN[] = { +static const ASNItem publicKeyASN[] = { /* SubjectPublicKeyInfo */ /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* AlgorithmIdentifier */ /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, - /* Ed25519/Ed448 OID */ + /* Ed25519/Ed448 OID, etc. */ /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, /* Public key stream */ /* PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 }, }; enum { - EDPUBKEYASN_IDX_SEQ = 0, - EDPUBKEYASN_IDX_ALGOID_SEQ, - EDPUBKEYASN_IDX_ALGOID_OID, - EDPUBKEYASN_IDX_PUBKEY + PUBKEYASN_IDX_SEQ = 0, + PUBKEYASN_IDX_ALGOID_SEQ, + PUBKEYASN_IDX_ALGOID_OID, + PUBKEYASN_IDX_PUBKEY }; -/* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */ -#define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem)) +/* Number of items in ASN.1 template for public key SubjectPublicKeyInfo. */ +#define publicKeyASN_Length (sizeof(publicKeyASN) / sizeof(ASNItem)) #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */ #endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WC_ENABLE_ASYM_KEY_EXPORT -/* Build ASN.1 formatted public key based on RFC 8410 +/* Build ASN.1 formatted public key based on RFC 5280 and RFC 8410 * * Pass NULL for output to get the size of the encoding. * @@ -12066,7 +12070,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, word32 sz; #else int sz = 0; - DECL_ASNSETDATA(dataASN, edPubKeyASN_Length); + DECL_ASNSETDATA(dataASN, publicKeyASN_Length); #endif /* validate parameters */ @@ -12118,25 +12122,26 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, } #else if (withHeader) { - CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL); + CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL); if (ret == 0) { /* Set the OID. */ - SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType, + SetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], (word32)keyType, oidKeyType); /* Leave space for public point. */ - SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen); + SetASN_Buffer(&dataASN[PUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen); /* Calculate size of public key encoding. */ - ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz); + ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, + &sz); } if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { /* Encode public key. */ - SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output); + SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output); /* Set location to encode public point. */ - output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data; + output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data; } FREE_ASNSETDATA(dataASN, NULL); @@ -35234,7 +35239,7 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, word32 oid; #else word32 len; - DECL_ASNGETDATA(dataASN, edPubKeyASN_Length); + DECL_ASNGETDATA(dataASN, publicKeyASN_Length); #endif if (input == NULL || inSz == 0 || inOutIdx == NULL || @@ -35269,17 +35274,17 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, #else len = inSz - *inOutIdx; - CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL); + CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL); if (ret == 0) { /* Require OID. */ word32 oidSz; const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); - GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz); + GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oid, oidSz); /* Decode Ed25519 private key. */ - ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input, - inOutIdx, inSz); + ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1, + input, inOutIdx, inSz); if (ret != 0) ret = ASN_PARSE_E; /* check that input buffer is exhausted */ @@ -35288,12 +35293,12 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, } /* Check that the all the buffer was used. */ if ((ret == 0) && - (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) { + (GetASNItem_Length(dataASN[PUBKEYASN_IDX_SEQ], input) != len)) { ret = ASN_PARSE_E; } if (ret == 0) { - *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length; - *pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data; + *pubKeyLen = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.length; + *pubKey = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.data; } FREE_ASNGETDATA(dataASN, NULL); From 112a4ddbad87502489ddc22fe613680e024f72dc Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 17:25:26 +0800 Subject: [PATCH 030/325] win: add arm64 to wolfssl.vcxproj --- wolfssl.vcxproj | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj index 58025da78..23c57b17a 100644 --- a/wolfssl.vcxproj +++ b/wolfssl.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {73973223-5EE8-41CA-8E88-1D60E89A237B} @@ -63,6 +79,18 @@ v110 Unicode true + + + StaticLibrary + v110 + Unicode + true + + + DynamicLibrary + v110 + Unicode + true StaticLibrary @@ -83,6 +111,16 @@ DynamicLibrary v110 Unicode + + + StaticLibrary + v110 + Unicode + + + DynamicLibrary + v110 + Unicode @@ -120,6 +158,10 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -128,6 +170,10 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -136,6 +182,10 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -144,6 +194,10 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -211,6 +265,39 @@ false true + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + @@ -274,6 +361,38 @@ ws2_32.lib;%(AdditionalDependencies) true + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + @@ -448,6 +567,8 @@ true true true + true + true From 6735fcf695e93dc6fff7e3085a89335b06d16479 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 17:55:44 +0800 Subject: [PATCH 031/325] win: add arm64 to testsuite.vcxproj --- testsuite/testsuite.vcxproj | 148 ++++++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj index 958f937fa..609731732 100644 --- a/testsuite/testsuite.vcxproj +++ b/testsuite/testsuite.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80} @@ -64,6 +80,18 @@ Unicode true + + Application + v110 + Unicode + true + + + Application + v110 + Unicode + true + Application v110 @@ -84,6 +112,16 @@ v110 Unicode + + Application + v110 + Unicode + + + Application + v110 + Unicode + @@ -99,6 +137,12 @@ + + + + + + @@ -111,6 +155,12 @@ + + + + + + <_ProjectFileVersion>11.0.61030.0 @@ -135,6 +185,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -155,6 +215,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -232,6 +302,42 @@ Console + + + Disabled + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + Disabled + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + MaxSpeed @@ -318,6 +424,48 @@ true + + + MaxSpeed + true + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + MaxSpeed + true + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + From f599a0a7c32d6cc48c525b95ed1a10704ee2e477 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 17:59:00 +0800 Subject: [PATCH 032/325] win: add arm64 to sslsniffer.vcxproj --- sslSniffer/sslSniffer.vcxproj | 74 +++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj index 7395cac1f..88bbc963f 100644 --- a/sslSniffer/sslSniffer.vcxproj +++ b/sslSniffer/sslSniffer.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + Release Win32 @@ -17,6 +21,10 @@ Release x64 + + Release + ARM64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D} @@ -36,6 +44,12 @@ Unicode true + + DynamicLibrary + v110 + Unicode + true + DynamicLibrary v110 @@ -46,6 +60,11 @@ v110 Unicode + + DynamicLibrary + v110 + Unicode + @@ -55,12 +74,18 @@ + + + + + + <_ProjectFileVersion>11.0.61030.0 @@ -75,6 +100,11 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -85,6 +115,11 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -123,6 +158,24 @@ Windows + + + Disabled + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Windows + + MaxSpeed @@ -166,6 +219,27 @@ true + + + MaxSpeed + true + ../;../IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Windows + true + true + + From 28cebe8c7efcca046741e4b31647315d379e8528 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:04:07 +0800 Subject: [PATCH 033/325] win: add arm64 to echoclient.vcxproj --- examples/echoclient/echoclient.vcxproj | 148 +++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj index 9fa8aad0f..68eb81b1d 100644 --- a/examples/echoclient/echoclient.vcxproj +++ b/examples/echoclient/echoclient.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {8362A816-C5DC-4E22-B5C5-9E6806387073} @@ -64,6 +80,18 @@ Unicode true + + Application + v110 + Unicode + true + + + Application + v110 + Unicode + true + Application v110 @@ -84,6 +112,16 @@ v110 Unicode + + Application + v110 + Unicode + + + Application + v110 + Unicode + @@ -99,6 +137,12 @@ + + + + + + @@ -111,6 +155,12 @@ + + + + + + <_ProjectFileVersion>11.0.61030.0 @@ -135,6 +185,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -155,6 +215,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -232,6 +302,42 @@ Console + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + MaxSpeed @@ -318,6 +424,48 @@ true + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + From 45d51bfe49b73ff181153c61d4d5934dccf6ec9b Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:07:41 +0800 Subject: [PATCH 034/325] win: add arm64 to echoserver.vcxproj --- examples/echoserver/echoserver.vcxproj | 148 +++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj index 28bd2a836..68c4f1680 100644 --- a/examples/echoserver/echoserver.vcxproj +++ b/examples/echoserver/echoserver.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB} @@ -64,6 +80,18 @@ Unicode true + + Application + v110 + Unicode + true + + + Application + v110 + Unicode + true + Application v110 @@ -84,6 +112,16 @@ v110 Unicode + + Application + v110 + Unicode + + + Application + v110 + Unicode + @@ -99,6 +137,12 @@ + + + + + + @@ -110,6 +154,12 @@ + + + + + + @@ -135,6 +185,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -155,6 +215,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -232,6 +302,42 @@ Console + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + MaxSpeed @@ -318,6 +424,48 @@ true + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + From 8bf196f32c44f7da510dc30a2152c51969bbedad Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:11:42 +0800 Subject: [PATCH 035/325] win: add arm64 to client.vcxproj --- examples/client/client.vcxproj | 148 +++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj index 3f5c79a05..0843627d5 100644 --- a/examples/client/client.vcxproj +++ b/examples/client/client.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {3ADE9549-582D-4D8E-9826-B172197A7959} @@ -64,6 +80,18 @@ Unicode true + + Application + v110 + Unicode + true + + + Application + v110 + Unicode + true + Application v110 @@ -84,6 +112,16 @@ v110 Unicode + + Application + v110 + Unicode + + + Application + v110 + Unicode + @@ -99,6 +137,12 @@ + + + + + + @@ -111,6 +155,12 @@ + + + + + + <_ProjectFileVersion>11.0.61030.0 @@ -135,6 +185,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -155,6 +215,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -232,6 +302,42 @@ Console + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + MaxSpeed @@ -318,6 +424,48 @@ true + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + From 4f856773cf24319898f122f263a31771b323e9b1 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:15:40 +0800 Subject: [PATCH 036/325] win: add arm64 to server.vcxproj --- examples/server/server.vcxproj | 148 +++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj index 8f11fee8f..3695fc1eb 100644 --- a/examples/server/server.vcxproj +++ b/examples/server/server.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + DLL Debug Win32 @@ -17,6 +21,10 @@ DLL Debug x64 + + DLL Debug + ARM64 + DLL Release Win32 @@ -25,6 +33,10 @@ DLL Release x64 + + DLL Release + ARM64 + Release Win32 @@ -33,6 +45,10 @@ Release x64 + + Release + ARM64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1} @@ -64,6 +80,18 @@ Unicode true + + Application + v110 + Unicode + true + + + Application + v110 + Unicode + true + Application v110 @@ -84,6 +112,16 @@ v110 Unicode + + Application + v110 + Unicode + + + Application + v110 + Unicode + @@ -99,6 +137,12 @@ + + + + + + @@ -111,6 +155,12 @@ + + + + + + <_ProjectFileVersion>11.0.61030.0 @@ -135,6 +185,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -155,6 +215,16 @@ $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + false + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + Disabled @@ -232,6 +302,42 @@ Console + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + Disabled + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + MaxSpeed @@ -318,6 +424,48 @@ true + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + MaxSpeed + true + ../../;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + From 665fd89c55ba60f03ebf6b13af1f24de124e4901 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:18:10 +0800 Subject: [PATCH 037/325] win: add arm64 to sslsnifftest.vcxproj --- .../sslSnifferTest/sslSniffTest.vcxproj | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj index 72770eba5..8d4cb32ac 100644 --- a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj +++ b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj @@ -9,6 +9,10 @@ Debug x64 + + Debug + ARM64 + Release Win32 @@ -17,6 +21,10 @@ Release x64 + + Release + ARM64 + {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1} @@ -37,6 +45,12 @@ Unicode true + + Application + v141 + Unicode + true + Application v141 @@ -47,6 +61,11 @@ v141 Unicode + + Application + v141 + Unicode + @@ -56,12 +75,18 @@ + + + + + + <_ProjectFileVersion>15.0.28307.799 @@ -78,6 +103,12 @@ $(SolutionDir)$(Configuration)\$(Platform)\ snifftest + + true + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ + snifftest + $(SolutionDir)$(Configuration)\$(Platform)\ $(Configuration)\$(Platform)\$(ProjectName)_obj\ @@ -90,6 +121,12 @@ $(SolutionDir)$(Configuration)\$(Platform)\ snifftest + + false + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + $(SolutionDir)$(Configuration)\$(Platform)\ + snifftest + Disabled @@ -129,6 +166,25 @@ Console + + + Disabled + ../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies) + ../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories) + true + Console + + MaxSpeed @@ -173,6 +229,28 @@ true + + + MaxSpeed + true + ../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies) + ../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories) + true + Console + true + true + + From 34224d84d36baedd96df0693832b2e0419e6b965 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:32:44 +0800 Subject: [PATCH 038/325] win: add arm64 to wolfssl64.sln --- wolfssl64.sln | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/wolfssl64.sln b/wolfssl64.sln index e268b3840..796649b23 100644 --- a/wolfssl64.sln +++ b/wolfssl64.sln @@ -24,130 +24,192 @@ Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 Debug|x64 = Debug|x64 + Debug|ARM64 = Debug|ARM64 DLL Debug|Win32 = DLL Debug|Win32 DLL Debug|x64 = DLL Debug|x64 + DLL Debug|ARM64 = DLL Debug|ARM64 DLL Release|Win32 = DLL Release|Win32 DLL Release|x64 = DLL Release|x64 + DLL Release|ARM64 = DLL Release|ARM64 Release|Win32 = Release|Win32 Release|x64 = Release|x64 + Release|ARM64 = Release|ARM64 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.Build.0 = Debug|ARM64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.ActiveCfg = Release|ARM64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.Build.0 = Release|ARM64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.Build.0 = Debug|ARM64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64 {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.ActiveCfg = Release|ARM64 + {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.Build.0 = Release|ARM64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.ActiveCfg = Debug|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.Build.0 = Debug|ARM64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64 {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.Build.0 = Release|x64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.ActiveCfg = Release|ARM64 + {34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.Build.0 = Release|ARM64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.ActiveCfg = Debug|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.Build.0 = Debug|ARM64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64 {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.Build.0 = Release|x64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.ActiveCfg = Release|ARM64 + {07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.Build.0 = Release|ARM64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.ActiveCfg = Debug|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.Build.0 = Debug|ARM64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64 {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.Build.0 = Release|x64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.ActiveCfg = Release|ARM64 + {8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.Build.0 = Release|ARM64 {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.ActiveCfg = Debug|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64 {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.Build.0 = Debug|ARM64 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64 {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32 {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64 {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.Build.0 = Release|x64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.ActiveCfg = Release|ARM64 + {3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.Build.0 = Release|ARM64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.ActiveCfg = Debug|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.Build.0 = Debug|ARM64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64 {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.Build.0 = Release|x64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.ActiveCfg = Release|ARM64 + {E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.Build.0 = Release|ARM64 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|Win32.ActiveCfg = Debug|Win32 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|x64.ActiveCfg = Debug|x64 + {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|ARM64.ActiveCfg = Debug|ARM64 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|Win32.ActiveCfg = Debug|Win32 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|x64.ActiveCfg = Debug|x64 + {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|ARM64.ActiveCfg = Debug|ARM64 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|Win32.ActiveCfg = Debug|Win32 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|x64.ActiveCfg = Debug|x64 + {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|ARM64.ActiveCfg = Debug|ARM64 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|Win32.ActiveCfg = Release|Win32 {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|x64.ActiveCfg = Release|x64 + {8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|ARM64.ActiveCfg = Release|ARM64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE From 62c6a3d892af2620a3ed744b1450a75e86edc9c3 Mon Sep 17 00:00:00 2001 From: res0nance Date: Tue, 24 Sep 2024 18:35:05 +0800 Subject: [PATCH 039/325] ci: add Win32 and ARM64 windows CI --- .github/workflows/os-check.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 8b337c1f0..dd47908a9 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -125,6 +125,10 @@ jobs: windows_build: name: Windows Build Test runs-on: windows-latest + strategy: + fail-fast: false + matrix: + arch: [ x64, Win32, ARM64 ] # This should be a safe limit for the tests to run. timeout-minutes: 6 env: @@ -135,7 +139,6 @@ jobs: # You can convert this to a build matrix if you need coverage of multiple configuration types. # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix BUILD_CONFIGURATION: Release - BUILD_PLATFORM: x64 steps: - uses: actions/checkout@v4 @@ -150,8 +153,9 @@ jobs: working-directory: ${{env.GITHUB_WORKSPACE}} # Add additional options to the MSBuild command line here (like platform or verbosity level). # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference - run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}} + run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}} - - name: Run Test + - if: ${{ matrix.arch != 'ARM64' }} + name: Run Test working-directory: ${{env.GITHUB_WORKSPACE}} - run: Release/x64/testsuite.exe + run: Release/${{matrix.arch}}/testsuite.exe From 9dccd66a3a345e8c20a8f3ade459badb326235c7 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 24 Sep 2024 12:54:15 +0000 Subject: [PATCH 040/325] address review: better guarding in test --- tests/api.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index 3a28ae3af..320cd92a7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -94147,8 +94147,9 @@ static int test_dtls12_basic_connection_id(void) unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 }; unsigned char readBuf[40]; const char* params[] = { +#ifndef NO_RSA #ifndef NO_SHA256 -#ifdef WOLFSSL_AES_128 +#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_STATIC_RSA) "AES128-SHA256", #ifdef HAVE_AESCCM "AES128-CCM8", @@ -94159,8 +94160,9 @@ static int test_dtls12_basic_connection_id(void) "DHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", #endif -#endif -#endif +#endif /* WOLFSSL_AES_128 && WOLFSSL_STATIC_RSA */ +#endif /* NO_SHA256 */ +#endif /* NO_RSA */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) "DHE-RSA-CHACHA20-POLY1305", "DHE-RSA-CHACHA20-POLY1305-OLD", @@ -94225,8 +94227,10 @@ static int test_dtls12_basic_connection_id(void) } #endif +#ifdef HAVE_SECURE_RENEGOTIATION ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1); ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1); +#endif /* CH1 */ wolfSSL_SetLoggingPrefix("client"); @@ -94325,6 +94329,7 @@ static int test_dtls12_basic_connection_id(void) ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1); ExpectIntEQ(readBuf[0], params[i][0]); +#ifdef HAVE_SECURE_RENEGOTIATION /* do two SCR's */ wolfSSL_SetLoggingPrefix("client"); ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); @@ -94442,7 +94447,7 @@ static int test_dtls12_basic_connection_id(void) ExpectNull(CLIENT_CID()); ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0); ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0); - +#endif /* Close connection */ wolfSSL_SetLoggingPrefix("client"); ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); @@ -94455,7 +94460,9 @@ static int test_dtls12_basic_connection_id(void) wolfSSL_SetLoggingPrefix("server"); ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); +#ifdef HAVE_SECURE_RENEGOTIATION loop_exit: +#endif wolfSSL_SetLoggingPrefix(NULL); wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); From 1896b47399a92076ab96a85db67d6f199905c8bb Mon Sep 17 00:00:00 2001 From: Joshua Okeleke Date: Tue, 24 Sep 2024 16:35:29 +0200 Subject: [PATCH 041/325] Change comment style --- wolfcrypt/test/test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c35c6e651..37dee8d75 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2465,10 +2465,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync(); #endif #ifdef NDS - // Init Console output + /* Init Console output */ consoleDemoInit(); - // Init the Filesystem + /* Init the Filesystem */ fatInitDefault(); #endif @@ -2517,7 +2517,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifdef NDS - // in Nintendo DS returning from main shuts down the Device without letting you see the Results. + /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */ printf("args.return_code: %d\n", args.return_code); printf("Testing complete. Press Start to exit the Program\n"); while(1) { From 0d158fc6632bb82afdc969f0ad664cdad3e09a0b Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 24 Sep 2024 12:06:19 -0400 Subject: [PATCH 042/325] Updates due to peer review --- wolfcrypt/src/cmac.c | 7 +++++-- wolfssl/wolfcrypt/cmac.h | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 2b8eaae30..821ff0c2d 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -297,9 +297,11 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; + /* Clear CRYPTOCB_UNAVAILABLE return code */ + ret = 0; + /* fall-through when unavailable */ } - ret = 0; #endif switch (cmac->type) { #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) @@ -343,7 +345,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) return ret; } -int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { +int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) +{ int ret = 0; if (cmac == NULL) diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 6db332652..63e33f949 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -27,7 +27,9 @@ #ifdef WOLFSSL_CMAC +#ifndef NO_AES #include +#endif #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) From 17261467a63d71ffff47ccc35cce526130bc7cdc Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 24 Sep 2024 09:19:43 -0700 Subject: [PATCH 043/325] Revert "FP SmallStack Fix" This reverts commit 47e51400bb04571ed0d2848029253518969313fb. Turns out we don't want to put those fp_ints on the stack unless absolutely necessary. --- wolfcrypt/src/tfm.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 50952f959..fc8578569 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2430,7 +2430,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) fp_int *res; fp_digit buf, mp; int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC fp_int *M; #else fp_int M[(1 << 6) + 1]; @@ -2455,7 +2455,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) return err; } -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC /* only allocate space for what's needed for window plus res */ M = (fp_int*)XMALLOC(sizeof(fp_int)*((1 << winsize) + 1), NULL, DYNAMIC_TYPE_BIGINT); @@ -2482,7 +2482,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* now we need R mod m */ err = fp_montgomery_calc_normalization (res, P); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2493,7 +2493,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* G > P so we reduce it first */ err = fp_mod(G, P, &M[1]); if (err != FP_OKAY) { - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + #ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2503,7 +2503,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) } err = fp_mulmod (&M[1], res, P, &M[1]); if (err != FP_OKAY) { - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + #ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2516,14 +2516,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) err = fp_sqr (&M[(word32)(1 << (winsize - 1))], &M[(word32)(1 << (winsize - 1))]); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(&M[(word32)(1 << (winsize - 1))], P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2534,14 +2534,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { err = fp_mul(&M[x - 1], &M[1], &M[x]); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(&M[x], P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2585,14 +2585,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) if (mode == 1 && y == 0) { err = fp_sqr(res, res); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(res, P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2610,14 +2610,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = 0; x < winsize; x++) { err = fp_sqr(res, res); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(res, P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2627,14 +2627,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* then multiply */ err = fp_mul(res, &M[bitbuf], res); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(res, P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2653,14 +2653,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = 0; x < bitcpy; x++) { err = fp_sqr(res, res); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(res, P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2672,14 +2672,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* then multiply */ err = fp_mul(res, &M[1], res); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } err = fp_montgomery_reduce_ex(res, P, mp, 0); if (err != FP_OKAY) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; @@ -2699,7 +2699,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* swap res with Y */ fp_copy (res, Y); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; From 6c5b174e51ffa193dc1597857e10cdff6006bfb6 Mon Sep 17 00:00:00 2001 From: Joshua Okeleke Date: Tue, 24 Sep 2024 18:37:10 +0200 Subject: [PATCH 044/325] Replace dummy iovec with #define NO_WRITEV --- wolfssl/wolfcrypt/settings.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 4c8133824..e3cda9857 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -479,14 +479,7 @@ #define socklen_t int #define IPPROTO_UDP 17 #define IPPROTO_TCP 6 - - /* Libnds doesn't include sys/uio.h. */ - /* Structure for scatter/gather I/O. */ - struct iovec - { - void *iov_base; /* Pointer to data. */ - size_t iov_len; /* Length of data. */ - }; + #define NO_WRITEV #endif #if defined(ARDUINO) From 35442d27b5703f4d3d8d1d4fa736eba944dbd4ac Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 24 Sep 2024 12:48:54 -0400 Subject: [PATCH 045/325] Fixed overlong lines. Thanks clang-tidy --- wolfcrypt/src/cmac.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 821ff0c2d..502ea2a74 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -239,7 +239,8 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) if (cmac->totalSz != 0) { xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); } - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, + cmac->buffer); if (ret == 0) { cmac->totalSz += AES_BLOCK_SIZE; cmac->bufferSz = 0; @@ -294,7 +295,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, + NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* Clear CRYPTOCB_UNAVAILABLE return code */ @@ -324,7 +326,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) remainder = AES_BLOCK_SIZE; } if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); + XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, + remainder); } cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; @@ -472,7 +475,8 @@ int wc_AesCmacVerify_ex(Cmac* cmac, word32 aSz = sizeof(a); int compareRet; - if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) { + if (cmac == NULL || check == NULL || checkSz == 0 || + (in == NULL && inSz != 0)) { return BAD_FUNC_ARG; } From 76f71a31f1644f28fd377d4d59a20f47d5ffb491 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 24 Sep 2024 16:30:27 +0000 Subject: [PATCH 046/325] dtls13: support either side DTLSv1_3 method --- src/tls.c | 20 ++++++++++++++++++++ tests/api.c | 3 +++ wolfssl/ssl.h | 4 ++++ 3 files changed, 27 insertions(+) diff --git a/src/tls.c b/src/tls.c index 0aff79169..a519836ec 100644 --- a/src/tls.c +++ b/src/tls.c @@ -15606,6 +15606,26 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, return m; } #endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS13 + WOLFSSL_METHOD* wolfDTLSv1_3_method(void) + { + return wolfDTLSv1_3_method_ex(NULL); + } + WOLFSSL_METHOD* wolfDTLSv1_3_method_ex(void* heap) + { + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("DTLSv1_3_method"); + #ifndef NO_WOLFSSL_CLIENT + m = wolfDTLSv1_3_client_method_ex(heap); + #else + m = wolfDTLSv1_3_server_method_ex(heap); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } + return m; + } + #endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ diff --git a/tests/api.c b/tests/api.c index 0e8ae3a81..659fa07c1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1194,6 +1194,9 @@ static int test_wolfSSL_Method_Allocators(void) #ifndef WOLFSSL_NO_TLS12 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method); #endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS13 + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_3_method); + #endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 90f711589..3c820fd33 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -976,6 +976,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); #ifndef NO_WOLFSSL_SERVER WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void); +#endif +#if defined(WOLFSSL_EITHER_SIDE) || defined(OPENSSL_EXTRA) + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method(void); #endif WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); #endif /* WOLFSSL_DTLS13 */ From 5e1db686e1a6c4b00acae41ff63bdd799804ced9 Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 24 Sep 2024 13:14:00 -0400 Subject: [PATCH 047/325] Update logic to avoid clang-tidy warning. --- wolfcrypt/src/cmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 502ea2a74..d06e484e1 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -318,7 +318,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) else { /* ensure we will have a valid remainder value */ if (cmac->bufferSz > AES_BLOCK_SIZE) { - return BAD_STATE_E; + ret = BAD_STATE_E; + break; } remainder = AES_BLOCK_SIZE - cmac->bufferSz; From 8aa63e3aad2f155269cad2d2c5211805a99e6d85 Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 24 Sep 2024 13:43:56 -0400 Subject: [PATCH 048/325] One more time to quiet clang tidy --- wolfcrypt/src/cmac.c | 72 +++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index d06e484e1..9a95b9c28 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -299,53 +299,55 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; + /* Clear CRYPTOCB_UNAVAILABLE return code */ ret = 0; /* fall-through when unavailable */ } #endif - switch (cmac->type) { -#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) - case WC_CMAC_AES: - { - const byte* subKey; - word32 remainder; + if (ret == 0) { + switch (cmac->type) { + #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + const byte* subKey; + word32 remainder; - if (cmac->bufferSz == AES_BLOCK_SIZE) { - subKey = cmac->k1; - } - else { - /* ensure we will have a valid remainder value */ - if (cmac->bufferSz > AES_BLOCK_SIZE) { - ret = BAD_STATE_E; - break; + if (cmac->bufferSz == AES_BLOCK_SIZE) { + subKey = cmac->k1; } - remainder = AES_BLOCK_SIZE - cmac->bufferSz; + else { + /* ensure we will have a valid remainder value */ + if (cmac->bufferSz > AES_BLOCK_SIZE) { + ret = BAD_STATE_E; + break; + } + remainder = AES_BLOCK_SIZE - cmac->bufferSz; - if (remainder == 0) { - remainder = AES_BLOCK_SIZE; - } - if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, - remainder); - } + if (remainder == 0) { + remainder = AES_BLOCK_SIZE; + } + if (remainder > 1) { + XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, + remainder); + } - cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; - subKey = cmac->k2; + cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; + subKey = cmac->k2; + } + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + if (ret == 0) { + XMEMCPY(out, cmac->digest, *outSz); + } + }; break; + #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default : + ret = BAD_FUNC_ARG; } - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - XMEMCPY(out, cmac->digest, *outSz); - } - }; break; -#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ - default : - ret = BAD_FUNC_ARG; } - return ret; } From c6124d573a0a3d16795d40b1e18102beb85b56d5 Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 24 Sep 2024 13:01:13 -0500 Subject: [PATCH 049/325] asn: tiny peer review cleanup. --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8736d2d89..f3a018981 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12016,7 +12016,7 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT) /* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key. - * Used with Ed448/Ed25519, Curve448/Curve25519, sphincs, falcon, dilithium, + * Used with Ed448/Ed25519, Curve448/Curve25519, SPHINCS+, falcon, dilithium, * etc. * * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo From 967dc443facc337c02fda786ef6f03eb8c75055e Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Tue, 24 Sep 2024 12:58:01 -0600 Subject: [PATCH 050/325] remove trailing whitespace --- wolfcrypt/src/cryptocb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 1b64220d7..815e6d1ef 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -144,7 +144,7 @@ static const char* GetHashTypeStr(int hash) return NULL; } -#ifdef WOLFSSL_CMAC +#ifdef WOLFSSL_CMAC static const char* GetCmacTypeStr(int type) { switch (type) { From 267add1fb3d7e906d30eeb6843dde3838ea84e22 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 24 Sep 2024 17:14:33 -0500 Subject: [PATCH 051/325] wolfssl/wolfcrypt/types.h: in static_assert setup section, test for _MSVC_LANG >= 201103L alongside __cplusplus >= 201103L. --- wolfssl/wolfcrypt/types.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6aacec360..6ff073622 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1695,7 +1695,8 @@ typedef struct w64wrapper { #define WC_CPP_CAT_(a, b) a ## b #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) - #if defined(__cplusplus) && (__cplusplus >= 201103L) + #if (defined(__cplusplus) && (__cplusplus >= 201103L)) || \ + (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) #ifndef static_assert2 #define static_assert2 static_assert #endif From 60e1c03e46c94b8288d8b451d232751b68157d69 Mon Sep 17 00:00:00 2001 From: Bill Phipps <126489738+billphipps@users.noreply.github.com> Date: Tue, 24 Sep 2024 18:23:26 -0400 Subject: [PATCH 052/325] Update cmac.h to move CmacType down for build compatibility --- wolfssl/wolfcrypt/cmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 63e33f949..a1c05f9f1 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -52,7 +52,6 @@ typedef enum CmacType { #define WC_CMAC_TYPE_DEFINED #endif struct Cmac { - CmacType type; #ifndef NO_AES Aes aes; byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ @@ -80,6 +79,7 @@ struct Cmac { #ifdef WOLFSSL_SE050 byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */ #endif + CmacType type; }; From 13b26bc46b050e334083e687ed074e7143a53152 Mon Sep 17 00:00:00 2001 From: Bill Phipps <126489738+billphipps@users.noreply.github.com> Date: Tue, 24 Sep 2024 18:27:58 -0400 Subject: [PATCH 053/325] Update cryptocb.c to fix comment --- wolfcrypt/src/cryptocb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 815e6d1ef..216c515f5 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -1838,7 +1838,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif /* WOLFSSL_CMAC && !NO_AES */ +#endif /* WOLFSSL_CMAC */ /* returns the default dev id for the current build */ int wc_CryptoCb_DefaultDevID(void) From 60dbe38226b0b8c7de9dccc12b308a9d773f7cd9 Mon Sep 17 00:00:00 2001 From: Bill Phipps <126489738+billphipps@users.noreply.github.com> Date: Tue, 24 Sep 2024 18:34:19 -0400 Subject: [PATCH 054/325] Update cmac.c to eliminate extra spaces --- wolfcrypt/src/cmac.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 9a95b9c28..52c1d2ddc 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -178,7 +178,6 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ default: - return BAD_FUNC_ARG; } @@ -249,7 +248,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) } }; break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ - default : + default: ret = BAD_FUNC_ARG; } return ret; @@ -271,7 +270,7 @@ int wc_CmacFree(Cmac* cmac) wc_AesFree(&cmac->aes); break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ - default : + default: /* Nothing to do */ (void)cmac; } @@ -344,7 +343,7 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) } }; break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ - default : + default: ret = BAD_FUNC_ARG; } } From 393072037ab4956c5c8dbf6c0103d8aa6dda6bf9 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 24 Sep 2024 17:23:04 -0700 Subject: [PATCH 055/325] gate test mp_read_radix on OPENSSL_EXTRA || !NO_DSA || HAVE_ECC --- wolfcrypt/test/test.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ca8094ea1..780318a62 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -55026,6 +55026,7 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b) if (ret != MP_GT) return WC_TEST_RET_ENC_NC; +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX); ret = mp_cmp_d(b, -1); if (ret != MP_GT) @@ -55040,9 +55041,12 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b) ret = mp_cmp(b, b); if (ret != MP_EQ) return WC_TEST_RET_ENC_NC; +#endif #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ defined(WOLFSSL_SP_INT_NEGATIVE) + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) mp_read_radix(a, "-1", MP_RADIX_HEX); mp_read_radix(a, "1", MP_RADIX_HEX); ret = mp_cmp(a, b); @@ -55059,12 +55063,15 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b) ret = mp_cmp(b, a); if (ret != MP_LT) return WC_TEST_RET_ENC_NC; +#endif +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) mp_read_radix(a, "-2", MP_RADIX_HEX); ret = mp_cmp(a, b); if (ret != MP_EQ) return WC_TEST_RET_ENC_NC; #endif +#endif #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING) @@ -55824,12 +55831,16 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r) #endif #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE) + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) mp_read_radix(a, "-3", 16); ret = mp_invmod(a, m, r); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); #endif +#endif + #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) mp_set(a, 0); mp_set(m, 3); From e5109b3f41899577c2896d2e2cc221055e811615 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 25 Sep 2024 09:51:48 -0500 Subject: [PATCH 056/325] misc cleanup: extra spaces, typos. --- src/ssl.c | 2 +- src/tls13.c | 2 +- wolfcrypt/test/test.c | 4 ++-- wolfssl/wolfcrypt/settings.h | 6 +++--- wolfssl/wolfcrypt/wc_port.h | 2 +- wolfssl/wolfio.h | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 264f2c04e..e0101e062 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10197,7 +10197,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; - default : + default: WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } diff --git a/src/tls13.c b/src/tls13.c index df4ab791b..a4d3aab70 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -14490,7 +14490,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; - default : + default: WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ca8094ea1..d3394b9c7 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -29284,7 +29284,7 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key, goto done; } - /* Verificiation */ + /* Verification */ verify = 0; do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -29451,7 +29451,7 @@ static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key, ERROR_OUT(WC_TEST_RET_ENC_NC, done); } - /* Verificiation */ + /* Verification */ verify = 0; ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType), &verify, key); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 03cd5e550..59072adcd 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -515,7 +515,7 @@ * in the Kconfig file. At cmake time, the Kconfig is processed and an * sdkconfig.h file is created by the ESP-IDF. Any configured options are * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that - * are expected to be ESP-IDF specific and may be ambigous can named + * are expected to be ESP-IDF specific and may be ambiguous can named * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)] * * Note there are some inconsistent macro names that may have been @@ -582,7 +582,7 @@ #endif #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL) - /* When using ESP-TLS, some old algoritms such as SHA1 are no longer + /* When using ESP-TLS, some old algorithms such as SHA1 are no longer * enabled in wolfSSL, except for the OpenSSL compatibility. So enable * that here: */ #define OPENSSL_EXTRA @@ -4035,7 +4035,7 @@ extern void uITRON4_free(void *p) ; #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT) /* The settings.h and/or user_settings.h should have detected config - * valuse from Kconfig and set the appropriate wolfSSL macro: */ + * values from Kconfig and set the appropriate wolfSSL macro: */ #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT" #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index cb8d0f732..6dc7d2c92 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -450,7 +450,7 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \ defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX)) - #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexs off + #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexes off #endif /* To support HW that can do different Crypto in parallel */ #if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 5195208a6..2cd43c700 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -520,7 +520,7 @@ WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, #endif #endif /* WOLFSSL_NO_SOCK */ -/* Preseve API previously exposed */ +/* Preserve API previously exposed */ WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); From bea285c8ef0d38ebafd47f7e412e0751eb724c18 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 25 Sep 2024 14:57:09 -0600 Subject: [PATCH 057/325] initialize values for -Og test --- tests/api.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/tests/api.c b/tests/api.c index 659fa07c1..84ddbccdb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1577,11 +1577,12 @@ static int test_wolfSSL_CTX_new(void) { EXPECT_DECLS; WOLFSSL_CTX *ctx; - WOLFSSL_METHOD* method; + WOLFSSL_METHOD* method = NULL; ExpectNull(ctx = wolfSSL_CTX_new(NULL)); ExpectNotNull(method = wolfSSLv23_server_method()); - ExpectNotNull(ctx = wolfSSL_CTX_new(method)); + if (method != NULL) + ExpectNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); @@ -21281,7 +21282,7 @@ static int test_wc_RsaKeyToPublicDer(void) int bits = 2048; word32 derLen = 294; #endif - int ret; + int ret = 0; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); @@ -24489,7 +24490,7 @@ static int test_wc_curve25519_make_key(void) #if defined(HAVE_CURVE25519) curve25519_key key; WC_RNG rng; - int keysize; + int keysize = 0; XMEMSET(&rng, 0, sizeof(WC_RNG)); @@ -25193,7 +25194,7 @@ static int test_wc_curve448_make_key(void) #if defined(HAVE_CURVE448) curve448_key key; WC_RNG rng; - int keysize; + int keysize = 0; XMEMSET(&rng, 0, sizeof(WC_RNG)); @@ -25623,7 +25624,7 @@ static int test_wc_ecc_params(void) /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`. It was added after certifications */ #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - const ecc_set_type* ecc_set; + const ecc_set_type* ecc_set = NULL; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) /* Test for SECP256R1 curve */ int curve_id = ECC_SECP256R1; @@ -53232,7 +53233,7 @@ static int test_wolfSSL_ASN1_TIME(void) EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) WOLFSSL_ASN1_TIME* asn_time = NULL; - unsigned char *data; + unsigned char *data = NULL; ExpectNotNull(asn_time = ASN1_TIME_new()); @@ -54136,7 +54137,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1); /* nested_asn1->asn1_obj->strList */ for (i = 10; i >= 0; i--) { - ASN1_GENERALSTRING* genStr; + ASN1_GENERALSTRING* genStr = NULL; char fmtStr[20]; ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0); @@ -54177,7 +54178,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new()); for (i = 0; i < 11; i++) { - ASN1_INTEGER* asn1_num; + ASN1_INTEGER* asn1_num = NULL; ExpectNotNull(asn1_num = ASN1_INTEGER_new()); ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1); @@ -62069,7 +62070,7 @@ static int test_wolfSSL_PEM_read_bio(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) byte buff[6000]; XFILE f = XBADFILE; - int bytes; + int bytes = 0; X509* x509 = NULL; BIO* bio = NULL; BUF_MEM* buf = NULL; @@ -64135,7 +64136,7 @@ static int test_wolfSSL_PKCS8_Compat(void) PKCS8_PRIV_KEY_INFO* pt = NULL; BIO* bio = NULL; XFILE f = XBADFILE; - int bytes; + int bytes = 0; char pkcs8_buffer[512]; #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) EVP_PKEY *pkey = NULL; @@ -65156,7 +65157,7 @@ static int test_wolfSSL_SHA224(void) "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; size_t inLen; byte hash[WC_SHA224_DIGEST_SIZE]; - unsigned char* p; + unsigned char* p = NULL; inLen = XSTRLEN((char*)input); @@ -70176,7 +70177,7 @@ static int test_wolfSSL_GENERAL_NAME_print(void) GENERAL_NAME* gn = NULL; unsigned char buf[4096]; const unsigned char* bufPt = NULL; - int bytes; + int bytes = 0; XFILE f = XBADFILE; STACK_OF(GENERAL_NAME)* sk = NULL; BIO* out = NULL; @@ -70532,7 +70533,7 @@ static int test_wolfSSL_verify_depth(void) #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl = NULL; WOLFSSL_CTX* ctx = NULL; - long depth; + long depth = 0; ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0); @@ -74168,7 +74169,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) BN_CTX* ctx; EC_GROUP* curve = NULL; EC_KEY* ephemeral_key = NULL; - const EC_POINT* h; + const EC_POINT* h = NULL; /* Generate an x963 key pair and get public part into pub_buf */ ExpectNotNull(ctx = BN_CTX_new()); @@ -75216,7 +75217,7 @@ static int test_wc_SetIssuerRaw(void) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509 = NULL; int peerCertSz; - const byte* peerCertBuf; + const byte* peerCertBuf = NULL; Cert forgedCert; ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, @@ -75241,7 +75242,7 @@ static int test_wc_SetIssueBuffer(void) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509 = NULL; int peerCertSz; - const byte* peerCertBuf; + const byte* peerCertBuf = NULL; Cert forgedCert; ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, @@ -83258,7 +83259,7 @@ static int test_wolfSSL_DH_check(void) byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f = XBADFILE; - int bytes; + int bytes = 0; BIO* bio = NULL; DSA* dsa = NULL; #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) @@ -85479,7 +85480,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey, BIGNUM* serial_number = NULL; X509_NAME* name = NULL; time_t epoch_off = 0; - ASN1_INTEGER* asn1_serial_number; + ASN1_INTEGER* asn1_serial_number = NULL; long not_before, not_after; int derSz; From 4893017005ade34906ffe423bc972e952bdc0c47 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 25 Sep 2024 15:54:59 -0600 Subject: [PATCH 058/325] feature support will be listed in the next release notes --- ChangeLog.md | 1 - README | 1 - README.md | 1 - 3 files changed, 3 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 424ed5611..bee6e614e 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -49,7 +49,6 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) -* Add support for (DevkitPro)libnds ## Enhancements and Optimizations diff --git a/README b/README index f144c7cd2..261eb200d 100644 --- a/README +++ b/README @@ -121,7 +121,6 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) -* Add support for (DevkitPro)libnds ## Enhancements and Optimizations diff --git a/README.md b/README.md index e18172c19..28aac2669 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,6 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) * AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) * PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) -* Add support for (DevkitPro)libnds ## Enhancements and Optimizations From 45b88048c2b57d682c40169877863be8f96e1736 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 25 Sep 2024 15:59:57 -0600 Subject: [PATCH 059/325] make macro unique to wolfSSL --- IDE/NDS/README.md | 2 +- wolfcrypt/src/random.c | 2 +- wolfcrypt/test/test.c | 8 ++++---- wolfssl/ssl.h | 3 ++- wolfssl/test.h | 2 +- wolfssl/wolfcrypt/settings.h | 6 +++--- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md index 88e9dbf41..3a846d587 100644 --- a/IDE/NDS/README.md +++ b/IDE/NDS/README.md @@ -18,7 +18,7 @@ $ ./configure \ LDFLAGS="-L/opt/devkitpro/libnds/lib" \ --prefix=$DEVKITPRO/portlibs/nds \ CFLAGS="-march=armv5te -mtune=arm946e-s \ - --specs=ds_arm9.specs -DARM9 -DNDS \ + --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \ -DWOLFSSL_USER_IO \ -I$DEVKITPRO/libnds/include" \ --enable-fastmath --disable-benchmark \ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 3cc1c0fa3..278e2d72c 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3817,7 +3817,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } -#elif defined(DOLPHIN_EMULATOR) || defined (NDS) +#elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2369c3a7e..df2a14534 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -429,7 +429,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef DEVKITPRO #include #endif -#ifdef NDS +#ifdef WOLFSSL_NDS #include #include #include @@ -2473,7 +2473,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ VIDEO_WaitVSync(); if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync(); #endif -#ifdef NDS +#ifdef WOLFSSL_NDS /* Init Console output */ consoleDemoInit(); @@ -2525,7 +2525,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ while (1); #endif -#ifdef NDS +#ifdef WOLFSSL_NDS /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */ printf("args.return_code: %d\n", args.return_code); printf("Testing complete. Press Start to exit the Program\n"); @@ -18109,7 +18109,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #elif defined(_WIN32_WCE) #define CERT_PREFIX "\\windows\\" #define CERT_PATH_SEP "\\" -#elif defined(NDS) +#elif defined(WOLFSSL_NDS) #undef CERT_PREFIX #define CERT_PREFIX "fat:/_nds/" #define CERT_PATH_SEP "/" diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e7efa1b78..f7cf3aa15 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3164,7 +3164,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ - !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) && !defined(NDS) + !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) && \ + !defined(WOLFSSL_NDS) #include #endif /* allow writev style writing */ diff --git a/wolfssl/test.h b/wolfssl/test.h index b3974a678..e7ca13cc3 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -203,7 +203,7 @@ #include #include #include - #ifndef NDS + #ifndef WOLFSSL_NDS #include #endif #include diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7792fb765..7a1c4664e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -262,8 +262,8 @@ /* Uncomment next line if building for Dolphin Emulator */ /* #define DOLPHIN_EMULATOR */ -/* Uncomment next line if building for NDS */ -/* #define NDS */ +/* Uncomment next line if building for WOLFSSL_NDS */ +/* #define WOLFSSL_NDS */ /* Uncomment next line if using MAXQ1065 */ /* #define WOLFSSL_MAXQ1065 */ @@ -474,7 +474,7 @@ #endif -#ifdef NDS +#ifdef WOLFSSL_NDS #include #define SIZEOF_LONG_LONG 8 #define socklen_t int From de657787cfa93187b2bca3e7d4ecc00e82ecd2ce Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 20 Sep 2024 11:21:56 +1000 Subject: [PATCH 060/325] Kyber Aarch64: assembly implementations of functions Aarch64 assembly implementation of Kyber functions. SHA-3 assembly implementations when not hardware crypto. --- configure.ac | 2 +- src/include.am | 7 + wolfcrypt/src/port/arm/armv8-curve25519.S | 84 +- wolfcrypt/src/port/arm/armv8-kyber-asm.S | 10079 +++++++++++++ wolfcrypt/src/port/arm/armv8-kyber-asm_c.c | 14303 +++++++++++++++++++ wolfcrypt/src/port/arm/armv8-sha3-asm.S | 267 +- wolfcrypt/src/port/arm/armv8-sha3-asm_c.c | 216 + wolfcrypt/src/port/arm/armv8-sha512-asm.S | 22 +- wolfcrypt/src/sha3.c | 3 +- wolfcrypt/src/wc_kyber.c | 7 +- wolfcrypt/src/wc_kyber_poly.c | 748 +- wolfssl/wolfcrypt/sha3.h | 3 +- wolfssl/wolfcrypt/wc_kyber.h | 24 +- 13 files changed, 25658 insertions(+), 107 deletions(-) create mode 100644 wolfcrypt/src/port/arm/armv8-kyber-asm.S create mode 100644 wolfcrypt/src/port/arm/armv8-kyber-asm_c.c diff --git a/configure.ac b/configure.ac index 0841cc534..0d2ae428a 100644 --- a/configure.ac +++ b/configure.ac @@ -2977,7 +2977,7 @@ then AM_CPPFLAGS="$AM_CPPFLAGS+sm4" fi else - AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto" + AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto -DWOLFSSL_AARCH64_NO_SQRMLSH" fi ;; esac diff --git a/src/include.am b/src/include.am index c3d8376a1..881a6fe85 100644 --- a/src/include.am +++ b/src/include.am @@ -1057,6 +1057,13 @@ if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S endif endif +if BUILD_ARMASM_NEON +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARMASM_NEON endif if BUILD_DILITHIUM diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S index cf20f6080..228fcf006 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-curve25519.S @@ -337,8 +337,7 @@ _fe_cmov_table: #endif /* __APPLE__ */ stp x29, x30, [sp, #-128]! add x29, sp, #0 - str x17, [x29, #40] - str x19, [x29, #48] + stp x17, x19, [x29, #40] stp x20, x21, [x29, #56] stp x22, x23, [x29, #72] stp x24, x25, [x29, #88] @@ -546,8 +545,7 @@ _fe_cmov_table: stp x10, x11, [x0, #48] stp x12, x13, [x0, #64] stp x14, x15, [x0, #80] - ldr x17, [x29, #40] - ldr x19, [x29, #48] + ldp x17, x19, [x29, #40] ldp x20, x21, [x29, #56] ldp x22, x23, [x29, #72] ldp x24, x25, [x29, #88] @@ -573,8 +571,7 @@ _fe_mul: #endif /* __APPLE__ */ stp x29, x30, [sp, #-64]! add x29, sp, #0 - str x17, [x29, #24] - str x19, [x29, #32] + stp x17, x19, [x29, #24] stp x20, x21, [x29, #40] str x22, [x29, #56] # Multiply @@ -703,8 +700,7 @@ _fe_mul: # Store stp x6, x7, [x0] stp x8, x9, [x0, #16] - ldr x17, [x29, #24] - ldr x19, [x29, #32] + ldp x17, x19, [x29, #24] ldp x20, x21, [x29, #40] ldr x22, [x29, #56] ldp x29, x30, [sp], #0x40 @@ -835,8 +831,7 @@ _fe_invert: #endif /* __APPLE__ */ stp x29, x30, [sp, #-176]! add x29, sp, #0 - str x17, [x29, #160] - str x20, [x29, #168] + stp x17, x20, [x29, #160] # Invert str x0, [x29, #144] str x1, [x29, #152] @@ -1694,8 +1689,7 @@ L_fe_invert8: #else bl _fe_mul #endif /* __APPLE__ */ - ldr x17, [x29, #160] - ldr x20, [x29, #168] + ldp x17, x20, [x29, #160] ldp x29, x30, [sp], #0xb0 ret #ifndef __APPLE__ @@ -1715,8 +1709,7 @@ _curve25519: #endif /* __APPLE__ */ stp x29, x30, [sp, #-288]! add x29, sp, #0 - str x17, [x29, #200] - str x19, [x29, #208] + stp x17, x19, [x29, #200] stp x20, x21, [x29, #216] stp x22, x23, [x29, #232] stp x24, x25, [x29, #248] @@ -3801,8 +3794,7 @@ L_curve25519_inv_8: stp x14, x15, [x0] stp x16, x17, [x0, #16] mov x0, xzr - ldr x17, [x29, #200] - ldr x19, [x29, #208] + ldp x17, x19, [x29, #200] ldp x20, x21, [x29, #216] ldp x22, x23, [x29, #232] ldp x24, x25, [x29, #248] @@ -3828,8 +3820,7 @@ _fe_pow22523: #endif /* __APPLE__ */ stp x29, x30, [sp, #-144]! add x29, sp, #0 - str x17, [x29, #128] - str x23, [x29, #136] + stp x17, x23, [x29, #128] # pow22523 str x0, [x29, #112] str x1, [x29, #120] @@ -4619,8 +4610,7 @@ L_fe_pow22523_7: #else bl _fe_mul #endif /* __APPLE__ */ - ldr x17, [x29, #128] - ldr x23, [x29, #136] + ldp x17, x23, [x29, #128] ldp x29, x30, [sp], #0x90 ret #ifndef __APPLE__ @@ -4640,8 +4630,7 @@ _ge_p1p1_to_p2: #endif /* __APPLE__ */ stp x29, x30, [sp, #-80]! add x29, sp, #0 - str x17, [x29, #40] - str x19, [x29, #48] + stp x17, x19, [x29, #40] stp x20, x21, [x29, #56] str x22, [x29, #72] str x0, [x29, #16] @@ -5002,8 +4991,7 @@ _ge_p1p1_to_p2: # Store stp x14, x15, [x0] stp x16, x17, [x0, #16] - ldr x17, [x29, #40] - ldr x19, [x29, #48] + ldp x17, x19, [x29, #40] ldp x20, x21, [x29, #56] ldr x22, [x29, #72] ldp x29, x30, [sp], #0x50 @@ -5025,8 +5013,7 @@ _ge_p1p1_to_p3: #endif /* __APPLE__ */ stp x29, x30, [sp, #-112]! add x29, sp, #0 - str x17, [x29, #40] - str x19, [x29, #48] + stp x17, x19, [x29, #40] stp x20, x21, [x29, #56] stp x22, x23, [x29, #72] stp x24, x25, [x29, #88] @@ -5505,8 +5492,7 @@ _ge_p1p1_to_p3: # Store stp x14, x15, [x0] stp x16, x17, [x0, #16] - ldr x17, [x29, #40] - ldr x19, [x29, #48] + ldp x17, x19, [x29, #40] ldp x20, x21, [x29, #56] ldp x22, x23, [x29, #72] ldp x24, x25, [x29, #88] @@ -5530,8 +5516,7 @@ _ge_p2_dbl: #endif /* __APPLE__ */ stp x29, x30, [sp, #-128]! add x29, sp, #0 - str x17, [x29, #40] - str x19, [x29, #48] + stp x17, x19, [x29, #40] stp x20, x21, [x29, #56] stp x22, x23, [x29, #72] stp x24, x25, [x29, #88] @@ -5986,8 +5971,7 @@ _ge_p2_dbl: sbc x7, x7, xzr stp x4, x5, [x0] stp x6, x7, [x0, #16] - ldr x17, [x29, #40] - ldr x19, [x29, #48] + ldp x17, x19, [x29, #40] ldp x20, x21, [x29, #56] ldp x22, x23, [x29, #72] ldp x24, x25, [x29, #88] @@ -6012,8 +5996,7 @@ _ge_madd: #endif /* __APPLE__ */ stp x29, x30, [sp, #-144]! add x29, sp, #0 - str x17, [x29, #56] - str x19, [x29, #64] + stp x17, x19, [x29, #56] stp x20, x21, [x29, #72] stp x22, x23, [x29, #88] stp x24, x25, [x29, #104] @@ -6503,8 +6486,7 @@ _ge_madd: stp x10, x11, [x0, #16] stp x4, x5, [x1] stp x6, x7, [x1, #16] - ldr x17, [x29, #56] - ldr x19, [x29, #64] + ldp x17, x19, [x29, #56] ldp x20, x21, [x29, #72] ldp x22, x23, [x29, #88] ldp x24, x25, [x29, #104] @@ -6529,8 +6511,7 @@ _ge_msub: #endif /* __APPLE__ */ stp x29, x30, [sp, #-144]! add x29, sp, #0 - str x17, [x29, #56] - str x19, [x29, #64] + stp x17, x19, [x29, #56] stp x20, x21, [x29, #72] stp x22, x23, [x29, #88] stp x24, x25, [x29, #104] @@ -7020,8 +7001,7 @@ _ge_msub: stp x10, x11, [x0, #16] stp x4, x5, [x1] stp x6, x7, [x1, #16] - ldr x17, [x29, #56] - ldr x19, [x29, #64] + ldp x17, x19, [x29, #56] ldp x20, x21, [x29, #72] ldp x22, x23, [x29, #88] ldp x24, x25, [x29, #104] @@ -7046,8 +7026,7 @@ _ge_add: #endif /* __APPLE__ */ stp x29, x30, [sp, #-144]! add x29, sp, #0 - str x17, [x29, #56] - str x19, [x29, #64] + stp x17, x19, [x29, #56] stp x20, x21, [x29, #72] stp x22, x23, [x29, #88] stp x24, x25, [x29, #104] @@ -7663,8 +7642,7 @@ _ge_add: stp x23, x24, [x0, #16] stp x12, x13, [x1] stp x14, x15, [x1, #16] - ldr x17, [x29, #56] - ldr x19, [x29, #64] + ldp x17, x19, [x29, #56] ldp x20, x21, [x29, #72] ldp x22, x23, [x29, #88] ldp x24, x25, [x29, #104] @@ -7689,8 +7667,7 @@ _ge_sub: #endif /* __APPLE__ */ stp x29, x30, [sp, #-144]! add x29, sp, #0 - str x17, [x29, #56] - str x19, [x29, #64] + stp x17, x19, [x29, #56] stp x20, x21, [x29, #72] stp x22, x23, [x29, #88] stp x24, x25, [x29, #104] @@ -8321,8 +8298,7 @@ _ge_sub: stp x14, x15, [x0, #16] stp x21, x22, [x1] stp x23, x24, [x1, #16] - ldr x17, [x29, #56] - ldr x19, [x29, #64] + ldp x17, x19, [x29, #56] ldp x20, x21, [x29, #72] ldp x22, x23, [x29, #88] ldp x24, x25, [x29, #104] @@ -8347,8 +8323,7 @@ _sc_reduce: #endif /* __APPLE__ */ stp x29, x30, [sp, #-64]! add x29, sp, #0 - str x17, [x29, #16] - str x19, [x29, #24] + stp x17, x19, [x29, #16] stp x20, x21, [x29, #32] stp x22, x23, [x29, #48] ldp x2, x3, [x0] @@ -8525,8 +8500,7 @@ _sc_reduce: # Store result stp x2, x3, [x0] stp x4, x5, [x0, #16] - ldr x17, [x29, #16] - ldr x19, [x29, #24] + ldp x17, x19, [x29, #16] ldp x20, x21, [x29, #32] ldp x22, x23, [x29, #48] ldp x29, x30, [sp], #0x40 @@ -8548,8 +8522,7 @@ _sc_muladd: #endif /* __APPLE__ */ stp x29, x30, [sp, #-96]! add x29, sp, #0 - str x17, [x29, #24] - str x19, [x29, #32] + stp x17, x19, [x29, #24] stp x20, x21, [x29, #40] stp x22, x23, [x29, #56] stp x24, x25, [x29, #72] @@ -8824,8 +8797,7 @@ _sc_muladd: # Store result stp x4, x5, [x0] stp x6, x7, [x0, #16] - ldr x17, [x29, #24] - ldr x19, [x29, #32] + ldp x17, x19, [x29, #24] ldp x20, x21, [x29, #40] ldp x22, x23, [x29, #56] ldp x24, x25, [x29, #72] diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-kyber-asm.S new file mode 100644 index 000000000..e73adbcc1 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-kyber-asm.S @@ -0,0 +1,10079 @@ +/* armv8-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.S + */ +#ifdef WOLFSSL_ARMASM +#ifdef __aarch64__ +#ifndef WOLFSSL_ARMASM_INLINE +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_q, %object + .section .rodata + .size L_kyber_aarch64_q, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_q: + .short 0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_consts, %object + .section .rodata + .size L_kyber_aarch64_consts, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_consts: + .short 0x0d01,0xf301,0x4ebf,0x0549,0x5049,0x0000,0x0000,0x0000 +#ifndef __APPLE__ + .text + .type L_sha3_aarch64_r, %object + .section .rodata + .size L_sha3_aarch64_r, 192 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_sha3_aarch64_r: + .xword 0x0000000000000001 + .xword 0x0000000000008082 + .xword 0x800000000000808a + .xword 0x8000000080008000 + .xword 0x000000000000808b + .xword 0x0000000080000001 + .xword 0x8000000080008081 + .xword 0x8000000000008009 + .xword 0x000000000000008a + .xword 0x0000000000000088 + .xword 0x0000000080008009 + .xword 0x000000008000000a + .xword 0x000000008000808b + .xword 0x800000000000008b + .xword 0x8000000000008089 + .xword 0x8000000000008003 + .xword 0x8000000000008002 + .xword 0x8000000000000080 + .xword 0x000000000000800a + .xword 0x800000008000000a + .xword 0x8000000080008081 + .xword 0x8000000000008080 + .xword 0x0000000080000001 + .xword 0x8000000080008008 +#ifdef WOLFSSL_WC_KYBER +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_zetas, %object + .section .rodata + .size L_kyber_aarch64_zetas, 576 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_zetas: + .short 0x08ed,0x0a0b,0x0b9a,0x0714,0x05d5,0x058e,0x011f,0x00ca + .short 0x0c56,0x026e,0x0629,0x00b6,0x03c2,0x084f,0x073f,0x05bc + .short 0x023d,0x07d4,0x0108,0x017f,0x09c4,0x05b2,0x06bf,0x0c7f + .short 0x0a58,0x03f9,0x02dc,0x0260,0x06fb,0x019b,0x0c34,0x06de + .short 0x04c7,0x04c7,0x04c7,0x04c7,0x028c,0x028c,0x028c,0x028c + .short 0x0ad9,0x0ad9,0x0ad9,0x0ad9,0x03f7,0x03f7,0x03f7,0x03f7 + .short 0x07f4,0x07f4,0x07f4,0x07f4,0x05d3,0x05d3,0x05d3,0x05d3 + .short 0x0be7,0x0be7,0x0be7,0x0be7,0x06f9,0x06f9,0x06f9,0x06f9 + .short 0x0204,0x0204,0x0204,0x0204,0x0cf9,0x0cf9,0x0cf9,0x0cf9 + .short 0x0bc1,0x0bc1,0x0bc1,0x0bc1,0x0a67,0x0a67,0x0a67,0x0a67 + .short 0x06af,0x06af,0x06af,0x06af,0x0877,0x0877,0x0877,0x0877 + .short 0x007e,0x007e,0x007e,0x007e,0x05bd,0x05bd,0x05bd,0x05bd + .short 0x09ac,0x09ac,0x09ac,0x09ac,0x0ca7,0x0ca7,0x0ca7,0x0ca7 + .short 0x0bf2,0x0bf2,0x0bf2,0x0bf2,0x033e,0x033e,0x033e,0x033e + .short 0x006b,0x006b,0x006b,0x006b,0x0774,0x0774,0x0774,0x0774 + .short 0x0c0a,0x0c0a,0x0c0a,0x0c0a,0x094a,0x094a,0x094a,0x094a + .short 0x0b73,0x0b73,0x0b73,0x0b73,0x03c1,0x03c1,0x03c1,0x03c1 + .short 0x071d,0x071d,0x071d,0x071d,0x0a2c,0x0a2c,0x0a2c,0x0a2c + .short 0x01c0,0x01c0,0x01c0,0x01c0,0x08d8,0x08d8,0x08d8,0x08d8 + .short 0x02a5,0x02a5,0x02a5,0x02a5,0x0806,0x0806,0x0806,0x0806 + .short 0x08b2,0x08b2,0x01ae,0x01ae,0x022b,0x022b,0x034b,0x034b + .short 0x081e,0x081e,0x0367,0x0367,0x060e,0x060e,0x0069,0x0069 + .short 0x01a6,0x01a6,0x024b,0x024b,0x00b1,0x00b1,0x0c16,0x0c16 + .short 0x0bde,0x0bde,0x0b35,0x0b35,0x0626,0x0626,0x0675,0x0675 + .short 0x0c0b,0x0c0b,0x030a,0x030a,0x0487,0x0487,0x0c6e,0x0c6e + .short 0x09f8,0x09f8,0x05cb,0x05cb,0x0aa7,0x0aa7,0x045f,0x045f + .short 0x06cb,0x06cb,0x0284,0x0284,0x0999,0x0999,0x015d,0x015d + .short 0x01a2,0x01a2,0x0149,0x0149,0x0c65,0x0c65,0x0cb6,0x0cb6 + .short 0x0331,0x0331,0x0449,0x0449,0x025b,0x025b,0x0262,0x0262 + .short 0x052a,0x052a,0x07fc,0x07fc,0x0748,0x0748,0x0180,0x0180 + .short 0x0842,0x0842,0x0c79,0x0c79,0x04c2,0x04c2,0x07ca,0x07ca + .short 0x0997,0x0997,0x00dc,0x00dc,0x085e,0x085e,0x0686,0x0686 + .short 0x0860,0x0860,0x0707,0x0707,0x0803,0x0803,0x031a,0x031a + .short 0x071b,0x071b,0x09ab,0x09ab,0x099b,0x099b,0x01de,0x01de + .short 0x0c95,0x0c95,0x0bcd,0x0bcd,0x03e4,0x03e4,0x03df,0x03df + .short 0x03be,0x03be,0x074d,0x074d,0x05f2,0x05f2,0x065c,0x065c +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_zetas_qinv, %object + .section .rodata + .size L_kyber_aarch64_zetas_qinv, 576 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_zetas_qinv: + .short 0xffed,0x7b0b,0x399a,0x0314,0x34d5,0xcf8e,0x6e1f,0xbeca + .short 0xae56,0x6c6e,0xf129,0xc2b6,0x29c2,0x054f,0xd43f,0x79bc + .short 0xe93d,0x43d4,0x9908,0x8e7f,0x15c4,0xfbb2,0x53bf,0x997f + .short 0x9258,0x5ef9,0xd6dc,0x2260,0x47fb,0x229b,0x6834,0xc0de + .short 0xe9c7,0xe9c7,0xe9c7,0xe9c7,0xe68c,0xe68c,0xe68c,0xe68c + .short 0x05d9,0x05d9,0x05d9,0x05d9,0x78f7,0x78f7,0x78f7,0x78f7 + .short 0xa3f4,0xa3f4,0xa3f4,0xa3f4,0x4ed3,0x4ed3,0x4ed3,0x4ed3 + .short 0x50e7,0x50e7,0x50e7,0x50e7,0x61f9,0x61f9,0x61f9,0x61f9 + .short 0xce04,0xce04,0xce04,0xce04,0x67f9,0x67f9,0x67f9,0x67f9 + .short 0x3ec1,0x3ec1,0x3ec1,0x3ec1,0xcf67,0xcf67,0xcf67,0xcf67 + .short 0x23af,0x23af,0x23af,0x23af,0xfd77,0xfd77,0xfd77,0xfd77 + .short 0x9a7e,0x9a7e,0x9a7e,0x9a7e,0x6cbd,0x6cbd,0x6cbd,0x6cbd + .short 0x4dac,0x4dac,0x4dac,0x4dac,0x91a7,0x91a7,0x91a7,0x91a7 + .short 0xc1f2,0xc1f2,0xc1f2,0xc1f2,0xdd3e,0xdd3e,0xdd3e,0xdd3e + .short 0x916b,0x916b,0x916b,0x916b,0x2374,0x2374,0x2374,0x2374 + .short 0x8a0a,0x8a0a,0x8a0a,0x8a0a,0x474a,0x474a,0x474a,0x474a + .short 0x3473,0x3473,0x3473,0x3473,0x36c1,0x36c1,0x36c1,0x36c1 + .short 0x8e1d,0x8e1d,0x8e1d,0x8e1d,0xce2c,0xce2c,0xce2c,0xce2c + .short 0x41c0,0x41c0,0x41c0,0x41c0,0x10d8,0x10d8,0x10d8,0x10d8 + .short 0xa1a5,0xa1a5,0xa1a5,0xa1a5,0xba06,0xba06,0xba06,0xba06 + .short 0xfeb2,0xfeb2,0x2bae,0x2bae,0xd32b,0xd32b,0x344b,0x344b + .short 0x821e,0x821e,0xc867,0xc867,0x500e,0x500e,0xab69,0xab69 + .short 0x93a6,0x93a6,0x334b,0x334b,0x03b1,0x03b1,0xee16,0xee16 + .short 0xc5de,0xc5de,0x5a35,0x5a35,0x1826,0x1826,0x1575,0x1575 + .short 0x7d0b,0x7d0b,0x810a,0x810a,0x2987,0x2987,0x766e,0x766e + .short 0x71f8,0x71f8,0xb6cb,0xb6cb,0x8fa7,0x8fa7,0x315f,0x315f + .short 0xb7cb,0xb7cb,0x4e84,0x4e84,0x4499,0x4499,0x485d,0x485d + .short 0xc7a2,0xc7a2,0x4c49,0x4c49,0xeb65,0xeb65,0xceb6,0xceb6 + .short 0x8631,0x8631,0x4f49,0x4f49,0x635b,0x635b,0x0862,0x0862 + .short 0xe32a,0xe32a,0x3bfc,0x3bfc,0x5f48,0x5f48,0x8180,0x8180 + .short 0xae42,0xae42,0xe779,0xe779,0x2ac2,0x2ac2,0xc5ca,0xc5ca + .short 0x5e97,0x5e97,0xd4dc,0xd4dc,0x425e,0x425e,0x3886,0x3886 + .short 0x2860,0x2860,0xac07,0xac07,0xe103,0xe103,0xb11a,0xb11a + .short 0xa81b,0xa81b,0x5aab,0x5aab,0x2a9b,0x2a9b,0xbbde,0xbbde + .short 0x7b95,0x7b95,0xa2cd,0xa2cd,0x6fe4,0x6fe4,0xb0df,0xb0df + .short 0x5dbe,0x5dbe,0x1e4d,0x1e4d,0xbbf2,0xbbf2,0x5a5c,0x5a5c +#ifndef __APPLE__ +.text +.globl kyber_ntt +.type kyber_ntt,@function +.align 2 +kyber_ntt: +#else +.section __TEXT,__text +.globl _kyber_ntt +.p2align 2 +_kyber_ntt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_zetas + add x2, x2, :lo12:L_kyber_aarch64_zetas +#else + adrp x2, L_kyber_aarch64_zetas@PAGE + add x2, x2, :lo12:L_kyber_aarch64_zetas@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_zetas_qinv + add x3, x3, :lo12:L_kyber_aarch64_zetas_qinv +#else + adrp x3, L_kyber_aarch64_zetas_qinv@PAGE + add x3, x3, :lo12:L_kyber_aarch64_zetas_qinv@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_consts + add x4, x4, :lo12:L_kyber_aarch64_consts +#else + adrp x4, L_kyber_aarch64_consts@PAGE + add x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + add x1, x0, #0x100 + ldr q4, [x4] + ldr q5, [x0] + ldr q6, [x0, #32] + ldr q7, [x0, #64] + ldr q8, [x0, #96] + ldr q9, [x0, #128] + ldr q10, [x0, #160] + ldr q11, [x0, #192] + ldr q12, [x0, #224] + ldr q13, [x1] + ldr q14, [x1, #32] + ldr q15, [x1, #64] + ldr q16, [x1, #96] + ldr q17, [x1, #128] + ldr q18, [x1, #160] + ldr q19, [x1, #192] + ldr q20, [x1, #224] + ldr q0, [x2] + ldr q1, [x3] + mul v29.8h, v13.8h, v1.h[1] + mul v30.8h, v14.8h, v1.h[1] + sqrdmulh v21.8h, v13.8h, v0.h[1] + sqrdmulh v22.8h, v14.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v15.8h, v1.h[1] + mul v30.8h, v16.8h, v1.h[1] + sqrdmulh v23.8h, v15.8h, v0.h[1] + sqrdmulh v24.8h, v16.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v17.8h, v1.h[1] + mul v30.8h, v18.8h, v1.h[1] + sqrdmulh v25.8h, v17.8h, v0.h[1] + sqrdmulh v26.8h, v18.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[1] + mul v30.8h, v20.8h, v1.h[1] + sqrdmulh v27.8h, v19.8h, v0.h[1] + sqrdmulh v28.8h, v20.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v13.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v14.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v15.8h, v7.8h, v23.8h + add v7.8h, v7.8h, v23.8h + sub v16.8h, v8.8h, v24.8h + add v8.8h, v8.8h, v24.8h + sub v17.8h, v9.8h, v25.8h + add v9.8h, v9.8h, v25.8h + sub v18.8h, v10.8h, v26.8h + add v10.8h, v10.8h, v26.8h + sub v19.8h, v11.8h, v27.8h + add v11.8h, v11.8h, v27.8h + sub v20.8h, v12.8h, v28.8h + add v12.8h, v12.8h, v28.8h + mul v29.8h, v9.8h, v1.h[2] + mul v30.8h, v10.8h, v1.h[2] + sqrdmulh v21.8h, v9.8h, v0.h[2] + sqrdmulh v22.8h, v10.8h, v0.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v11.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[2] + sqrdmulh v23.8h, v11.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v17.8h, v1.h[3] + mul v30.8h, v18.8h, v1.h[3] + sqrdmulh v25.8h, v17.8h, v0.h[3] + sqrdmulh v26.8h, v18.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[3] + mul v30.8h, v20.8h, v1.h[3] + sqrdmulh v27.8h, v19.8h, v0.h[3] + sqrdmulh v28.8h, v20.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v9.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v10.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v11.8h, v7.8h, v23.8h + add v7.8h, v7.8h, v23.8h + sub v12.8h, v8.8h, v24.8h + add v8.8h, v8.8h, v24.8h + sub v17.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v18.8h, v14.8h, v26.8h + add v14.8h, v14.8h, v26.8h + sub v19.8h, v15.8h, v27.8h + add v15.8h, v15.8h, v27.8h + sub v20.8h, v16.8h, v28.8h + add v16.8h, v16.8h, v28.8h + mul v29.8h, v7.8h, v1.h[4] + mul v30.8h, v8.8h, v1.h[4] + sqrdmulh v21.8h, v7.8h, v0.h[4] + sqrdmulh v22.8h, v8.8h, v0.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v11.8h, v1.h[5] + mul v30.8h, v12.8h, v1.h[5] + sqrdmulh v23.8h, v11.8h, v0.h[5] + sqrdmulh v24.8h, v12.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v15.8h, v1.h[6] + mul v30.8h, v16.8h, v1.h[6] + sqrdmulh v25.8h, v15.8h, v0.h[6] + sqrdmulh v26.8h, v16.8h, v0.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[7] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v19.8h, v0.h[7] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v7.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v11.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v10.8h, v24.8h + add v10.8h, v10.8h, v24.8h + sub v15.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v14.8h, v26.8h + add v14.8h, v14.8h, v26.8h + sub v19.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v18.8h, v28.8h + add v18.8h, v18.8h, v28.8h + ldr q0, [x2, #16] + ldr q1, [x3, #16] + mul v29.8h, v6.8h, v1.h[0] + mul v30.8h, v8.8h, v1.h[1] + sqrdmulh v21.8h, v6.8h, v0.h[0] + sqrdmulh v22.8h, v8.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v10.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[3] + sqrdmulh v23.8h, v10.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v14.8h, v1.h[4] + mul v30.8h, v16.8h, v1.h[5] + sqrdmulh v25.8h, v14.8h, v0.h[4] + sqrdmulh v26.8h, v16.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v18.8h, v1.h[6] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v18.8h, v0.h[6] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + str q5, [x0] + str q6, [x0, #32] + str q7, [x0, #64] + str q8, [x0, #96] + str q9, [x0, #128] + str q10, [x0, #160] + str q11, [x0, #192] + str q12, [x0, #224] + str q13, [x1] + str q14, [x1, #32] + str q15, [x1, #64] + str q16, [x1, #96] + str q17, [x1, #128] + str q18, [x1, #160] + str q19, [x1, #192] + str q20, [x1, #224] + ldr q5, [x0, #16] + ldr q6, [x0, #48] + ldr q7, [x0, #80] + ldr q8, [x0, #112] + ldr q9, [x0, #144] + ldr q10, [x0, #176] + ldr q11, [x0, #208] + ldr q12, [x0, #240] + ldr q13, [x1, #16] + ldr q14, [x1, #48] + ldr q15, [x1, #80] + ldr q16, [x1, #112] + ldr q17, [x1, #144] + ldr q18, [x1, #176] + ldr q19, [x1, #208] + ldr q20, [x1, #240] + ldr q0, [x2] + ldr q1, [x3] + mul v29.8h, v13.8h, v1.h[1] + mul v30.8h, v14.8h, v1.h[1] + sqrdmulh v21.8h, v13.8h, v0.h[1] + sqrdmulh v22.8h, v14.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v15.8h, v1.h[1] + mul v30.8h, v16.8h, v1.h[1] + sqrdmulh v23.8h, v15.8h, v0.h[1] + sqrdmulh v24.8h, v16.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v17.8h, v1.h[1] + mul v30.8h, v18.8h, v1.h[1] + sqrdmulh v25.8h, v17.8h, v0.h[1] + sqrdmulh v26.8h, v18.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[1] + mul v30.8h, v20.8h, v1.h[1] + sqrdmulh v27.8h, v19.8h, v0.h[1] + sqrdmulh v28.8h, v20.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v13.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v14.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v15.8h, v7.8h, v23.8h + add v7.8h, v7.8h, v23.8h + sub v16.8h, v8.8h, v24.8h + add v8.8h, v8.8h, v24.8h + sub v17.8h, v9.8h, v25.8h + add v9.8h, v9.8h, v25.8h + sub v18.8h, v10.8h, v26.8h + add v10.8h, v10.8h, v26.8h + sub v19.8h, v11.8h, v27.8h + add v11.8h, v11.8h, v27.8h + sub v20.8h, v12.8h, v28.8h + add v12.8h, v12.8h, v28.8h + mul v29.8h, v9.8h, v1.h[2] + mul v30.8h, v10.8h, v1.h[2] + sqrdmulh v21.8h, v9.8h, v0.h[2] + sqrdmulh v22.8h, v10.8h, v0.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v11.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[2] + sqrdmulh v23.8h, v11.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v17.8h, v1.h[3] + mul v30.8h, v18.8h, v1.h[3] + sqrdmulh v25.8h, v17.8h, v0.h[3] + sqrdmulh v26.8h, v18.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[3] + mul v30.8h, v20.8h, v1.h[3] + sqrdmulh v27.8h, v19.8h, v0.h[3] + sqrdmulh v28.8h, v20.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v9.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v10.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v11.8h, v7.8h, v23.8h + add v7.8h, v7.8h, v23.8h + sub v12.8h, v8.8h, v24.8h + add v8.8h, v8.8h, v24.8h + sub v17.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v18.8h, v14.8h, v26.8h + add v14.8h, v14.8h, v26.8h + sub v19.8h, v15.8h, v27.8h + add v15.8h, v15.8h, v27.8h + sub v20.8h, v16.8h, v28.8h + add v16.8h, v16.8h, v28.8h + mul v29.8h, v7.8h, v1.h[4] + mul v30.8h, v8.8h, v1.h[4] + sqrdmulh v21.8h, v7.8h, v0.h[4] + sqrdmulh v22.8h, v8.8h, v0.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v11.8h, v1.h[5] + mul v30.8h, v12.8h, v1.h[5] + sqrdmulh v23.8h, v11.8h, v0.h[5] + sqrdmulh v24.8h, v12.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v15.8h, v1.h[6] + mul v30.8h, v16.8h, v1.h[6] + sqrdmulh v25.8h, v15.8h, v0.h[6] + sqrdmulh v26.8h, v16.8h, v0.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v19.8h, v1.h[7] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v19.8h, v0.h[7] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v7.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v6.8h, v22.8h + add v6.8h, v6.8h, v22.8h + sub v11.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v10.8h, v24.8h + add v10.8h, v10.8h, v24.8h + sub v15.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v14.8h, v26.8h + add v14.8h, v14.8h, v26.8h + sub v19.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v18.8h, v28.8h + add v18.8h, v18.8h, v28.8h + ldr q0, [x2, #16] + ldr q1, [x3, #16] + mul v29.8h, v6.8h, v1.h[0] + mul v30.8h, v8.8h, v1.h[1] + sqrdmulh v21.8h, v6.8h, v0.h[0] + sqrdmulh v22.8h, v8.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v10.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[3] + sqrdmulh v23.8h, v10.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v14.8h, v1.h[4] + mul v30.8h, v16.8h, v1.h[5] + sqrdmulh v25.8h, v14.8h, v0.h[4] + sqrdmulh v26.8h, v16.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v18.8h, v1.h[6] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v18.8h, v0.h[6] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + str q5, [x0, #16] + str q6, [x0, #48] + str q7, [x0, #80] + str q8, [x0, #112] + str q9, [x0, #144] + str q10, [x0, #176] + str q11, [x0, #208] + str q12, [x0, #240] + str q13, [x1, #16] + str q14, [x1, #48] + str q15, [x1, #80] + str q16, [x1, #112] + str q17, [x1, #144] + str q18, [x1, #176] + str q19, [x1, #208] + str q20, [x1, #240] + ldp q5, q6, [x0] + ldp q7, q8, [x0, #32] + ldp q9, q10, [x0, #64] + ldp q11, q12, [x0, #96] + ldp q13, q14, [x0, #128] + ldp q15, q16, [x0, #160] + ldp q17, q18, [x0, #192] + ldp q19, q20, [x0, #224] + ldr q0, [x2, #32] + ldr q1, [x3, #32] + mul v29.8h, v6.8h, v1.h[0] + mul v30.8h, v8.8h, v1.h[1] + sqrdmulh v21.8h, v6.8h, v0.h[0] + sqrdmulh v22.8h, v8.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v10.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[3] + sqrdmulh v23.8h, v10.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v14.8h, v1.h[4] + mul v30.8h, v16.8h, v1.h[5] + sqrdmulh v25.8h, v14.8h, v0.h[4] + sqrdmulh v26.8h, v16.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v18.8h, v1.h[6] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v18.8h, v0.h[6] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + ldr q0, [x2, #64] + ldr q2, [x2, #80] + ldr q1, [x3, #64] + ldr q3, [x3, #80] + mov v29.16b, v5.16b + mov v30.16b, v7.16b + trn1 v5.2d, v5.2d, v6.2d + trn1 v7.2d, v7.2d, v8.2d + trn2 v6.2d, v29.2d, v6.2d + trn2 v8.2d, v30.2d, v8.2d + mul v29.8h, v6.8h, v1.8h + mul v30.8h, v8.8h, v3.8h + sqrdmulh v21.8h, v6.8h, v0.8h + sqrdmulh v22.8h, v8.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + ldr q0, [x2, #96] + ldr q2, [x2, #112] + ldr q1, [x3, #96] + ldr q3, [x3, #112] + mov v29.16b, v9.16b + mov v30.16b, v11.16b + trn1 v9.2d, v9.2d, v10.2d + trn1 v11.2d, v11.2d, v12.2d + trn2 v10.2d, v29.2d, v10.2d + trn2 v12.2d, v30.2d, v12.2d + mul v29.8h, v10.8h, v1.8h + mul v30.8h, v12.8h, v3.8h + sqrdmulh v23.8h, v10.8h, v0.8h + sqrdmulh v24.8h, v12.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #128] + ldr q2, [x2, #144] + ldr q1, [x3, #128] + ldr q3, [x3, #144] + mov v29.16b, v13.16b + mov v30.16b, v15.16b + trn1 v13.2d, v13.2d, v14.2d + trn1 v15.2d, v15.2d, v16.2d + trn2 v14.2d, v29.2d, v14.2d + trn2 v16.2d, v30.2d, v16.2d + mul v29.8h, v14.8h, v1.8h + mul v30.8h, v16.8h, v3.8h + sqrdmulh v25.8h, v14.8h, v0.8h + sqrdmulh v26.8h, v16.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + ldr q0, [x2, #160] + ldr q2, [x2, #176] + ldr q1, [x3, #160] + ldr q3, [x3, #176] + mov v29.16b, v17.16b + mov v30.16b, v19.16b + trn1 v17.2d, v17.2d, v18.2d + trn1 v19.2d, v19.2d, v20.2d + trn2 v18.2d, v29.2d, v18.2d + trn2 v20.2d, v30.2d, v20.2d + mul v29.8h, v18.8h, v1.8h + mul v30.8h, v20.8h, v3.8h + sqrdmulh v27.8h, v18.8h, v0.8h + sqrdmulh v28.8h, v20.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + ldr q0, [x2, #320] + ldr q2, [x2, #336] + ldr q1, [x3, #320] + ldr q3, [x3, #336] + mov v29.16b, v5.16b + mov v30.16b, v7.16b + trn1 v5.4s, v5.4s, v6.4s + trn1 v7.4s, v7.4s, v8.4s + trn2 v6.4s, v29.4s, v6.4s + trn2 v8.4s, v30.4s, v8.4s + mul v29.8h, v6.8h, v1.8h + mul v30.8h, v8.8h, v3.8h + sqrdmulh v21.8h, v6.8h, v0.8h + sqrdmulh v22.8h, v8.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + ldr q0, [x2, #352] + ldr q2, [x2, #368] + ldr q1, [x3, #352] + ldr q3, [x3, #368] + mov v29.16b, v9.16b + mov v30.16b, v11.16b + trn1 v9.4s, v9.4s, v10.4s + trn1 v11.4s, v11.4s, v12.4s + trn2 v10.4s, v29.4s, v10.4s + trn2 v12.4s, v30.4s, v12.4s + mul v29.8h, v10.8h, v1.8h + mul v30.8h, v12.8h, v3.8h + sqrdmulh v23.8h, v10.8h, v0.8h + sqrdmulh v24.8h, v12.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #384] + ldr q2, [x2, #400] + ldr q1, [x3, #384] + ldr q3, [x3, #400] + mov v29.16b, v13.16b + mov v30.16b, v15.16b + trn1 v13.4s, v13.4s, v14.4s + trn1 v15.4s, v15.4s, v16.4s + trn2 v14.4s, v29.4s, v14.4s + trn2 v16.4s, v30.4s, v16.4s + mul v29.8h, v14.8h, v1.8h + mul v30.8h, v16.8h, v3.8h + sqrdmulh v25.8h, v14.8h, v0.8h + sqrdmulh v26.8h, v16.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + ldr q0, [x2, #416] + ldr q2, [x2, #432] + ldr q1, [x3, #416] + ldr q3, [x3, #432] + mov v29.16b, v17.16b + mov v30.16b, v19.16b + trn1 v17.4s, v17.4s, v18.4s + trn1 v19.4s, v19.4s, v20.4s + trn2 v18.4s, v29.4s, v18.4s + trn2 v20.4s, v30.4s, v20.4s + mul v29.8h, v18.8h, v1.8h + mul v30.8h, v20.8h, v3.8h + sqrdmulh v27.8h, v18.8h, v0.8h + sqrdmulh v28.8h, v20.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + sqdmulh v21.8h, v5.8h, v4.h[2] + sqdmulh v22.8h, v6.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v5.8h, v21.8h, v4.h[0] + mls v6.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v7.8h, v4.h[2] + sqdmulh v22.8h, v8.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v7.8h, v21.8h, v4.h[0] + mls v8.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v9.8h, v4.h[2] + sqdmulh v22.8h, v10.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v9.8h, v21.8h, v4.h[0] + mls v10.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v11.8h, v4.h[2] + sqdmulh v22.8h, v12.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v11.8h, v21.8h, v4.h[0] + mls v12.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v13.8h, v4.h[2] + sqdmulh v22.8h, v14.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v13.8h, v21.8h, v4.h[0] + mls v14.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v15.8h, v4.h[2] + sqdmulh v22.8h, v16.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v15.8h, v21.8h, v4.h[0] + mls v16.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v17.8h, v4.h[2] + sqdmulh v22.8h, v18.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v17.8h, v21.8h, v4.h[0] + mls v18.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v19.8h, v4.h[2] + sqdmulh v22.8h, v20.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v19.8h, v21.8h, v4.h[0] + mls v20.8h, v22.8h, v4.h[0] + mov v29.16b, v5.16b + trn1 v5.4s, v5.4s, v6.4s + trn2 v6.4s, v29.4s, v6.4s + mov v29.16b, v5.16b + trn1 v5.2d, v5.2d, v6.2d + trn2 v6.2d, v29.2d, v6.2d + mov v29.16b, v7.16b + trn1 v7.4s, v7.4s, v8.4s + trn2 v8.4s, v29.4s, v8.4s + mov v29.16b, v7.16b + trn1 v7.2d, v7.2d, v8.2d + trn2 v8.2d, v29.2d, v8.2d + mov v29.16b, v9.16b + trn1 v9.4s, v9.4s, v10.4s + trn2 v10.4s, v29.4s, v10.4s + mov v29.16b, v9.16b + trn1 v9.2d, v9.2d, v10.2d + trn2 v10.2d, v29.2d, v10.2d + mov v29.16b, v11.16b + trn1 v11.4s, v11.4s, v12.4s + trn2 v12.4s, v29.4s, v12.4s + mov v29.16b, v11.16b + trn1 v11.2d, v11.2d, v12.2d + trn2 v12.2d, v29.2d, v12.2d + mov v29.16b, v13.16b + trn1 v13.4s, v13.4s, v14.4s + trn2 v14.4s, v29.4s, v14.4s + mov v29.16b, v13.16b + trn1 v13.2d, v13.2d, v14.2d + trn2 v14.2d, v29.2d, v14.2d + mov v29.16b, v15.16b + trn1 v15.4s, v15.4s, v16.4s + trn2 v16.4s, v29.4s, v16.4s + mov v29.16b, v15.16b + trn1 v15.2d, v15.2d, v16.2d + trn2 v16.2d, v29.2d, v16.2d + mov v29.16b, v17.16b + trn1 v17.4s, v17.4s, v18.4s + trn2 v18.4s, v29.4s, v18.4s + mov v29.16b, v17.16b + trn1 v17.2d, v17.2d, v18.2d + trn2 v18.2d, v29.2d, v18.2d + mov v29.16b, v19.16b + trn1 v19.4s, v19.4s, v20.4s + trn2 v20.4s, v29.4s, v20.4s + mov v29.16b, v19.16b + trn1 v19.2d, v19.2d, v20.2d + trn2 v20.2d, v29.2d, v20.2d + stp q5, q6, [x0] + stp q7, q8, [x0, #32] + stp q9, q10, [x0, #64] + stp q11, q12, [x0, #96] + stp q13, q14, [x0, #128] + stp q15, q16, [x0, #160] + stp q17, q18, [x0, #192] + stp q19, q20, [x0, #224] + ldp q5, q6, [x1] + ldp q7, q8, [x1, #32] + ldp q9, q10, [x1, #64] + ldp q11, q12, [x1, #96] + ldp q13, q14, [x1, #128] + ldp q15, q16, [x1, #160] + ldp q17, q18, [x1, #192] + ldp q19, q20, [x1, #224] + ldr q0, [x2, #48] + ldr q1, [x3, #48] + mul v29.8h, v6.8h, v1.h[0] + mul v30.8h, v8.8h, v1.h[1] + sqrdmulh v21.8h, v6.8h, v0.h[0] + sqrdmulh v22.8h, v8.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v29.8h, v10.8h, v1.h[2] + mul v30.8h, v12.8h, v1.h[3] + sqrdmulh v23.8h, v10.8h, v0.h[2] + sqrdmulh v24.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v29.8h, v14.8h, v1.h[4] + mul v30.8h, v16.8h, v1.h[5] + sqrdmulh v25.8h, v14.8h, v0.h[4] + sqrdmulh v26.8h, v16.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + mul v29.8h, v18.8h, v1.h[6] + mul v30.8h, v20.8h, v1.h[7] + sqrdmulh v27.8h, v18.8h, v0.h[6] + sqrdmulh v28.8h, v20.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + ldr q0, [x2, #192] + ldr q2, [x2, #208] + ldr q1, [x3, #192] + ldr q3, [x3, #208] + mov v29.16b, v5.16b + mov v30.16b, v7.16b + trn1 v5.2d, v5.2d, v6.2d + trn1 v7.2d, v7.2d, v8.2d + trn2 v6.2d, v29.2d, v6.2d + trn2 v8.2d, v30.2d, v8.2d + mul v29.8h, v6.8h, v1.8h + mul v30.8h, v8.8h, v3.8h + sqrdmulh v21.8h, v6.8h, v0.8h + sqrdmulh v22.8h, v8.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + ldr q0, [x2, #224] + ldr q2, [x2, #240] + ldr q1, [x3, #224] + ldr q3, [x3, #240] + mov v29.16b, v9.16b + mov v30.16b, v11.16b + trn1 v9.2d, v9.2d, v10.2d + trn1 v11.2d, v11.2d, v12.2d + trn2 v10.2d, v29.2d, v10.2d + trn2 v12.2d, v30.2d, v12.2d + mul v29.8h, v10.8h, v1.8h + mul v30.8h, v12.8h, v3.8h + sqrdmulh v23.8h, v10.8h, v0.8h + sqrdmulh v24.8h, v12.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #256] + ldr q2, [x2, #272] + ldr q1, [x3, #256] + ldr q3, [x3, #272] + mov v29.16b, v13.16b + mov v30.16b, v15.16b + trn1 v13.2d, v13.2d, v14.2d + trn1 v15.2d, v15.2d, v16.2d + trn2 v14.2d, v29.2d, v14.2d + trn2 v16.2d, v30.2d, v16.2d + mul v29.8h, v14.8h, v1.8h + mul v30.8h, v16.8h, v3.8h + sqrdmulh v25.8h, v14.8h, v0.8h + sqrdmulh v26.8h, v16.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + ldr q0, [x2, #288] + ldr q2, [x2, #304] + ldr q1, [x3, #288] + ldr q3, [x3, #304] + mov v29.16b, v17.16b + mov v30.16b, v19.16b + trn1 v17.2d, v17.2d, v18.2d + trn1 v19.2d, v19.2d, v20.2d + trn2 v18.2d, v29.2d, v18.2d + trn2 v20.2d, v30.2d, v20.2d + mul v29.8h, v18.8h, v1.8h + mul v30.8h, v20.8h, v3.8h + sqrdmulh v27.8h, v18.8h, v0.8h + sqrdmulh v28.8h, v20.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + ldr q0, [x2, #448] + ldr q2, [x2, #464] + ldr q1, [x3, #448] + ldr q3, [x3, #464] + mov v29.16b, v5.16b + mov v30.16b, v7.16b + trn1 v5.4s, v5.4s, v6.4s + trn1 v7.4s, v7.4s, v8.4s + trn2 v6.4s, v29.4s, v6.4s + trn2 v8.4s, v30.4s, v8.4s + mul v29.8h, v6.8h, v1.8h + mul v30.8h, v8.8h, v3.8h + sqrdmulh v21.8h, v6.8h, v0.8h + sqrdmulh v22.8h, v8.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v29.8h, v4.h[0] + sqrdmlsh v22.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v21.8h, v21.8h, v29.8h + sub v22.8h, v22.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + ldr q0, [x2, #480] + ldr q2, [x2, #496] + ldr q1, [x3, #480] + ldr q3, [x3, #496] + mov v29.16b, v9.16b + mov v30.16b, v11.16b + trn1 v9.4s, v9.4s, v10.4s + trn1 v11.4s, v11.4s, v12.4s + trn2 v10.4s, v29.4s, v10.4s + trn2 v12.4s, v30.4s, v12.4s + mul v29.8h, v10.8h, v1.8h + mul v30.8h, v12.8h, v3.8h + sqrdmulh v23.8h, v10.8h, v0.8h + sqrdmulh v24.8h, v12.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v29.8h, v4.h[0] + sqrdmlsh v24.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v23.8h, v23.8h, v29.8h + sub v24.8h, v24.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #512] + ldr q2, [x2, #528] + ldr q1, [x3, #512] + ldr q3, [x3, #528] + mov v29.16b, v13.16b + mov v30.16b, v15.16b + trn1 v13.4s, v13.4s, v14.4s + trn1 v15.4s, v15.4s, v16.4s + trn2 v14.4s, v29.4s, v14.4s + trn2 v16.4s, v30.4s, v16.4s + mul v29.8h, v14.8h, v1.8h + mul v30.8h, v16.8h, v3.8h + sqrdmulh v25.8h, v14.8h, v0.8h + sqrdmulh v26.8h, v16.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v25.8h, v29.8h, v4.h[0] + sqrdmlsh v26.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v25.8h, v25.8h, v29.8h + sub v26.8h, v26.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v25.8h, v25.8h, #1 + sshr v26.8h, v26.8h, #1 + ldr q0, [x2, #544] + ldr q2, [x2, #560] + ldr q1, [x3, #544] + ldr q3, [x3, #560] + mov v29.16b, v17.16b + mov v30.16b, v19.16b + trn1 v17.4s, v17.4s, v18.4s + trn1 v19.4s, v19.4s, v20.4s + trn2 v18.4s, v29.4s, v18.4s + trn2 v20.4s, v30.4s, v20.4s + mul v29.8h, v18.8h, v1.8h + mul v30.8h, v20.8h, v3.8h + sqrdmulh v27.8h, v18.8h, v0.8h + sqrdmulh v28.8h, v20.8h, v2.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v27.8h, v29.8h, v4.h[0] + sqrdmlsh v28.8h, v30.8h, v4.h[0] +#else + sqrdmulh v29.8h, v29.8h, v4.h[0] + sqrdmulh v30.8h, v30.8h, v4.h[0] + sub v27.8h, v27.8h, v29.8h + sub v28.8h, v28.8h, v30.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v27.8h, v27.8h, #1 + sshr v28.8h, v28.8h, #1 + sub v6.8h, v5.8h, v21.8h + add v5.8h, v5.8h, v21.8h + sub v8.8h, v7.8h, v22.8h + add v7.8h, v7.8h, v22.8h + sub v10.8h, v9.8h, v23.8h + add v9.8h, v9.8h, v23.8h + sub v12.8h, v11.8h, v24.8h + add v11.8h, v11.8h, v24.8h + sub v14.8h, v13.8h, v25.8h + add v13.8h, v13.8h, v25.8h + sub v16.8h, v15.8h, v26.8h + add v15.8h, v15.8h, v26.8h + sub v18.8h, v17.8h, v27.8h + add v17.8h, v17.8h, v27.8h + sub v20.8h, v19.8h, v28.8h + add v19.8h, v19.8h, v28.8h + sqdmulh v21.8h, v5.8h, v4.h[2] + sqdmulh v22.8h, v6.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v5.8h, v21.8h, v4.h[0] + mls v6.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v7.8h, v4.h[2] + sqdmulh v22.8h, v8.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v7.8h, v21.8h, v4.h[0] + mls v8.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v9.8h, v4.h[2] + sqdmulh v22.8h, v10.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v9.8h, v21.8h, v4.h[0] + mls v10.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v11.8h, v4.h[2] + sqdmulh v22.8h, v12.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v11.8h, v21.8h, v4.h[0] + mls v12.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v13.8h, v4.h[2] + sqdmulh v22.8h, v14.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v13.8h, v21.8h, v4.h[0] + mls v14.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v15.8h, v4.h[2] + sqdmulh v22.8h, v16.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v15.8h, v21.8h, v4.h[0] + mls v16.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v17.8h, v4.h[2] + sqdmulh v22.8h, v18.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v17.8h, v21.8h, v4.h[0] + mls v18.8h, v22.8h, v4.h[0] + sqdmulh v21.8h, v19.8h, v4.h[2] + sqdmulh v22.8h, v20.8h, v4.h[2] + sshr v21.8h, v21.8h, #11 + sshr v22.8h, v22.8h, #11 + mls v19.8h, v21.8h, v4.h[0] + mls v20.8h, v22.8h, v4.h[0] + mov v29.16b, v5.16b + trn1 v5.4s, v5.4s, v6.4s + trn2 v6.4s, v29.4s, v6.4s + mov v29.16b, v5.16b + trn1 v5.2d, v5.2d, v6.2d + trn2 v6.2d, v29.2d, v6.2d + mov v29.16b, v7.16b + trn1 v7.4s, v7.4s, v8.4s + trn2 v8.4s, v29.4s, v8.4s + mov v29.16b, v7.16b + trn1 v7.2d, v7.2d, v8.2d + trn2 v8.2d, v29.2d, v8.2d + mov v29.16b, v9.16b + trn1 v9.4s, v9.4s, v10.4s + trn2 v10.4s, v29.4s, v10.4s + mov v29.16b, v9.16b + trn1 v9.2d, v9.2d, v10.2d + trn2 v10.2d, v29.2d, v10.2d + mov v29.16b, v11.16b + trn1 v11.4s, v11.4s, v12.4s + trn2 v12.4s, v29.4s, v12.4s + mov v29.16b, v11.16b + trn1 v11.2d, v11.2d, v12.2d + trn2 v12.2d, v29.2d, v12.2d + mov v29.16b, v13.16b + trn1 v13.4s, v13.4s, v14.4s + trn2 v14.4s, v29.4s, v14.4s + mov v29.16b, v13.16b + trn1 v13.2d, v13.2d, v14.2d + trn2 v14.2d, v29.2d, v14.2d + mov v29.16b, v15.16b + trn1 v15.4s, v15.4s, v16.4s + trn2 v16.4s, v29.4s, v16.4s + mov v29.16b, v15.16b + trn1 v15.2d, v15.2d, v16.2d + trn2 v16.2d, v29.2d, v16.2d + mov v29.16b, v17.16b + trn1 v17.4s, v17.4s, v18.4s + trn2 v18.4s, v29.4s, v18.4s + mov v29.16b, v17.16b + trn1 v17.2d, v17.2d, v18.2d + trn2 v18.2d, v29.2d, v18.2d + mov v29.16b, v19.16b + trn1 v19.4s, v19.4s, v20.4s + trn2 v20.4s, v29.4s, v20.4s + mov v29.16b, v19.16b + trn1 v19.2d, v19.2d, v20.2d + trn2 v20.2d, v29.2d, v20.2d + stp q5, q6, [x1] + stp q7, q8, [x1, #32] + stp q9, q10, [x1, #64] + stp q11, q12, [x1, #96] + stp q13, q14, [x1, #128] + stp q15, q16, [x1, #160] + stp q17, q18, [x1, #192] + stp q19, q20, [x1, #224] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_ntt,.-kyber_ntt +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_zetas_inv, %object + .section .rodata + .size L_kyber_aarch64_zetas_inv, 576 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_zetas_inv: + .short 0x06a5,0x06a5,0x070f,0x070f,0x05b4,0x05b4,0x0943,0x0943 + .short 0x0922,0x0922,0x091d,0x091d,0x0134,0x0134,0x006c,0x006c + .short 0x0b23,0x0b23,0x0366,0x0366,0x0356,0x0356,0x05e6,0x05e6 + .short 0x09e7,0x09e7,0x04fe,0x04fe,0x05fa,0x05fa,0x04a1,0x04a1 + .short 0x067b,0x067b,0x04a3,0x04a3,0x0c25,0x0c25,0x036a,0x036a + .short 0x0537,0x0537,0x083f,0x083f,0x0088,0x0088,0x04bf,0x04bf + .short 0x0b81,0x0b81,0x05b9,0x05b9,0x0505,0x0505,0x07d7,0x07d7 + .short 0x0a9f,0x0a9f,0x0aa6,0x0aa6,0x08b8,0x08b8,0x09d0,0x09d0 + .short 0x004b,0x004b,0x009c,0x009c,0x0bb8,0x0bb8,0x0b5f,0x0b5f + .short 0x0ba4,0x0ba4,0x0368,0x0368,0x0a7d,0x0a7d,0x0636,0x0636 + .short 0x08a2,0x08a2,0x025a,0x025a,0x0736,0x0736,0x0309,0x0309 + .short 0x0093,0x0093,0x087a,0x087a,0x09f7,0x09f7,0x00f6,0x00f6 + .short 0x068c,0x068c,0x06db,0x06db,0x01cc,0x01cc,0x0123,0x0123 + .short 0x00eb,0x00eb,0x0c50,0x0c50,0x0ab6,0x0ab6,0x0b5b,0x0b5b + .short 0x0c98,0x0c98,0x06f3,0x06f3,0x099a,0x099a,0x04e3,0x04e3 + .short 0x09b6,0x09b6,0x0ad6,0x0ad6,0x0b53,0x0b53,0x044f,0x044f + .short 0x04fb,0x04fb,0x04fb,0x04fb,0x0a5c,0x0a5c,0x0a5c,0x0a5c + .short 0x0429,0x0429,0x0429,0x0429,0x0b41,0x0b41,0x0b41,0x0b41 + .short 0x02d5,0x02d5,0x02d5,0x02d5,0x05e4,0x05e4,0x05e4,0x05e4 + .short 0x0940,0x0940,0x0940,0x0940,0x018e,0x018e,0x018e,0x018e + .short 0x03b7,0x03b7,0x03b7,0x03b7,0x00f7,0x00f7,0x00f7,0x00f7 + .short 0x058d,0x058d,0x058d,0x058d,0x0c96,0x0c96,0x0c96,0x0c96 + .short 0x09c3,0x09c3,0x09c3,0x09c3,0x010f,0x010f,0x010f,0x010f + .short 0x005a,0x005a,0x005a,0x005a,0x0355,0x0355,0x0355,0x0355 + .short 0x0744,0x0744,0x0744,0x0744,0x0c83,0x0c83,0x0c83,0x0c83 + .short 0x048a,0x048a,0x048a,0x048a,0x0652,0x0652,0x0652,0x0652 + .short 0x029a,0x029a,0x029a,0x029a,0x0140,0x0140,0x0140,0x0140 + .short 0x0008,0x0008,0x0008,0x0008,0x0afd,0x0afd,0x0afd,0x0afd + .short 0x0608,0x0608,0x0608,0x0608,0x011a,0x011a,0x011a,0x011a + .short 0x072e,0x072e,0x072e,0x072e,0x050d,0x050d,0x050d,0x050d + .short 0x090a,0x090a,0x090a,0x090a,0x0228,0x0228,0x0228,0x0228 + .short 0x0a75,0x0a75,0x0a75,0x0a75,0x083a,0x083a,0x083a,0x083a + .short 0x0623,0x00cd,0x0b66,0x0606,0x0aa1,0x0a25,0x0908,0x02a9 + .short 0x0082,0x0642,0x074f,0x033d,0x0b82,0x0bf9,0x052d,0x0ac4 + .short 0x0745,0x05c2,0x04b2,0x093f,0x0c4b,0x06d8,0x0a93,0x00ab + .short 0x0c37,0x0be2,0x0773,0x072c,0x05ed,0x0167,0x02f6,0x05a1 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_zetas_inv_qinv, %object + .section .rodata + .size L_kyber_aarch64_zetas_inv_qinv, 576 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_zetas_inv_qinv: + .short 0xa5a5,0xa5a5,0x440f,0x440f,0xe1b4,0xe1b4,0xa243,0xa243 + .short 0x4f22,0x4f22,0x901d,0x901d,0x5d34,0x5d34,0x846c,0x846c + .short 0x4423,0x4423,0xd566,0xd566,0xa556,0xa556,0x57e6,0x57e6 + .short 0x4ee7,0x4ee7,0x1efe,0x1efe,0x53fa,0x53fa,0xd7a1,0xd7a1 + .short 0xc77b,0xc77b,0xbda3,0xbda3,0x2b25,0x2b25,0xa16a,0xa16a + .short 0x3a37,0x3a37,0xd53f,0xd53f,0x1888,0x1888,0x51bf,0x51bf + .short 0x7e81,0x7e81,0xa0b9,0xa0b9,0xc405,0xc405,0x1cd7,0x1cd7 + .short 0xf79f,0xf79f,0x9ca6,0x9ca6,0xb0b8,0xb0b8,0x79d0,0x79d0 + .short 0x314b,0x314b,0x149c,0x149c,0xb3b8,0xb3b8,0x385f,0x385f + .short 0xb7a4,0xb7a4,0xbb68,0xbb68,0xb17d,0xb17d,0x4836,0x4836 + .short 0xcea2,0xcea2,0x705a,0x705a,0x4936,0x4936,0x8e09,0x8e09 + .short 0x8993,0x8993,0xd67a,0xd67a,0x7ef7,0x7ef7,0x82f6,0x82f6 + .short 0xea8c,0xea8c,0xe7db,0xe7db,0xa5cc,0xa5cc,0x3a23,0x3a23 + .short 0x11eb,0x11eb,0xfc50,0xfc50,0xccb6,0xccb6,0x6c5b,0x6c5b + .short 0x5498,0x5498,0xaff3,0xaff3,0x379a,0x379a,0x7de3,0x7de3 + .short 0xcbb6,0xcbb6,0x2cd6,0x2cd6,0xd453,0xd453,0x014f,0x014f + .short 0x45fb,0x45fb,0x45fb,0x45fb,0x5e5c,0x5e5c,0x5e5c,0x5e5c + .short 0xef29,0xef29,0xef29,0xef29,0xbe41,0xbe41,0xbe41,0xbe41 + .short 0x31d5,0x31d5,0x31d5,0x31d5,0x71e4,0x71e4,0x71e4,0x71e4 + .short 0xc940,0xc940,0xc940,0xc940,0xcb8e,0xcb8e,0xcb8e,0xcb8e + .short 0xb8b7,0xb8b7,0xb8b7,0xb8b7,0x75f7,0x75f7,0x75f7,0x75f7 + .short 0xdc8d,0xdc8d,0xdc8d,0xdc8d,0x6e96,0x6e96,0x6e96,0x6e96 + .short 0x22c3,0x22c3,0x22c3,0x22c3,0x3e0f,0x3e0f,0x3e0f,0x3e0f + .short 0x6e5a,0x6e5a,0x6e5a,0x6e5a,0xb255,0xb255,0xb255,0xb255 + .short 0x9344,0x9344,0x9344,0x9344,0x6583,0x6583,0x6583,0x6583 + .short 0x028a,0x028a,0x028a,0x028a,0xdc52,0xdc52,0xdc52,0xdc52 + .short 0x309a,0x309a,0x309a,0x309a,0xc140,0xc140,0xc140,0xc140 + .short 0x9808,0x9808,0x9808,0x9808,0x31fd,0x31fd,0x31fd,0x31fd + .short 0x9e08,0x9e08,0x9e08,0x9e08,0xaf1a,0xaf1a,0xaf1a,0xaf1a + .short 0xb12e,0xb12e,0xb12e,0xb12e,0x5c0d,0x5c0d,0x5c0d,0x5c0d + .short 0x870a,0x870a,0x870a,0x870a,0xfa28,0xfa28,0xfa28,0xfa28 + .short 0x1975,0x1975,0x1975,0x1975,0x163a,0x163a,0x163a,0x163a + .short 0x3f23,0x97cd,0xdd66,0xb806,0xdda1,0x2925,0xa108,0x6da9 + .short 0x6682,0xac42,0x044f,0xea3d,0x7182,0x66f9,0xbc2d,0x16c4 + .short 0x8645,0x2bc2,0xfab2,0xd63f,0x3d4b,0x0ed8,0x9393,0x51ab + .short 0x4137,0x91e2,0x3073,0xcb2c,0xfced,0xc667,0x84f6,0xd8a1 +#ifndef __APPLE__ +.text +.globl kyber_invntt +.type kyber_invntt,@function +.align 2 +kyber_invntt: +#else +.section __TEXT,__text +.globl _kyber_invntt +.p2align 2 +_kyber_invntt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_zetas_inv + add x2, x2, :lo12:L_kyber_aarch64_zetas_inv +#else + adrp x2, L_kyber_aarch64_zetas_inv@PAGE + add x2, x2, :lo12:L_kyber_aarch64_zetas_inv@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_zetas_inv_qinv + add x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv +#else + adrp x3, L_kyber_aarch64_zetas_inv_qinv@PAGE + add x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_consts + add x4, x4, :lo12:L_kyber_aarch64_consts +#else + adrp x4, L_kyber_aarch64_consts@PAGE + add x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + add x1, x0, #0x100 + ldr q8, [x4] + ldp q9, q10, [x0] + ldp q11, q12, [x0, #32] + ldp q13, q14, [x0, #64] + ldp q15, q16, [x0, #96] + ldp q17, q18, [x0, #128] + ldp q19, q20, [x0, #160] + ldp q21, q22, [x0, #192] + ldp q23, q24, [x0, #224] + mov v25.16b, v9.16b + trn1 v9.2d, v9.2d, v10.2d + trn2 v10.2d, v25.2d, v10.2d + mov v25.16b, v9.16b + trn1 v9.4s, v9.4s, v10.4s + trn2 v10.4s, v25.4s, v10.4s + mov v25.16b, v11.16b + trn1 v11.2d, v11.2d, v12.2d + trn2 v12.2d, v25.2d, v12.2d + mov v25.16b, v11.16b + trn1 v11.4s, v11.4s, v12.4s + trn2 v12.4s, v25.4s, v12.4s + mov v25.16b, v13.16b + trn1 v13.2d, v13.2d, v14.2d + trn2 v14.2d, v25.2d, v14.2d + mov v25.16b, v13.16b + trn1 v13.4s, v13.4s, v14.4s + trn2 v14.4s, v25.4s, v14.4s + mov v25.16b, v15.16b + trn1 v15.2d, v15.2d, v16.2d + trn2 v16.2d, v25.2d, v16.2d + mov v25.16b, v15.16b + trn1 v15.4s, v15.4s, v16.4s + trn2 v16.4s, v25.4s, v16.4s + mov v25.16b, v17.16b + trn1 v17.2d, v17.2d, v18.2d + trn2 v18.2d, v25.2d, v18.2d + mov v25.16b, v17.16b + trn1 v17.4s, v17.4s, v18.4s + trn2 v18.4s, v25.4s, v18.4s + mov v25.16b, v19.16b + trn1 v19.2d, v19.2d, v20.2d + trn2 v20.2d, v25.2d, v20.2d + mov v25.16b, v19.16b + trn1 v19.4s, v19.4s, v20.4s + trn2 v20.4s, v25.4s, v20.4s + mov v25.16b, v21.16b + trn1 v21.2d, v21.2d, v22.2d + trn2 v22.2d, v25.2d, v22.2d + mov v25.16b, v21.16b + trn1 v21.4s, v21.4s, v22.4s + trn2 v22.4s, v25.4s, v22.4s + mov v25.16b, v23.16b + trn1 v23.2d, v23.2d, v24.2d + trn2 v24.2d, v25.2d, v24.2d + mov v25.16b, v23.16b + trn1 v23.4s, v23.4s, v24.4s + trn2 v24.4s, v25.4s, v24.4s + ldr q0, [x2] + ldr q1, [x2, #16] + ldr q2, [x3] + ldr q3, [x3, #16] + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v10.8h, v26.8h, v0.8h + sqrdmulh v12.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + ldr q0, [x2, #32] + ldr q1, [x2, #48] + ldr q2, [x3, #32] + ldr q3, [x3, #48] + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v14.8h, v26.8h, v0.8h + sqrdmulh v16.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + ldr q0, [x2, #64] + ldr q1, [x2, #80] + ldr q2, [x3, #64] + ldr q3, [x3, #80] + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v18.8h, v26.8h, v0.8h + sqrdmulh v20.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + ldr q0, [x2, #96] + ldr q1, [x2, #112] + ldr q2, [x3, #96] + ldr q3, [x3, #112] + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v22.8h, v26.8h, v0.8h + sqrdmulh v24.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #256] + ldr q1, [x2, #272] + ldr q2, [x3, #256] + ldr q3, [x3, #272] + mov v25.16b, v9.16b + mov v26.16b, v11.16b + trn1 v9.4s, v9.4s, v10.4s + trn1 v11.4s, v11.4s, v12.4s + trn2 v10.4s, v25.4s, v10.4s + trn2 v12.4s, v26.4s, v12.4s + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v10.8h, v26.8h, v0.8h + sqrdmulh v12.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + ldr q0, [x2, #288] + ldr q1, [x2, #304] + ldr q2, [x3, #288] + ldr q3, [x3, #304] + mov v25.16b, v13.16b + mov v26.16b, v15.16b + trn1 v13.4s, v13.4s, v14.4s + trn1 v15.4s, v15.4s, v16.4s + trn2 v14.4s, v25.4s, v14.4s + trn2 v16.4s, v26.4s, v16.4s + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v14.8h, v26.8h, v0.8h + sqrdmulh v16.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + ldr q0, [x2, #320] + ldr q1, [x2, #336] + ldr q2, [x3, #320] + ldr q3, [x3, #336] + mov v25.16b, v17.16b + mov v26.16b, v19.16b + trn1 v17.4s, v17.4s, v18.4s + trn1 v19.4s, v19.4s, v20.4s + trn2 v18.4s, v25.4s, v18.4s + trn2 v20.4s, v26.4s, v20.4s + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v18.8h, v26.8h, v0.8h + sqrdmulh v20.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + ldr q0, [x2, #352] + ldr q1, [x2, #368] + ldr q2, [x3, #352] + ldr q3, [x3, #368] + mov v25.16b, v21.16b + mov v26.16b, v23.16b + trn1 v21.4s, v21.4s, v22.4s + trn1 v23.4s, v23.4s, v24.4s + trn2 v22.4s, v25.4s, v22.4s + trn2 v24.4s, v26.4s, v24.4s + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v22.8h, v26.8h, v0.8h + sqrdmulh v24.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #512] + ldr q2, [x3, #512] + mov v25.16b, v9.16b + mov v26.16b, v11.16b + trn1 v9.2d, v9.2d, v10.2d + trn1 v11.2d, v11.2d, v12.2d + trn2 v10.2d, v25.2d, v10.2d + trn2 v12.2d, v26.2d, v12.2d + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.h[0] + mul v27.8h, v28.8h, v2.h[1] + sqrdmulh v10.8h, v26.8h, v0.h[0] + sqrdmulh v12.8h, v28.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + mov v25.16b, v13.16b + mov v26.16b, v15.16b + trn1 v13.2d, v13.2d, v14.2d + trn1 v15.2d, v15.2d, v16.2d + trn2 v14.2d, v25.2d, v14.2d + trn2 v16.2d, v26.2d, v16.2d + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.h[2] + mul v27.8h, v28.8h, v2.h[3] + sqrdmulh v14.8h, v26.8h, v0.h[2] + sqrdmulh v16.8h, v28.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + mov v25.16b, v17.16b + mov v26.16b, v19.16b + trn1 v17.2d, v17.2d, v18.2d + trn1 v19.2d, v19.2d, v20.2d + trn2 v18.2d, v25.2d, v18.2d + trn2 v20.2d, v26.2d, v20.2d + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.h[4] + mul v27.8h, v28.8h, v2.h[5] + sqrdmulh v18.8h, v26.8h, v0.h[4] + sqrdmulh v20.8h, v28.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + mov v25.16b, v21.16b + mov v26.16b, v23.16b + trn1 v21.2d, v21.2d, v22.2d + trn1 v23.2d, v23.2d, v24.2d + trn2 v22.2d, v25.2d, v22.2d + trn2 v24.2d, v26.2d, v24.2d + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.h[6] + mul v27.8h, v28.8h, v2.h[7] + sqrdmulh v22.8h, v26.8h, v0.h[6] + sqrdmulh v24.8h, v28.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + sqdmulh v25.8h, v9.8h, v8.h[2] + sqdmulh v26.8h, v11.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v9.8h, v25.8h, v8.h[0] + mls v11.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v13.8h, v8.h[2] + sqdmulh v26.8h, v15.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v13.8h, v25.8h, v8.h[0] + mls v15.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v17.8h, v8.h[2] + sqdmulh v26.8h, v19.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v17.8h, v25.8h, v8.h[0] + mls v19.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v21.8h, v8.h[2] + sqdmulh v26.8h, v23.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v21.8h, v25.8h, v8.h[0] + mls v23.8h, v26.8h, v8.h[0] + stp q9, q10, [x0] + stp q11, q12, [x0, #32] + stp q13, q14, [x0, #64] + stp q15, q16, [x0, #96] + stp q17, q18, [x0, #128] + stp q19, q20, [x0, #160] + stp q21, q22, [x0, #192] + stp q23, q24, [x0, #224] + ldp q9, q10, [x1] + ldp q11, q12, [x1, #32] + ldp q13, q14, [x1, #64] + ldp q15, q16, [x1, #96] + ldp q17, q18, [x1, #128] + ldp q19, q20, [x1, #160] + ldp q21, q22, [x1, #192] + ldp q23, q24, [x1, #224] + mov v25.16b, v9.16b + trn1 v9.2d, v9.2d, v10.2d + trn2 v10.2d, v25.2d, v10.2d + mov v25.16b, v9.16b + trn1 v9.4s, v9.4s, v10.4s + trn2 v10.4s, v25.4s, v10.4s + mov v25.16b, v11.16b + trn1 v11.2d, v11.2d, v12.2d + trn2 v12.2d, v25.2d, v12.2d + mov v25.16b, v11.16b + trn1 v11.4s, v11.4s, v12.4s + trn2 v12.4s, v25.4s, v12.4s + mov v25.16b, v13.16b + trn1 v13.2d, v13.2d, v14.2d + trn2 v14.2d, v25.2d, v14.2d + mov v25.16b, v13.16b + trn1 v13.4s, v13.4s, v14.4s + trn2 v14.4s, v25.4s, v14.4s + mov v25.16b, v15.16b + trn1 v15.2d, v15.2d, v16.2d + trn2 v16.2d, v25.2d, v16.2d + mov v25.16b, v15.16b + trn1 v15.4s, v15.4s, v16.4s + trn2 v16.4s, v25.4s, v16.4s + mov v25.16b, v17.16b + trn1 v17.2d, v17.2d, v18.2d + trn2 v18.2d, v25.2d, v18.2d + mov v25.16b, v17.16b + trn1 v17.4s, v17.4s, v18.4s + trn2 v18.4s, v25.4s, v18.4s + mov v25.16b, v19.16b + trn1 v19.2d, v19.2d, v20.2d + trn2 v20.2d, v25.2d, v20.2d + mov v25.16b, v19.16b + trn1 v19.4s, v19.4s, v20.4s + trn2 v20.4s, v25.4s, v20.4s + mov v25.16b, v21.16b + trn1 v21.2d, v21.2d, v22.2d + trn2 v22.2d, v25.2d, v22.2d + mov v25.16b, v21.16b + trn1 v21.4s, v21.4s, v22.4s + trn2 v22.4s, v25.4s, v22.4s + mov v25.16b, v23.16b + trn1 v23.2d, v23.2d, v24.2d + trn2 v24.2d, v25.2d, v24.2d + mov v25.16b, v23.16b + trn1 v23.4s, v23.4s, v24.4s + trn2 v24.4s, v25.4s, v24.4s + ldr q0, [x2, #128] + ldr q1, [x2, #144] + ldr q2, [x3, #128] + ldr q3, [x3, #144] + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v10.8h, v26.8h, v0.8h + sqrdmulh v12.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + ldr q0, [x2, #160] + ldr q1, [x2, #176] + ldr q2, [x3, #160] + ldr q3, [x3, #176] + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v14.8h, v26.8h, v0.8h + sqrdmulh v16.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + ldr q0, [x2, #192] + ldr q1, [x2, #208] + ldr q2, [x3, #192] + ldr q3, [x3, #208] + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v18.8h, v26.8h, v0.8h + sqrdmulh v20.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + ldr q0, [x2, #224] + ldr q1, [x2, #240] + ldr q2, [x3, #224] + ldr q3, [x3, #240] + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v22.8h, v26.8h, v0.8h + sqrdmulh v24.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #384] + ldr q1, [x2, #400] + ldr q2, [x3, #384] + ldr q3, [x3, #400] + mov v25.16b, v9.16b + mov v26.16b, v11.16b + trn1 v9.4s, v9.4s, v10.4s + trn1 v11.4s, v11.4s, v12.4s + trn2 v10.4s, v25.4s, v10.4s + trn2 v12.4s, v26.4s, v12.4s + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v10.8h, v26.8h, v0.8h + sqrdmulh v12.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + ldr q0, [x2, #416] + ldr q1, [x2, #432] + ldr q2, [x3, #416] + ldr q3, [x3, #432] + mov v25.16b, v13.16b + mov v26.16b, v15.16b + trn1 v13.4s, v13.4s, v14.4s + trn1 v15.4s, v15.4s, v16.4s + trn2 v14.4s, v25.4s, v14.4s + trn2 v16.4s, v26.4s, v16.4s + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v14.8h, v26.8h, v0.8h + sqrdmulh v16.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + ldr q0, [x2, #448] + ldr q1, [x2, #464] + ldr q2, [x3, #448] + ldr q3, [x3, #464] + mov v25.16b, v17.16b + mov v26.16b, v19.16b + trn1 v17.4s, v17.4s, v18.4s + trn1 v19.4s, v19.4s, v20.4s + trn2 v18.4s, v25.4s, v18.4s + trn2 v20.4s, v26.4s, v20.4s + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v18.8h, v26.8h, v0.8h + sqrdmulh v20.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + ldr q0, [x2, #480] + ldr q1, [x2, #496] + ldr q2, [x3, #480] + ldr q3, [x3, #496] + mov v25.16b, v21.16b + mov v26.16b, v23.16b + trn1 v21.4s, v21.4s, v22.4s + trn1 v23.4s, v23.4s, v24.4s + trn2 v22.4s, v25.4s, v22.4s + trn2 v24.4s, v26.4s, v24.4s + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.8h + mul v27.8h, v28.8h, v3.8h + sqrdmulh v22.8h, v26.8h, v0.8h + sqrdmulh v24.8h, v28.8h, v1.8h +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + ldr q0, [x2, #528] + ldr q2, [x3, #528] + mov v25.16b, v9.16b + mov v26.16b, v11.16b + trn1 v9.2d, v9.2d, v10.2d + trn1 v11.2d, v11.2d, v12.2d + trn2 v10.2d, v25.2d, v10.2d + trn2 v12.2d, v26.2d, v12.2d + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v2.h[0] + mul v27.8h, v28.8h, v2.h[1] + sqrdmulh v10.8h, v26.8h, v0.h[0] + sqrdmulh v12.8h, v28.8h, v0.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + mov v25.16b, v13.16b + mov v26.16b, v15.16b + trn1 v13.2d, v13.2d, v14.2d + trn1 v15.2d, v15.2d, v16.2d + trn2 v14.2d, v25.2d, v14.2d + trn2 v16.2d, v26.2d, v16.2d + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v2.h[2] + mul v27.8h, v28.8h, v2.h[3] + sqrdmulh v14.8h, v26.8h, v0.h[2] + sqrdmulh v16.8h, v28.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + mov v25.16b, v17.16b + mov v26.16b, v19.16b + trn1 v17.2d, v17.2d, v18.2d + trn1 v19.2d, v19.2d, v20.2d + trn2 v18.2d, v25.2d, v18.2d + trn2 v20.2d, v26.2d, v20.2d + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v2.h[4] + mul v27.8h, v28.8h, v2.h[5] + sqrdmulh v18.8h, v26.8h, v0.h[4] + sqrdmulh v20.8h, v28.8h, v0.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + mov v25.16b, v21.16b + mov v26.16b, v23.16b + trn1 v21.2d, v21.2d, v22.2d + trn1 v23.2d, v23.2d, v24.2d + trn2 v22.2d, v25.2d, v22.2d + trn2 v24.2d, v26.2d, v24.2d + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v2.h[6] + mul v27.8h, v28.8h, v2.h[7] + sqrdmulh v22.8h, v26.8h, v0.h[6] + sqrdmulh v24.8h, v28.8h, v0.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + sqdmulh v25.8h, v9.8h, v8.h[2] + sqdmulh v26.8h, v11.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v9.8h, v25.8h, v8.h[0] + mls v11.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v13.8h, v8.h[2] + sqdmulh v26.8h, v15.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v13.8h, v25.8h, v8.h[0] + mls v15.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v17.8h, v8.h[2] + sqdmulh v26.8h, v19.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v17.8h, v25.8h, v8.h[0] + mls v19.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v21.8h, v8.h[2] + sqdmulh v26.8h, v23.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v21.8h, v25.8h, v8.h[0] + mls v23.8h, v26.8h, v8.h[0] + stp q9, q10, [x1] + stp q11, q12, [x1, #32] + stp q13, q14, [x1, #64] + stp q15, q16, [x1, #96] + stp q17, q18, [x1, #128] + stp q19, q20, [x1, #160] + stp q21, q22, [x1, #192] + stp q23, q24, [x1, #224] + ldr q4, [x2, #544] + ldr q5, [x2, #560] + ldr q6, [x3, #544] + ldr q7, [x3, #560] + ldr q9, [x0] + ldr q10, [x0, #32] + ldr q11, [x0, #64] + ldr q12, [x0, #96] + ldr q13, [x0, #128] + ldr q14, [x0, #160] + ldr q15, [x0, #192] + ldr q16, [x0, #224] + ldr q17, [x1] + ldr q18, [x1, #32] + ldr q19, [x1, #64] + ldr q20, [x1, #96] + ldr q21, [x1, #128] + ldr q22, [x1, #160] + ldr q23, [x1, #192] + ldr q24, [x1, #224] + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v6.h[0] + mul v27.8h, v28.8h, v6.h[1] + sqrdmulh v10.8h, v26.8h, v4.h[0] + sqrdmulh v12.8h, v28.8h, v4.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v6.h[2] + mul v27.8h, v28.8h, v6.h[3] + sqrdmulh v14.8h, v26.8h, v4.h[2] + sqrdmulh v16.8h, v28.8h, v4.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v6.h[4] + mul v27.8h, v28.8h, v6.h[5] + sqrdmulh v18.8h, v26.8h, v4.h[4] + sqrdmulh v20.8h, v28.8h, v4.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v6.h[6] + mul v27.8h, v28.8h, v6.h[7] + sqrdmulh v22.8h, v26.8h, v4.h[6] + sqrdmulh v24.8h, v28.8h, v4.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + sub v26.8h, v9.8h, v11.8h + sub v28.8h, v10.8h, v12.8h + add v9.8h, v9.8h, v11.8h + add v10.8h, v10.8h, v12.8h + mul v25.8h, v26.8h, v7.h[0] + mul v27.8h, v28.8h, v7.h[0] + sqrdmulh v11.8h, v26.8h, v5.h[0] + sqrdmulh v12.8h, v28.8h, v5.h[0] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v11.8h, v11.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + sub v26.8h, v13.8h, v15.8h + sub v28.8h, v14.8h, v16.8h + add v13.8h, v13.8h, v15.8h + add v14.8h, v14.8h, v16.8h + mul v25.8h, v26.8h, v7.h[1] + mul v27.8h, v28.8h, v7.h[1] + sqrdmulh v15.8h, v26.8h, v5.h[1] + sqrdmulh v16.8h, v28.8h, v5.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v19.8h + sub v28.8h, v18.8h, v20.8h + add v17.8h, v17.8h, v19.8h + add v18.8h, v18.8h, v20.8h + mul v25.8h, v26.8h, v7.h[2] + mul v27.8h, v28.8h, v7.h[2] + sqrdmulh v19.8h, v26.8h, v5.h[2] + sqrdmulh v20.8h, v28.8h, v5.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v21.8h, v23.8h + sub v28.8h, v22.8h, v24.8h + add v21.8h, v21.8h, v23.8h + add v22.8h, v22.8h, v24.8h + mul v25.8h, v26.8h, v7.h[3] + mul v27.8h, v28.8h, v7.h[3] + sqrdmulh v23.8h, v26.8h, v5.h[3] + sqrdmulh v24.8h, v28.8h, v5.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + sub v26.8h, v9.8h, v13.8h + sub v28.8h, v10.8h, v14.8h + add v9.8h, v9.8h, v13.8h + add v10.8h, v10.8h, v14.8h + mul v25.8h, v26.8h, v7.h[4] + mul v27.8h, v28.8h, v7.h[4] + sqrdmulh v13.8h, v26.8h, v5.h[4] + sqrdmulh v14.8h, v28.8h, v5.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v25.8h, v8.h[0] + sqrdmlsh v14.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v13.8h, v13.8h, v25.8h + sub v14.8h, v14.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + sub v26.8h, v11.8h, v15.8h + sub v28.8h, v12.8h, v16.8h + add v11.8h, v11.8h, v15.8h + add v12.8h, v12.8h, v16.8h + mul v25.8h, v26.8h, v7.h[4] + mul v27.8h, v28.8h, v7.h[4] + sqrdmulh v15.8h, v26.8h, v5.h[4] + sqrdmulh v16.8h, v28.8h, v5.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v21.8h + sub v28.8h, v18.8h, v22.8h + add v17.8h, v17.8h, v21.8h + add v18.8h, v18.8h, v22.8h + mul v25.8h, v26.8h, v7.h[5] + mul v27.8h, v28.8h, v7.h[5] + sqrdmulh v21.8h, v26.8h, v5.h[5] + sqrdmulh v22.8h, v28.8h, v5.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + sub v26.8h, v19.8h, v23.8h + sub v28.8h, v20.8h, v24.8h + add v19.8h, v19.8h, v23.8h + add v20.8h, v20.8h, v24.8h + mul v25.8h, v26.8h, v7.h[5] + mul v27.8h, v28.8h, v7.h[5] + sqrdmulh v23.8h, v26.8h, v5.h[5] + sqrdmulh v24.8h, v28.8h, v5.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + sqdmulh v25.8h, v9.8h, v8.h[2] + sqdmulh v26.8h, v10.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v9.8h, v25.8h, v8.h[0] + mls v10.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v11.8h, v8.h[2] + sqdmulh v26.8h, v12.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v11.8h, v25.8h, v8.h[0] + mls v12.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v17.8h, v8.h[2] + sqdmulh v26.8h, v18.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v17.8h, v25.8h, v8.h[0] + mls v18.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v19.8h, v8.h[2] + sqdmulh v26.8h, v20.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v19.8h, v25.8h, v8.h[0] + mls v20.8h, v26.8h, v8.h[0] + sub v26.8h, v9.8h, v17.8h + sub v28.8h, v10.8h, v18.8h + add v9.8h, v9.8h, v17.8h + add v10.8h, v10.8h, v18.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v17.8h, v26.8h, v5.h[6] + sqrdmulh v18.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v17.8h, v25.8h, v8.h[0] + sqrdmlsh v18.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v17.8h, v17.8h, v25.8h + sub v18.8h, v18.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v17.8h, v17.8h, #1 + sshr v18.8h, v18.8h, #1 + sub v26.8h, v11.8h, v19.8h + sub v28.8h, v12.8h, v20.8h + add v11.8h, v11.8h, v19.8h + add v12.8h, v12.8h, v20.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v19.8h, v26.8h, v5.h[6] + sqrdmulh v20.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v13.8h, v21.8h + sub v28.8h, v14.8h, v22.8h + add v13.8h, v13.8h, v21.8h + add v14.8h, v14.8h, v22.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v21.8h, v26.8h, v5.h[6] + sqrdmulh v22.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + sub v26.8h, v15.8h, v23.8h + sub v28.8h, v16.8h, v24.8h + add v15.8h, v15.8h, v23.8h + add v16.8h, v16.8h, v24.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v23.8h, v26.8h, v5.h[6] + sqrdmulh v24.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v25.8h, v9.8h, v7.h[7] + mul v26.8h, v10.8h, v7.h[7] + sqrdmulh v9.8h, v9.8h, v5.h[7] + sqrdmulh v10.8h, v10.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v9.8h, v25.8h, v8.h[0] + sqrdmlsh v10.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v9.8h, v9.8h, v25.8h + sub v10.8h, v10.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v9.8h, v9.8h, #1 + sshr v10.8h, v10.8h, #1 + mul v25.8h, v11.8h, v7.h[7] + mul v26.8h, v12.8h, v7.h[7] + sqrdmulh v11.8h, v11.8h, v5.h[7] + sqrdmulh v12.8h, v12.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v11.8h, v11.8h, v25.8h + sub v12.8h, v12.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + mul v25.8h, v13.8h, v7.h[7] + mul v26.8h, v14.8h, v7.h[7] + sqrdmulh v13.8h, v13.8h, v5.h[7] + sqrdmulh v14.8h, v14.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v25.8h, v8.h[0] + sqrdmlsh v14.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v13.8h, v13.8h, v25.8h + sub v14.8h, v14.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + mul v25.8h, v15.8h, v7.h[7] + mul v26.8h, v16.8h, v7.h[7] + sqrdmulh v15.8h, v15.8h, v5.h[7] + sqrdmulh v16.8h, v16.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + mul v25.8h, v17.8h, v7.h[7] + mul v26.8h, v18.8h, v7.h[7] + sqrdmulh v17.8h, v17.8h, v5.h[7] + sqrdmulh v18.8h, v18.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v17.8h, v25.8h, v8.h[0] + sqrdmlsh v18.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v17.8h, v17.8h, v25.8h + sub v18.8h, v18.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v17.8h, v17.8h, #1 + sshr v18.8h, v18.8h, #1 + mul v25.8h, v19.8h, v7.h[7] + mul v26.8h, v20.8h, v7.h[7] + sqrdmulh v19.8h, v19.8h, v5.h[7] + sqrdmulh v20.8h, v20.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + mul v25.8h, v21.8h, v7.h[7] + mul v26.8h, v22.8h, v7.h[7] + sqrdmulh v21.8h, v21.8h, v5.h[7] + sqrdmulh v22.8h, v22.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v25.8h, v23.8h, v7.h[7] + mul v26.8h, v24.8h, v7.h[7] + sqrdmulh v23.8h, v23.8h, v5.h[7] + sqrdmulh v24.8h, v24.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + str q9, [x0] + str q10, [x0, #32] + str q11, [x0, #64] + str q12, [x0, #96] + str q13, [x0, #128] + str q14, [x0, #160] + str q15, [x0, #192] + str q16, [x0, #224] + str q17, [x1] + str q18, [x1, #32] + str q19, [x1, #64] + str q20, [x1, #96] + str q21, [x1, #128] + str q22, [x1, #160] + str q23, [x1, #192] + str q24, [x1, #224] + ldr q9, [x0, #16] + ldr q10, [x0, #48] + ldr q11, [x0, #80] + ldr q12, [x0, #112] + ldr q13, [x0, #144] + ldr q14, [x0, #176] + ldr q15, [x0, #208] + ldr q16, [x0, #240] + ldr q17, [x1, #16] + ldr q18, [x1, #48] + ldr q19, [x1, #80] + ldr q20, [x1, #112] + ldr q21, [x1, #144] + ldr q22, [x1, #176] + ldr q23, [x1, #208] + ldr q24, [x1, #240] + sub v26.8h, v9.8h, v10.8h + sub v28.8h, v11.8h, v12.8h + add v9.8h, v9.8h, v10.8h + add v11.8h, v11.8h, v12.8h + mul v25.8h, v26.8h, v6.h[0] + mul v27.8h, v28.8h, v6.h[1] + sqrdmulh v10.8h, v26.8h, v4.h[0] + sqrdmulh v12.8h, v28.8h, v4.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v10.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v10.8h, v10.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v10.8h, v10.8h, #1 + sshr v12.8h, v12.8h, #1 + sub v26.8h, v13.8h, v14.8h + sub v28.8h, v15.8h, v16.8h + add v13.8h, v13.8h, v14.8h + add v15.8h, v15.8h, v16.8h + mul v25.8h, v26.8h, v6.h[2] + mul v27.8h, v28.8h, v6.h[3] + sqrdmulh v14.8h, v26.8h, v4.h[2] + sqrdmulh v16.8h, v28.8h, v4.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v14.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v14.8h, v14.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v14.8h, v14.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v18.8h + sub v28.8h, v19.8h, v20.8h + add v17.8h, v17.8h, v18.8h + add v19.8h, v19.8h, v20.8h + mul v25.8h, v26.8h, v6.h[4] + mul v27.8h, v28.8h, v6.h[5] + sqrdmulh v18.8h, v26.8h, v4.h[4] + sqrdmulh v20.8h, v28.8h, v4.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v18.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v18.8h, v18.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v18.8h, v18.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v21.8h, v22.8h + sub v28.8h, v23.8h, v24.8h + add v21.8h, v21.8h, v22.8h + add v23.8h, v23.8h, v24.8h + mul v25.8h, v26.8h, v6.h[6] + mul v27.8h, v28.8h, v6.h[7] + sqrdmulh v22.8h, v26.8h, v4.h[6] + sqrdmulh v24.8h, v28.8h, v4.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v22.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v22.8h, v22.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v22.8h, v22.8h, #1 + sshr v24.8h, v24.8h, #1 + sub v26.8h, v9.8h, v11.8h + sub v28.8h, v10.8h, v12.8h + add v9.8h, v9.8h, v11.8h + add v10.8h, v10.8h, v12.8h + mul v25.8h, v26.8h, v7.h[0] + mul v27.8h, v28.8h, v7.h[0] + sqrdmulh v11.8h, v26.8h, v5.h[0] + sqrdmulh v12.8h, v28.8h, v5.h[0] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v11.8h, v11.8h, v25.8h + sub v12.8h, v12.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + sub v26.8h, v13.8h, v15.8h + sub v28.8h, v14.8h, v16.8h + add v13.8h, v13.8h, v15.8h + add v14.8h, v14.8h, v16.8h + mul v25.8h, v26.8h, v7.h[1] + mul v27.8h, v28.8h, v7.h[1] + sqrdmulh v15.8h, v26.8h, v5.h[1] + sqrdmulh v16.8h, v28.8h, v5.h[1] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v19.8h + sub v28.8h, v18.8h, v20.8h + add v17.8h, v17.8h, v19.8h + add v18.8h, v18.8h, v20.8h + mul v25.8h, v26.8h, v7.h[2] + mul v27.8h, v28.8h, v7.h[2] + sqrdmulh v19.8h, v26.8h, v5.h[2] + sqrdmulh v20.8h, v28.8h, v5.h[2] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v21.8h, v23.8h + sub v28.8h, v22.8h, v24.8h + add v21.8h, v21.8h, v23.8h + add v22.8h, v22.8h, v24.8h + mul v25.8h, v26.8h, v7.h[3] + mul v27.8h, v28.8h, v7.h[3] + sqrdmulh v23.8h, v26.8h, v5.h[3] + sqrdmulh v24.8h, v28.8h, v5.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + sub v26.8h, v9.8h, v13.8h + sub v28.8h, v10.8h, v14.8h + add v9.8h, v9.8h, v13.8h + add v10.8h, v10.8h, v14.8h + mul v25.8h, v26.8h, v7.h[4] + mul v27.8h, v28.8h, v7.h[4] + sqrdmulh v13.8h, v26.8h, v5.h[4] + sqrdmulh v14.8h, v28.8h, v5.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v25.8h, v8.h[0] + sqrdmlsh v14.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v13.8h, v13.8h, v25.8h + sub v14.8h, v14.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + sub v26.8h, v11.8h, v15.8h + sub v28.8h, v12.8h, v16.8h + add v11.8h, v11.8h, v15.8h + add v12.8h, v12.8h, v16.8h + mul v25.8h, v26.8h, v7.h[4] + mul v27.8h, v28.8h, v7.h[4] + sqrdmulh v15.8h, v26.8h, v5.h[4] + sqrdmulh v16.8h, v28.8h, v5.h[4] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + sub v26.8h, v17.8h, v21.8h + sub v28.8h, v18.8h, v22.8h + add v17.8h, v17.8h, v21.8h + add v18.8h, v18.8h, v22.8h + mul v25.8h, v26.8h, v7.h[5] + mul v27.8h, v28.8h, v7.h[5] + sqrdmulh v21.8h, v26.8h, v5.h[5] + sqrdmulh v22.8h, v28.8h, v5.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + sub v26.8h, v19.8h, v23.8h + sub v28.8h, v20.8h, v24.8h + add v19.8h, v19.8h, v23.8h + add v20.8h, v20.8h, v24.8h + mul v25.8h, v26.8h, v7.h[5] + mul v27.8h, v28.8h, v7.h[5] + sqrdmulh v23.8h, v26.8h, v5.h[5] + sqrdmulh v24.8h, v28.8h, v5.h[5] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + sqdmulh v25.8h, v9.8h, v8.h[2] + sqdmulh v26.8h, v10.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v9.8h, v25.8h, v8.h[0] + mls v10.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v11.8h, v8.h[2] + sqdmulh v26.8h, v12.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v11.8h, v25.8h, v8.h[0] + mls v12.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v17.8h, v8.h[2] + sqdmulh v26.8h, v18.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v17.8h, v25.8h, v8.h[0] + mls v18.8h, v26.8h, v8.h[0] + sqdmulh v25.8h, v19.8h, v8.h[2] + sqdmulh v26.8h, v20.8h, v8.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v19.8h, v25.8h, v8.h[0] + mls v20.8h, v26.8h, v8.h[0] + sub v26.8h, v9.8h, v17.8h + sub v28.8h, v10.8h, v18.8h + add v9.8h, v9.8h, v17.8h + add v10.8h, v10.8h, v18.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v17.8h, v26.8h, v5.h[6] + sqrdmulh v18.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v17.8h, v25.8h, v8.h[0] + sqrdmlsh v18.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v17.8h, v17.8h, v25.8h + sub v18.8h, v18.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v17.8h, v17.8h, #1 + sshr v18.8h, v18.8h, #1 + sub v26.8h, v11.8h, v19.8h + sub v28.8h, v12.8h, v20.8h + add v11.8h, v11.8h, v19.8h + add v12.8h, v12.8h, v20.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v19.8h, v26.8h, v5.h[6] + sqrdmulh v20.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + sub v26.8h, v13.8h, v21.8h + sub v28.8h, v14.8h, v22.8h + add v13.8h, v13.8h, v21.8h + add v14.8h, v14.8h, v22.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v21.8h, v26.8h, v5.h[6] + sqrdmulh v22.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + sub v26.8h, v15.8h, v23.8h + sub v28.8h, v16.8h, v24.8h + add v15.8h, v15.8h, v23.8h + add v16.8h, v16.8h, v24.8h + mul v25.8h, v26.8h, v7.h[6] + mul v27.8h, v28.8h, v7.h[6] + sqrdmulh v23.8h, v26.8h, v5.h[6] + sqrdmulh v24.8h, v28.8h, v5.h[6] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v27.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v27.8h, v27.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v27.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + mul v25.8h, v9.8h, v7.h[7] + mul v26.8h, v10.8h, v7.h[7] + sqrdmulh v9.8h, v9.8h, v5.h[7] + sqrdmulh v10.8h, v10.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v9.8h, v25.8h, v8.h[0] + sqrdmlsh v10.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v9.8h, v9.8h, v25.8h + sub v10.8h, v10.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v9.8h, v9.8h, #1 + sshr v10.8h, v10.8h, #1 + mul v25.8h, v11.8h, v7.h[7] + mul v26.8h, v12.8h, v7.h[7] + sqrdmulh v11.8h, v11.8h, v5.h[7] + sqrdmulh v12.8h, v12.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v25.8h, v8.h[0] + sqrdmlsh v12.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v11.8h, v11.8h, v25.8h + sub v12.8h, v12.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + mul v25.8h, v13.8h, v7.h[7] + mul v26.8h, v14.8h, v7.h[7] + sqrdmulh v13.8h, v13.8h, v5.h[7] + sqrdmulh v14.8h, v14.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v25.8h, v8.h[0] + sqrdmlsh v14.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v13.8h, v13.8h, v25.8h + sub v14.8h, v14.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + mul v25.8h, v15.8h, v7.h[7] + mul v26.8h, v16.8h, v7.h[7] + sqrdmulh v15.8h, v15.8h, v5.h[7] + sqrdmulh v16.8h, v16.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v25.8h, v8.h[0] + sqrdmlsh v16.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v15.8h, v15.8h, v25.8h + sub v16.8h, v16.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + mul v25.8h, v17.8h, v7.h[7] + mul v26.8h, v18.8h, v7.h[7] + sqrdmulh v17.8h, v17.8h, v5.h[7] + sqrdmulh v18.8h, v18.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v17.8h, v25.8h, v8.h[0] + sqrdmlsh v18.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v17.8h, v17.8h, v25.8h + sub v18.8h, v18.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v17.8h, v17.8h, #1 + sshr v18.8h, v18.8h, #1 + mul v25.8h, v19.8h, v7.h[7] + mul v26.8h, v20.8h, v7.h[7] + sqrdmulh v19.8h, v19.8h, v5.h[7] + sqrdmulh v20.8h, v20.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v19.8h, v25.8h, v8.h[0] + sqrdmlsh v20.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v19.8h, v19.8h, v25.8h + sub v20.8h, v20.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v19.8h, v19.8h, #1 + sshr v20.8h, v20.8h, #1 + mul v25.8h, v21.8h, v7.h[7] + mul v26.8h, v22.8h, v7.h[7] + sqrdmulh v21.8h, v21.8h, v5.h[7] + sqrdmulh v22.8h, v22.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v21.8h, v25.8h, v8.h[0] + sqrdmlsh v22.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v21.8h, v21.8h, v25.8h + sub v22.8h, v22.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v21.8h, v21.8h, #1 + sshr v22.8h, v22.8h, #1 + mul v25.8h, v23.8h, v7.h[7] + mul v26.8h, v24.8h, v7.h[7] + sqrdmulh v23.8h, v23.8h, v5.h[7] + sqrdmulh v24.8h, v24.8h, v5.h[7] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v23.8h, v25.8h, v8.h[0] + sqrdmlsh v24.8h, v26.8h, v8.h[0] +#else + sqrdmulh v25.8h, v25.8h, v8.h[0] + sqrdmulh v26.8h, v26.8h, v8.h[0] + sub v23.8h, v23.8h, v25.8h + sub v24.8h, v24.8h, v26.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v23.8h, v23.8h, #1 + sshr v24.8h, v24.8h, #1 + str q9, [x0, #16] + str q10, [x0, #48] + str q11, [x0, #80] + str q12, [x0, #112] + str q13, [x0, #144] + str q14, [x0, #176] + str q15, [x0, #208] + str q16, [x0, #240] + str q17, [x1, #16] + str q18, [x1, #48] + str q19, [x1, #80] + str q20, [x1, #112] + str q21, [x1, #144] + str q22, [x1, #176] + str q23, [x1, #208] + str q24, [x1, #240] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_invntt,.-kyber_invntt +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_zetas_mul, %object + .section .rodata + .size L_kyber_aarch64_zetas_mul, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_zetas_mul: + .short 0x08b2,0xf74e,0x01ae,0xfe52,0x022b,0xfdd5,0x034b,0xfcb5 + .short 0x081e,0xf7e2,0x0367,0xfc99,0x060e,0xf9f2,0x0069,0xff97 + .short 0x01a6,0xfe5a,0x024b,0xfdb5,0x00b1,0xff4f,0x0c16,0xf3ea + .short 0x0bde,0xf422,0x0b35,0xf4cb,0x0626,0xf9da,0x0675,0xf98b + .short 0x0c0b,0xf3f5,0x030a,0xfcf6,0x0487,0xfb79,0x0c6e,0xf392 + .short 0x09f8,0xf608,0x05cb,0xfa35,0x0aa7,0xf559,0x045f,0xfba1 + .short 0x06cb,0xf935,0x0284,0xfd7c,0x0999,0xf667,0x015d,0xfea3 + .short 0x01a2,0xfe5e,0x0149,0xfeb7,0x0c65,0xf39b,0x0cb6,0xf34a + .short 0x0331,0xfccf,0x0449,0xfbb7,0x025b,0xfda5,0x0262,0xfd9e + .short 0x052a,0xfad6,0x07fc,0xf804,0x0748,0xf8b8,0x0180,0xfe80 + .short 0x0842,0xf7be,0x0c79,0xf387,0x04c2,0xfb3e,0x07ca,0xf836 + .short 0x0997,0xf669,0x00dc,0xff24,0x085e,0xf7a2,0x0686,0xf97a + .short 0x0860,0xf7a0,0x0707,0xf8f9,0x0803,0xf7fd,0x031a,0xfce6 + .short 0x071b,0xf8e5,0x09ab,0xf655,0x099b,0xf665,0x01de,0xfe22 + .short 0x0c95,0xf36b,0x0bcd,0xf433,0x03e4,0xfc1c,0x03df,0xfc21 + .short 0x03be,0xfc42,0x074d,0xf8b3,0x05f2,0xfa0e,0x065c,0xf9a4 +#ifndef __APPLE__ +.text +.globl kyber_basemul_mont +.type kyber_basemul_mont,@function +.align 2 +kyber_basemul_mont: +#else +.section __TEXT,__text +.globl _kyber_basemul_mont +.p2align 2 +_kyber_basemul_mont: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_zetas_mul + add x3, x3, :lo12:L_kyber_aarch64_zetas_mul +#else + adrp x3, L_kyber_aarch64_zetas_mul@PAGE + add x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_consts + add x4, x4, :lo12:L_kyber_aarch64_consts +#else + adrp x4, L_kyber_aarch64_consts@PAGE + add x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q1, [x4] + ldp q2, q3, [x1] + ldp q4, q5, [x1, #32] + ldp q6, q7, [x1, #64] + ldp q8, q9, [x1, #96] + ldp q10, q11, [x2] + ldp q12, q13, [x2, #32] + ldp q14, q15, [x2, #64] + ldp q16, q17, [x2, #96] + ldr q0, [x3] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0] + ldr q0, [x3, #16] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #32] + ldr q0, [x3, #32] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #64] + ldr q0, [x3, #48] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #96] + ldp q2, q3, [x1, #128] + ldp q4, q5, [x1, #160] + ldp q6, q7, [x1, #192] + ldp q8, q9, [x1, #224] + ldp q10, q11, [x2, #128] + ldp q12, q13, [x2, #160] + ldp q14, q15, [x2, #192] + ldp q16, q17, [x2, #224] + ldr q0, [x3, #64] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #128] + ldr q0, [x3, #80] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #160] + ldr q0, [x3, #96] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #192] + ldr q0, [x3, #112] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #224] + ldp q2, q3, [x1, #256] + ldp q4, q5, [x1, #288] + ldp q6, q7, [x1, #320] + ldp q8, q9, [x1, #352] + ldp q10, q11, [x2, #256] + ldp q12, q13, [x2, #288] + ldp q14, q15, [x2, #320] + ldp q16, q17, [x2, #352] + ldr q0, [x3, #128] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #256] + ldr q0, [x3, #144] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #288] + ldr q0, [x3, #160] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #320] + ldr q0, [x3, #176] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #352] + ldp q2, q3, [x1, #384] + ldp q4, q5, [x1, #416] + ldp q6, q7, [x1, #448] + ldp q8, q9, [x1, #480] + ldp q10, q11, [x2, #384] + ldp q12, q13, [x2, #416] + ldp q14, q15, [x2, #448] + ldp q16, q17, [x2, #480] + ldr q0, [x3, #192] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #384] + ldr q0, [x3, #208] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #416] + ldr q0, [x3, #224] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #448] + ldr q0, [x3, #240] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + stp q24, q25, [x0, #480] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_basemul_mont,.-kyber_basemul_mont +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_basemul_mont_add +.type kyber_basemul_mont_add,@function +.align 2 +kyber_basemul_mont_add: +#else +.section __TEXT,__text +.globl _kyber_basemul_mont_add +.p2align 2 +_kyber_basemul_mont_add: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_zetas_mul + add x3, x3, :lo12:L_kyber_aarch64_zetas_mul +#else + adrp x3, L_kyber_aarch64_zetas_mul@PAGE + add x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_consts + add x4, x4, :lo12:L_kyber_aarch64_consts +#else + adrp x4, L_kyber_aarch64_consts@PAGE + add x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q1, [x4] + ldp q2, q3, [x1] + ldp q4, q5, [x1, #32] + ldp q6, q7, [x1, #64] + ldp q8, q9, [x1, #96] + ldp q10, q11, [x2] + ldp q12, q13, [x2, #32] + ldp q14, q15, [x2, #64] + ldp q16, q17, [x2, #96] + ldp q28, q29, [x0] + ldr q0, [x3] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0] + ldp q28, q29, [x0, #32] + ldr q0, [x3, #16] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #32] + ldp q28, q29, [x0, #64] + ldr q0, [x3, #32] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #64] + ldp q28, q29, [x0, #96] + ldr q0, [x3, #48] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #96] + ldp q2, q3, [x1, #128] + ldp q4, q5, [x1, #160] + ldp q6, q7, [x1, #192] + ldp q8, q9, [x1, #224] + ldp q10, q11, [x2, #128] + ldp q12, q13, [x2, #160] + ldp q14, q15, [x2, #192] + ldp q16, q17, [x2, #224] + ldp q28, q29, [x0, #128] + ldr q0, [x3, #64] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #128] + ldp q28, q29, [x0, #160] + ldr q0, [x3, #80] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #160] + ldp q28, q29, [x0, #192] + ldr q0, [x3, #96] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #192] + ldp q28, q29, [x0, #224] + ldr q0, [x3, #112] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #224] + ldp q2, q3, [x1, #256] + ldp q4, q5, [x1, #288] + ldp q6, q7, [x1, #320] + ldp q8, q9, [x1, #352] + ldp q10, q11, [x2, #256] + ldp q12, q13, [x2, #288] + ldp q14, q15, [x2, #320] + ldp q16, q17, [x2, #352] + ldp q28, q29, [x0, #256] + ldr q0, [x3, #128] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #256] + ldp q28, q29, [x0, #288] + ldr q0, [x3, #144] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #288] + ldp q28, q29, [x0, #320] + ldr q0, [x3, #160] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #320] + ldp q28, q29, [x0, #352] + ldr q0, [x3, #176] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #352] + ldp q2, q3, [x1, #384] + ldp q4, q5, [x1, #416] + ldp q6, q7, [x1, #448] + ldp q8, q9, [x1, #480] + ldp q10, q11, [x2, #384] + ldp q12, q13, [x2, #416] + ldp q14, q15, [x2, #448] + ldp q16, q17, [x2, #480] + ldp q28, q29, [x0, #384] + ldr q0, [x3, #192] + uzp1 v18.8h, v2.8h, v3.8h + uzp2 v19.8h, v2.8h, v3.8h + uzp1 v20.8h, v10.8h, v11.8h + uzp2 v21.8h, v10.8h, v11.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #384] + ldp q28, q29, [x0, #416] + ldr q0, [x3, #208] + uzp1 v18.8h, v4.8h, v5.8h + uzp2 v19.8h, v4.8h, v5.8h + uzp1 v20.8h, v12.8h, v13.8h + uzp2 v21.8h, v12.8h, v13.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #416] + ldp q28, q29, [x0, #448] + ldr q0, [x3, #224] + uzp1 v18.8h, v6.8h, v7.8h + uzp2 v19.8h, v6.8h, v7.8h + uzp1 v20.8h, v14.8h, v15.8h + uzp2 v21.8h, v14.8h, v15.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #448] + ldp q28, q29, [x0, #480] + ldr q0, [x3, #240] + uzp1 v18.8h, v8.8h, v9.8h + uzp2 v19.8h, v8.8h, v9.8h + uzp1 v20.8h, v16.8h, v17.8h + uzp2 v21.8h, v16.8h, v17.8h + smull v26.4s, v18.4h, v20.4h + smull2 v27.4s, v18.8h, v20.8h + smull v23.4s, v19.4h, v21.4h + smull2 v24.4s, v19.8h, v21.8h + xtn v25.4h, v23.4s + xtn2 v25.8h, v24.4s + mul v25.8h, v25.8h, v1.h[1] + smlsl v23.4s, v25.4h, v1.h[0] + smlsl2 v24.4s, v25.8h, v1.h[0] + shrn v22.4h, v23.4s, #16 + shrn2 v22.8h, v24.4s, #16 + smlal v26.4s, v22.4h, v0.4h + smlal2 v27.4s, v22.8h, v0.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v22.4h, v26.4s, #16 + shrn2 v22.8h, v27.4s, #16 + smull v26.4s, v18.4h, v21.4h + smull2 v27.4s, v18.8h, v21.8h + smlal v26.4s, v19.4h, v20.4h + smlal2 v27.4s, v19.8h, v20.8h + xtn v24.4h, v26.4s + xtn2 v24.8h, v27.4s + mul v24.8h, v24.8h, v1.h[1] + smlsl v26.4s, v24.4h, v1.h[0] + smlsl2 v27.4s, v24.8h, v1.h[0] + shrn v23.4h, v26.4s, #16 + shrn2 v23.8h, v27.4s, #16 + zip1 v24.8h, v22.8h, v23.8h + zip2 v25.8h, v22.8h, v23.8h + add v28.8h, v28.8h, v24.8h + add v29.8h, v29.8h, v25.8h + stp q28, q29, [x0, #480] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_basemul_mont_add,.-kyber_basemul_mont_add +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_csubq_neon +.type kyber_csubq_neon,@function +.align 2 +kyber_csubq_neon: +#else +.section __TEXT,__text +.globl _kyber_csubq_neon +.p2align 2 +_kyber_csubq_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x1, L_kyber_aarch64_q + add x1, x1, :lo12:L_kyber_aarch64_q +#else + adrp x1, L_kyber_aarch64_q@PAGE + add x1, x1, :lo12:L_kyber_aarch64_q@PAGEOFF +#endif /* __APPLE__ */ + ldr q20, [x1] + ld4 {v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40 + ld4 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + ld4 {v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40 + ld4 {v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40 + sub x0, x0, #0x100 + sub v0.8h, v0.8h, v20.8h + sub v1.8h, v1.8h, v20.8h + sub v2.8h, v2.8h, v20.8h + sub v3.8h, v3.8h, v20.8h + sub v4.8h, v4.8h, v20.8h + sub v5.8h, v5.8h, v20.8h + sub v6.8h, v6.8h, v20.8h + sub v7.8h, v7.8h, v20.8h + sub v8.8h, v8.8h, v20.8h + sub v9.8h, v9.8h, v20.8h + sub v10.8h, v10.8h, v20.8h + sub v11.8h, v11.8h, v20.8h + sub v12.8h, v12.8h, v20.8h + sub v13.8h, v13.8h, v20.8h + sub v14.8h, v14.8h, v20.8h + sub v15.8h, v15.8h, v20.8h + sshr v16.8h, v0.8h, #15 + sshr v17.8h, v1.8h, #15 + sshr v18.8h, v2.8h, #15 + sshr v19.8h, v3.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v0.8h, v0.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + sshr v16.8h, v4.8h, #15 + sshr v17.8h, v5.8h, #15 + sshr v18.8h, v6.8h, #15 + sshr v19.8h, v7.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v4.8h, v4.8h, v16.8h + add v5.8h, v5.8h, v17.8h + add v6.8h, v6.8h, v18.8h + add v7.8h, v7.8h, v19.8h + sshr v16.8h, v8.8h, #15 + sshr v17.8h, v9.8h, #15 + sshr v18.8h, v10.8h, #15 + sshr v19.8h, v11.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v8.8h, v8.8h, v16.8h + add v9.8h, v9.8h, v17.8h + add v10.8h, v10.8h, v18.8h + add v11.8h, v11.8h, v19.8h + sshr v16.8h, v12.8h, #15 + sshr v17.8h, v13.8h, #15 + sshr v18.8h, v14.8h, #15 + sshr v19.8h, v15.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v12.8h, v12.8h, v16.8h + add v13.8h, v13.8h, v17.8h + add v14.8h, v14.8h, v18.8h + add v15.8h, v15.8h, v19.8h + st4 {v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40 + st4 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + st4 {v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40 + st4 {v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40 + ld4 {v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40 + ld4 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + ld4 {v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40 + ld4 {v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40 + sub x0, x0, #0x100 + sub v0.8h, v0.8h, v20.8h + sub v1.8h, v1.8h, v20.8h + sub v2.8h, v2.8h, v20.8h + sub v3.8h, v3.8h, v20.8h + sub v4.8h, v4.8h, v20.8h + sub v5.8h, v5.8h, v20.8h + sub v6.8h, v6.8h, v20.8h + sub v7.8h, v7.8h, v20.8h + sub v8.8h, v8.8h, v20.8h + sub v9.8h, v9.8h, v20.8h + sub v10.8h, v10.8h, v20.8h + sub v11.8h, v11.8h, v20.8h + sub v12.8h, v12.8h, v20.8h + sub v13.8h, v13.8h, v20.8h + sub v14.8h, v14.8h, v20.8h + sub v15.8h, v15.8h, v20.8h + sshr v16.8h, v0.8h, #15 + sshr v17.8h, v1.8h, #15 + sshr v18.8h, v2.8h, #15 + sshr v19.8h, v3.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v0.8h, v0.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + sshr v16.8h, v4.8h, #15 + sshr v17.8h, v5.8h, #15 + sshr v18.8h, v6.8h, #15 + sshr v19.8h, v7.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v4.8h, v4.8h, v16.8h + add v5.8h, v5.8h, v17.8h + add v6.8h, v6.8h, v18.8h + add v7.8h, v7.8h, v19.8h + sshr v16.8h, v8.8h, #15 + sshr v17.8h, v9.8h, #15 + sshr v18.8h, v10.8h, #15 + sshr v19.8h, v11.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v8.8h, v8.8h, v16.8h + add v9.8h, v9.8h, v17.8h + add v10.8h, v10.8h, v18.8h + add v11.8h, v11.8h, v19.8h + sshr v16.8h, v12.8h, #15 + sshr v17.8h, v13.8h, #15 + sshr v18.8h, v14.8h, #15 + sshr v19.8h, v15.8h, #15 + and v16.16b, v16.16b, v20.16b + and v17.16b, v17.16b, v20.16b + and v18.16b, v18.16b, v20.16b + and v19.16b, v19.16b, v20.16b + add v12.8h, v12.8h, v16.8h + add v13.8h, v13.8h, v17.8h + add v14.8h, v14.8h, v18.8h + add v15.8h, v15.8h, v19.8h + st4 {v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40 + st4 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + st4 {v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40 + st4 {v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_csubq_neon,.-kyber_csubq_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_add_reduce +.type kyber_add_reduce,@function +.align 2 +kyber_add_reduce: +#else +.section __TEXT,__text +.globl _kyber_add_reduce +.p2align 2 +_kyber_add_reduce: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_consts + add x2, x2, :lo12:L_kyber_aarch64_consts +#else + adrp x2, L_kyber_aarch64_consts@PAGE + add x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q0, [x2] + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_add_reduce,.-kyber_add_reduce +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_add3_reduce +.type kyber_add3_reduce,@function +.align 2 +kyber_add3_reduce: +#else +.section __TEXT,__text +.globl _kyber_add3_reduce +.p2align 2 +_kyber_add3_reduce: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_consts + add x3, x3, :lo12:L_kyber_aarch64_consts +#else + adrp x3, L_kyber_aarch64_consts@PAGE + add x3, x3, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q0, [x3] + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40 + ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + add v4.8h, v4.8h, v20.8h + add v5.8h, v5.8h, v21.8h + add v6.8h, v6.8h, v22.8h + add v7.8h, v7.8h, v23.8h + add v8.8h, v8.8h, v24.8h + sqdmulh v25.8h, v1.8h, v0.h[2] + sqdmulh v26.8h, v2.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v1.8h, v25.8h, v0.h[0] + mls v2.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v3.8h, v0.h[2] + sqdmulh v26.8h, v4.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v3.8h, v25.8h, v0.h[0] + mls v4.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v5.8h, v0.h[2] + sqdmulh v26.8h, v6.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v5.8h, v25.8h, v0.h[0] + mls v6.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v7.8h, v0.h[2] + sqdmulh v26.8h, v8.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v7.8h, v25.8h, v0.h[0] + mls v8.8h, v26.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40 + ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + add v4.8h, v4.8h, v20.8h + add v5.8h, v5.8h, v21.8h + add v6.8h, v6.8h, v22.8h + add v7.8h, v7.8h, v23.8h + add v8.8h, v8.8h, v24.8h + sqdmulh v25.8h, v1.8h, v0.h[2] + sqdmulh v26.8h, v2.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v1.8h, v25.8h, v0.h[0] + mls v2.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v3.8h, v0.h[2] + sqdmulh v26.8h, v4.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v3.8h, v25.8h, v0.h[0] + mls v4.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v5.8h, v0.h[2] + sqdmulh v26.8h, v6.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v5.8h, v25.8h, v0.h[0] + mls v6.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v7.8h, v0.h[2] + sqdmulh v26.8h, v8.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v7.8h, v25.8h, v0.h[0] + mls v8.8h, v26.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40 + ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + add v4.8h, v4.8h, v20.8h + add v5.8h, v5.8h, v21.8h + add v6.8h, v6.8h, v22.8h + add v7.8h, v7.8h, v23.8h + add v8.8h, v8.8h, v24.8h + sqdmulh v25.8h, v1.8h, v0.h[2] + sqdmulh v26.8h, v2.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v1.8h, v25.8h, v0.h[0] + mls v2.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v3.8h, v0.h[2] + sqdmulh v26.8h, v4.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v3.8h, v25.8h, v0.h[0] + mls v4.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v5.8h, v0.h[2] + sqdmulh v26.8h, v6.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v5.8h, v25.8h, v0.h[0] + mls v6.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v7.8h, v0.h[2] + sqdmulh v26.8h, v8.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v7.8h, v25.8h, v0.h[0] + mls v8.8h, v26.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40 + ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40 + sub x0, x0, #0x80 + add v1.8h, v1.8h, v9.8h + add v2.8h, v2.8h, v10.8h + add v3.8h, v3.8h, v11.8h + add v4.8h, v4.8h, v12.8h + add v5.8h, v5.8h, v13.8h + add v6.8h, v6.8h, v14.8h + add v7.8h, v7.8h, v15.8h + add v8.8h, v8.8h, v16.8h + add v1.8h, v1.8h, v17.8h + add v2.8h, v2.8h, v18.8h + add v3.8h, v3.8h, v19.8h + add v4.8h, v4.8h, v20.8h + add v5.8h, v5.8h, v21.8h + add v6.8h, v6.8h, v22.8h + add v7.8h, v7.8h, v23.8h + add v8.8h, v8.8h, v24.8h + sqdmulh v25.8h, v1.8h, v0.h[2] + sqdmulh v26.8h, v2.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v1.8h, v25.8h, v0.h[0] + mls v2.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v3.8h, v0.h[2] + sqdmulh v26.8h, v4.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v3.8h, v25.8h, v0.h[0] + mls v4.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v5.8h, v0.h[2] + sqdmulh v26.8h, v6.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v5.8h, v25.8h, v0.h[0] + mls v6.8h, v26.8h, v0.h[0] + sqdmulh v25.8h, v7.8h, v0.h[2] + sqdmulh v26.8h, v8.8h, v0.h[2] + sshr v25.8h, v25.8h, #11 + sshr v26.8h, v26.8h, #11 + mls v7.8h, v25.8h, v0.h[0] + mls v8.8h, v26.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_add3_reduce,.-kyber_add3_reduce +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_rsub_reduce +.type kyber_rsub_reduce,@function +.align 2 +kyber_rsub_reduce: +#else +.section __TEXT,__text +.globl _kyber_rsub_reduce +.p2align 2 +_kyber_rsub_reduce: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_consts + add x2, x2, :lo12:L_kyber_aarch64_consts +#else + adrp x2, L_kyber_aarch64_consts@PAGE + add x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q0, [x2] + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + sub v1.8h, v9.8h, v1.8h + sub v2.8h, v10.8h, v2.8h + sub v3.8h, v11.8h, v3.8h + sub v4.8h, v12.8h, v4.8h + sub v5.8h, v13.8h, v5.8h + sub v6.8h, v14.8h, v6.8h + sub v7.8h, v15.8h, v7.8h + sub v8.8h, v16.8h, v8.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + sub v1.8h, v9.8h, v1.8h + sub v2.8h, v10.8h, v2.8h + sub v3.8h, v11.8h, v3.8h + sub v4.8h, v12.8h, v4.8h + sub v5.8h, v13.8h, v5.8h + sub v6.8h, v14.8h, v6.8h + sub v7.8h, v15.8h, v7.8h + sub v8.8h, v16.8h, v8.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + sub v1.8h, v9.8h, v1.8h + sub v2.8h, v10.8h, v2.8h + sub v3.8h, v11.8h, v3.8h + sub v4.8h, v12.8h, v4.8h + sub v5.8h, v13.8h, v5.8h + sub v6.8h, v14.8h, v6.8h + sub v7.8h, v15.8h, v7.8h + sub v8.8h, v16.8h, v8.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40 + sub x0, x0, #0x80 + sub v1.8h, v9.8h, v1.8h + sub v2.8h, v10.8h, v2.8h + sub v3.8h, v11.8h, v3.8h + sub v4.8h, v12.8h, v4.8h + sub v5.8h, v13.8h, v5.8h + sub v6.8h, v14.8h, v6.8h + sub v7.8h, v15.8h, v7.8h + sub v8.8h, v16.8h, v8.8h + sqdmulh v17.8h, v1.8h, v0.h[2] + sqdmulh v18.8h, v2.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v1.8h, v17.8h, v0.h[0] + mls v2.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v3.8h, v0.h[2] + sqdmulh v18.8h, v4.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v3.8h, v17.8h, v0.h[0] + mls v4.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v5.8h, v0.h[2] + sqdmulh v18.8h, v6.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v5.8h, v17.8h, v0.h[0] + mls v6.8h, v18.8h, v0.h[0] + sqdmulh v17.8h, v7.8h, v0.h[2] + sqdmulh v18.8h, v8.8h, v0.h[2] + sshr v17.8h, v17.8h, #11 + sshr v18.8h, v18.8h, #11 + mls v7.8h, v17.8h, v0.h[0] + mls v8.8h, v18.8h, v0.h[0] + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_rsub_reduce,.-kyber_rsub_reduce +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_to_mont +.type kyber_to_mont,@function +.align 2 +kyber_to_mont: +#else +.section __TEXT,__text +.globl _kyber_to_mont +.p2align 2 +_kyber_to_mont: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x1, L_kyber_aarch64_consts + add x1, x1, :lo12:L_kyber_aarch64_consts +#else + adrp x1, L_kyber_aarch64_consts@PAGE + add x1, x1, :lo12:L_kyber_aarch64_consts@PAGEOFF +#endif /* __APPLE__ */ + ldr q0, [x1] + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40 + sub x0, x0, #0x100 + mul v17.8h, v1.8h, v0.h[4] + mul v18.8h, v2.8h, v0.h[4] + sqrdmulh v1.8h, v1.8h, v0.h[3] + sqrdmulh v2.8h, v2.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v1.8h, v17.8h, v0.h[0] + sqrdmlsh v2.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v1.8h, v1.8h, v17.8h + sub v2.8h, v2.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v1.8h, v1.8h, #1 + sshr v2.8h, v2.8h, #1 + mul v17.8h, v3.8h, v0.h[4] + mul v18.8h, v4.8h, v0.h[4] + sqrdmulh v3.8h, v3.8h, v0.h[3] + sqrdmulh v4.8h, v4.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v3.8h, v17.8h, v0.h[0] + sqrdmlsh v4.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v3.8h, v3.8h, v17.8h + sub v4.8h, v4.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v3.8h, v3.8h, #1 + sshr v4.8h, v4.8h, #1 + mul v17.8h, v5.8h, v0.h[4] + mul v18.8h, v6.8h, v0.h[4] + sqrdmulh v5.8h, v5.8h, v0.h[3] + sqrdmulh v6.8h, v6.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v5.8h, v17.8h, v0.h[0] + sqrdmlsh v6.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v5.8h, v5.8h, v17.8h + sub v6.8h, v6.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v5.8h, v5.8h, #1 + sshr v6.8h, v6.8h, #1 + mul v17.8h, v7.8h, v0.h[4] + mul v18.8h, v8.8h, v0.h[4] + sqrdmulh v7.8h, v7.8h, v0.h[3] + sqrdmulh v8.8h, v8.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v7.8h, v17.8h, v0.h[0] + sqrdmlsh v8.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v7.8h, v7.8h, v17.8h + sub v8.8h, v8.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v7.8h, v7.8h, #1 + sshr v8.8h, v8.8h, #1 + mul v17.8h, v9.8h, v0.h[4] + mul v18.8h, v10.8h, v0.h[4] + sqrdmulh v9.8h, v9.8h, v0.h[3] + sqrdmulh v10.8h, v10.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v9.8h, v17.8h, v0.h[0] + sqrdmlsh v10.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v9.8h, v9.8h, v17.8h + sub v10.8h, v10.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v9.8h, v9.8h, #1 + sshr v10.8h, v10.8h, #1 + mul v17.8h, v11.8h, v0.h[4] + mul v18.8h, v12.8h, v0.h[4] + sqrdmulh v11.8h, v11.8h, v0.h[3] + sqrdmulh v12.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v17.8h, v0.h[0] + sqrdmlsh v12.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v11.8h, v11.8h, v17.8h + sub v12.8h, v12.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + mul v17.8h, v13.8h, v0.h[4] + mul v18.8h, v14.8h, v0.h[4] + sqrdmulh v13.8h, v13.8h, v0.h[3] + sqrdmulh v14.8h, v14.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v17.8h, v0.h[0] + sqrdmlsh v14.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v13.8h, v13.8h, v17.8h + sub v14.8h, v14.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + mul v17.8h, v15.8h, v0.h[4] + mul v18.8h, v16.8h, v0.h[4] + sqrdmulh v15.8h, v15.8h, v0.h[3] + sqrdmulh v16.8h, v16.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v17.8h, v0.h[0] + sqrdmlsh v16.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v15.8h, v15.8h, v17.8h + sub v16.8h, v16.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + st4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40 + st4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40 + ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40 + ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40 + sub x0, x0, #0x100 + mul v17.8h, v1.8h, v0.h[4] + mul v18.8h, v2.8h, v0.h[4] + sqrdmulh v1.8h, v1.8h, v0.h[3] + sqrdmulh v2.8h, v2.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v1.8h, v17.8h, v0.h[0] + sqrdmlsh v2.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v1.8h, v1.8h, v17.8h + sub v2.8h, v2.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v1.8h, v1.8h, #1 + sshr v2.8h, v2.8h, #1 + mul v17.8h, v3.8h, v0.h[4] + mul v18.8h, v4.8h, v0.h[4] + sqrdmulh v3.8h, v3.8h, v0.h[3] + sqrdmulh v4.8h, v4.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v3.8h, v17.8h, v0.h[0] + sqrdmlsh v4.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v3.8h, v3.8h, v17.8h + sub v4.8h, v4.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v3.8h, v3.8h, #1 + sshr v4.8h, v4.8h, #1 + mul v17.8h, v5.8h, v0.h[4] + mul v18.8h, v6.8h, v0.h[4] + sqrdmulh v5.8h, v5.8h, v0.h[3] + sqrdmulh v6.8h, v6.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v5.8h, v17.8h, v0.h[0] + sqrdmlsh v6.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v5.8h, v5.8h, v17.8h + sub v6.8h, v6.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v5.8h, v5.8h, #1 + sshr v6.8h, v6.8h, #1 + mul v17.8h, v7.8h, v0.h[4] + mul v18.8h, v8.8h, v0.h[4] + sqrdmulh v7.8h, v7.8h, v0.h[3] + sqrdmulh v8.8h, v8.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v7.8h, v17.8h, v0.h[0] + sqrdmlsh v8.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v7.8h, v7.8h, v17.8h + sub v8.8h, v8.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v7.8h, v7.8h, #1 + sshr v8.8h, v8.8h, #1 + mul v17.8h, v9.8h, v0.h[4] + mul v18.8h, v10.8h, v0.h[4] + sqrdmulh v9.8h, v9.8h, v0.h[3] + sqrdmulh v10.8h, v10.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v9.8h, v17.8h, v0.h[0] + sqrdmlsh v10.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v9.8h, v9.8h, v17.8h + sub v10.8h, v10.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v9.8h, v9.8h, #1 + sshr v10.8h, v10.8h, #1 + mul v17.8h, v11.8h, v0.h[4] + mul v18.8h, v12.8h, v0.h[4] + sqrdmulh v11.8h, v11.8h, v0.h[3] + sqrdmulh v12.8h, v12.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v11.8h, v17.8h, v0.h[0] + sqrdmlsh v12.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v11.8h, v11.8h, v17.8h + sub v12.8h, v12.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v11.8h, v11.8h, #1 + sshr v12.8h, v12.8h, #1 + mul v17.8h, v13.8h, v0.h[4] + mul v18.8h, v14.8h, v0.h[4] + sqrdmulh v13.8h, v13.8h, v0.h[3] + sqrdmulh v14.8h, v14.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v13.8h, v17.8h, v0.h[0] + sqrdmlsh v14.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v13.8h, v13.8h, v17.8h + sub v14.8h, v14.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v13.8h, v13.8h, #1 + sshr v14.8h, v14.8h, #1 + mul v17.8h, v15.8h, v0.h[4] + mul v18.8h, v16.8h, v0.h[4] + sqrdmulh v15.8h, v15.8h, v0.h[3] + sqrdmulh v16.8h, v16.8h, v0.h[3] +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + sqrdmlsh v15.8h, v17.8h, v0.h[0] + sqrdmlsh v16.8h, v18.8h, v0.h[0] +#else + sqrdmulh v17.8h, v17.8h, v0.h[0] + sqrdmulh v18.8h, v18.8h, v0.h[0] + sub v15.8h, v15.8h, v17.8h + sub v16.8h, v16.8h, v18.8h +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + sshr v15.8h, v15.8h, #1 + sshr v16.8h, v16.8h, #1 + st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 + st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40 + st4 {v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40 + st4 {v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_to_mont,.-kyber_to_mont +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_to_msg_neon_low, %object + .section .rodata + .size L_kyber_aarch64_to_msg_neon_low, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_to_msg_neon_low: + .short 0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_to_msg_neon_high, %object + .section .rodata + .size L_kyber_aarch64_to_msg_neon_high, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_to_msg_neon_high: + .short 0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_to_msg_neon_bits, %object + .section .rodata + .size L_kyber_aarch64_to_msg_neon_bits, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_to_msg_neon_bits: + .short 0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080 +#ifndef __APPLE__ +.text +.globl kyber_to_msg_neon +.type kyber_to_msg_neon,@function +.align 2 +kyber_to_msg_neon: +#else +.section __TEXT,__text +.globl _kyber_to_msg_neon +.p2align 2 +_kyber_to_msg_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_to_msg_neon_low + add x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low +#else + adrp x2, L_kyber_aarch64_to_msg_neon_low@PAGE + add x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_to_msg_neon_high + add x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high +#else + adrp x3, L_kyber_aarch64_to_msg_neon_high@PAGE + add x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_to_msg_neon_bits + add x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits +#else + adrp x4, L_kyber_aarch64_to_msg_neon_bits@PAGE + add x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits@PAGEOFF +#endif /* __APPLE__ */ + ldr q0, [x2] + ldr q1, [x3] + ldr q26, [x4] + ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40 + ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40 + cmge v10.8h, v2.8h, v0.8h + cmge v18.8h, v1.8h, v2.8h + cmge v11.8h, v3.8h, v0.8h + cmge v19.8h, v1.8h, v3.8h + cmge v12.8h, v4.8h, v0.8h + cmge v20.8h, v1.8h, v4.8h + cmge v13.8h, v5.8h, v0.8h + cmge v21.8h, v1.8h, v5.8h + cmge v14.8h, v6.8h, v0.8h + cmge v22.8h, v1.8h, v6.8h + cmge v15.8h, v7.8h, v0.8h + cmge v23.8h, v1.8h, v7.8h + cmge v16.8h, v8.8h, v0.8h + cmge v24.8h, v1.8h, v8.8h + cmge v17.8h, v9.8h, v0.8h + cmge v25.8h, v1.8h, v9.8h + and v18.16b, v18.16b, v10.16b + and v19.16b, v19.16b, v11.16b + and v20.16b, v20.16b, v12.16b + and v21.16b, v21.16b, v13.16b + and v22.16b, v22.16b, v14.16b + and v23.16b, v23.16b, v15.16b + and v24.16b, v24.16b, v16.16b + and v25.16b, v25.16b, v17.16b + and v18.16b, v18.16b, v26.16b + and v19.16b, v19.16b, v26.16b + and v20.16b, v20.16b, v26.16b + and v21.16b, v21.16b, v26.16b + and v22.16b, v22.16b, v26.16b + and v23.16b, v23.16b, v26.16b + and v24.16b, v24.16b, v26.16b + and v25.16b, v25.16b, v26.16b + addv h18, v18.8h + addv h19, v19.8h + addv h20, v20.8h + addv h21, v21.8h + addv h22, v22.8h + addv h23, v23.8h + addv h24, v24.8h + addv h25, v25.8h + ins v18.b[1], v19.b[0] + ins v18.b[2], v20.b[0] + ins v18.b[3], v21.b[0] + ins v18.b[4], v22.b[0] + ins v18.b[5], v23.b[0] + ins v18.b[6], v24.b[0] + ins v18.b[7], v25.b[0] + st1 {v18.8b}, [x0], #8 + ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40 + ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40 + cmge v10.8h, v2.8h, v0.8h + cmge v18.8h, v1.8h, v2.8h + cmge v11.8h, v3.8h, v0.8h + cmge v19.8h, v1.8h, v3.8h + cmge v12.8h, v4.8h, v0.8h + cmge v20.8h, v1.8h, v4.8h + cmge v13.8h, v5.8h, v0.8h + cmge v21.8h, v1.8h, v5.8h + cmge v14.8h, v6.8h, v0.8h + cmge v22.8h, v1.8h, v6.8h + cmge v15.8h, v7.8h, v0.8h + cmge v23.8h, v1.8h, v7.8h + cmge v16.8h, v8.8h, v0.8h + cmge v24.8h, v1.8h, v8.8h + cmge v17.8h, v9.8h, v0.8h + cmge v25.8h, v1.8h, v9.8h + and v18.16b, v18.16b, v10.16b + and v19.16b, v19.16b, v11.16b + and v20.16b, v20.16b, v12.16b + and v21.16b, v21.16b, v13.16b + and v22.16b, v22.16b, v14.16b + and v23.16b, v23.16b, v15.16b + and v24.16b, v24.16b, v16.16b + and v25.16b, v25.16b, v17.16b + and v18.16b, v18.16b, v26.16b + and v19.16b, v19.16b, v26.16b + and v20.16b, v20.16b, v26.16b + and v21.16b, v21.16b, v26.16b + and v22.16b, v22.16b, v26.16b + and v23.16b, v23.16b, v26.16b + and v24.16b, v24.16b, v26.16b + and v25.16b, v25.16b, v26.16b + addv h18, v18.8h + addv h19, v19.8h + addv h20, v20.8h + addv h21, v21.8h + addv h22, v22.8h + addv h23, v23.8h + addv h24, v24.8h + addv h25, v25.8h + ins v18.b[1], v19.b[0] + ins v18.b[2], v20.b[0] + ins v18.b[3], v21.b[0] + ins v18.b[4], v22.b[0] + ins v18.b[5], v23.b[0] + ins v18.b[6], v24.b[0] + ins v18.b[7], v25.b[0] + st1 {v18.8b}, [x0], #8 + ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40 + ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40 + cmge v10.8h, v2.8h, v0.8h + cmge v18.8h, v1.8h, v2.8h + cmge v11.8h, v3.8h, v0.8h + cmge v19.8h, v1.8h, v3.8h + cmge v12.8h, v4.8h, v0.8h + cmge v20.8h, v1.8h, v4.8h + cmge v13.8h, v5.8h, v0.8h + cmge v21.8h, v1.8h, v5.8h + cmge v14.8h, v6.8h, v0.8h + cmge v22.8h, v1.8h, v6.8h + cmge v15.8h, v7.8h, v0.8h + cmge v23.8h, v1.8h, v7.8h + cmge v16.8h, v8.8h, v0.8h + cmge v24.8h, v1.8h, v8.8h + cmge v17.8h, v9.8h, v0.8h + cmge v25.8h, v1.8h, v9.8h + and v18.16b, v18.16b, v10.16b + and v19.16b, v19.16b, v11.16b + and v20.16b, v20.16b, v12.16b + and v21.16b, v21.16b, v13.16b + and v22.16b, v22.16b, v14.16b + and v23.16b, v23.16b, v15.16b + and v24.16b, v24.16b, v16.16b + and v25.16b, v25.16b, v17.16b + and v18.16b, v18.16b, v26.16b + and v19.16b, v19.16b, v26.16b + and v20.16b, v20.16b, v26.16b + and v21.16b, v21.16b, v26.16b + and v22.16b, v22.16b, v26.16b + and v23.16b, v23.16b, v26.16b + and v24.16b, v24.16b, v26.16b + and v25.16b, v25.16b, v26.16b + addv h18, v18.8h + addv h19, v19.8h + addv h20, v20.8h + addv h21, v21.8h + addv h22, v22.8h + addv h23, v23.8h + addv h24, v24.8h + addv h25, v25.8h + ins v18.b[1], v19.b[0] + ins v18.b[2], v20.b[0] + ins v18.b[3], v21.b[0] + ins v18.b[4], v22.b[0] + ins v18.b[5], v23.b[0] + ins v18.b[6], v24.b[0] + ins v18.b[7], v25.b[0] + st1 {v18.8b}, [x0], #8 + ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40 + ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40 + cmge v10.8h, v2.8h, v0.8h + cmge v18.8h, v1.8h, v2.8h + cmge v11.8h, v3.8h, v0.8h + cmge v19.8h, v1.8h, v3.8h + cmge v12.8h, v4.8h, v0.8h + cmge v20.8h, v1.8h, v4.8h + cmge v13.8h, v5.8h, v0.8h + cmge v21.8h, v1.8h, v5.8h + cmge v14.8h, v6.8h, v0.8h + cmge v22.8h, v1.8h, v6.8h + cmge v15.8h, v7.8h, v0.8h + cmge v23.8h, v1.8h, v7.8h + cmge v16.8h, v8.8h, v0.8h + cmge v24.8h, v1.8h, v8.8h + cmge v17.8h, v9.8h, v0.8h + cmge v25.8h, v1.8h, v9.8h + and v18.16b, v18.16b, v10.16b + and v19.16b, v19.16b, v11.16b + and v20.16b, v20.16b, v12.16b + and v21.16b, v21.16b, v13.16b + and v22.16b, v22.16b, v14.16b + and v23.16b, v23.16b, v15.16b + and v24.16b, v24.16b, v16.16b + and v25.16b, v25.16b, v17.16b + and v18.16b, v18.16b, v26.16b + and v19.16b, v19.16b, v26.16b + and v20.16b, v20.16b, v26.16b + and v21.16b, v21.16b, v26.16b + and v22.16b, v22.16b, v26.16b + and v23.16b, v23.16b, v26.16b + and v24.16b, v24.16b, v26.16b + and v25.16b, v25.16b, v26.16b + addv h18, v18.8h + addv h19, v19.8h + addv h20, v20.8h + addv h21, v21.8h + addv h22, v22.8h + addv h23, v23.8h + addv h24, v24.8h + addv h25, v25.8h + ins v18.b[1], v19.b[0] + ins v18.b[2], v20.b[0] + ins v18.b[3], v21.b[0] + ins v18.b[4], v22.b[0] + ins v18.b[5], v23.b[0] + ins v18.b[6], v24.b[0] + ins v18.b[7], v25.b[0] + st1 {v18.8b}, [x0], #8 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size kyber_to_msg_neon,.-kyber_to_msg_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_from_msg_neon_q1half, %object + .section .rodata + .size L_kyber_aarch64_from_msg_neon_q1half, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_from_msg_neon_q1half: + .short 0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_from_msg_neon_bits, %object + .section .rodata + .size L_kyber_aarch64_from_msg_neon_bits, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_kyber_aarch64_from_msg_neon_bits: + .byte 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80 + .byte 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80 +#ifndef __APPLE__ +.text +.globl kyber_from_msg_neon +.type kyber_from_msg_neon,@function +.align 2 +kyber_from_msg_neon: +#else +.section __TEXT,__text +.globl _kyber_from_msg_neon +.p2align 2 +_kyber_from_msg_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] +#ifndef __APPLE__ + adrp x2, L_kyber_aarch64_from_msg_neon_q1half + add x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half +#else + adrp x2, L_kyber_aarch64_from_msg_neon_q1half@PAGE + add x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_kyber_aarch64_from_msg_neon_bits + add x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits +#else + adrp x3, L_kyber_aarch64_from_msg_neon_bits@PAGE + add x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v2.16b, v3.16b}, [x1] + ldr q1, [x2] + ldr q0, [x3] + dup v4.8b, v2.b[0] + dup v5.8b, v2.b[1] + dup v6.8b, v2.b[2] + dup v7.8b, v2.b[3] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v2.b[4] + dup v5.8b, v2.b[5] + dup v6.8b, v2.b[6] + dup v7.8b, v2.b[7] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v2.b[8] + dup v5.8b, v2.b[9] + dup v6.8b, v2.b[10] + dup v7.8b, v2.b[11] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v2.b[12] + dup v5.8b, v2.b[13] + dup v6.8b, v2.b[14] + dup v7.8b, v2.b[15] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v3.b[0] + dup v5.8b, v3.b[1] + dup v6.8b, v3.b[2] + dup v7.8b, v3.b[3] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v3.b[4] + dup v5.8b, v3.b[5] + dup v6.8b, v3.b[6] + dup v7.8b, v3.b[7] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v3.b[8] + dup v5.8b, v3.b[9] + dup v6.8b, v3.b[10] + dup v7.8b, v3.b[11] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + dup v4.8b, v3.b[12] + dup v5.8b, v3.b[13] + dup v6.8b, v3.b[14] + dup v7.8b, v3.b[15] + cmtst v4.8b, v4.8b, v0.8b + cmtst v5.8b, v5.8b, v0.8b + cmtst v6.8b, v6.8b, v0.8b + cmtst v7.8b, v7.8b, v0.8b + zip1 v4.16b, v4.16b, v4.16b + zip1 v5.16b, v5.16b, v5.16b + zip1 v6.16b, v6.16b, v6.16b + zip1 v7.16b, v7.16b, v7.16b + and v4.16b, v4.16b, v1.16b + and v5.16b, v5.16b, v1.16b + and v6.16b, v6.16b, v1.16b + and v7.16b, v7.16b, v1.16b + st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size kyber_from_msg_neon,.-kyber_from_msg_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_cmp_neon +.type kyber_cmp_neon,@function +.align 2 +kyber_cmp_neon: +#else +.section __TEXT,__text +.globl _kyber_cmp_neon +.p2align 2 +_kyber_cmp_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v8.16b, v0.16b, v4.16b + eor v9.16b, v1.16b, v5.16b + eor v10.16b, v2.16b, v6.16b + eor v11.16b, v3.16b, v7.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + subs w2, w2, #0x300 + beq L_kyber_aarch64_cmp_neon_done + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + subs w2, w2, #0x140 + beq L_kyber_aarch64_cmp_neon_done + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld2 {v0.16b, v1.16b}, [x0] + ld2 {v4.16b, v5.16b}, [x1] + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b +L_kyber_aarch64_cmp_neon_done: + orr v8.16b, v8.16b, v9.16b + orr v10.16b, v10.16b, v11.16b + orr v8.16b, v8.16b, v10.16b + ins v9.b[0], v8.b[1] + orr v8.16b, v8.16b, v9.16b + mov x0, v8.d[0] + subs x0, x0, xzr + csetm w0, ne + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size kyber_cmp_neon,.-kyber_cmp_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_rej_uniform_neon_mask, %object + .section .rodata + .size L_kyber_aarch64_rej_uniform_neon_mask, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_rej_uniform_neon_mask: + .short 0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_rej_uniform_neon_bits, %object + .section .rodata + .size L_kyber_aarch64_rej_uniform_neon_bits, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 2 +#else + .p2align 2 +#endif /* __APPLE__ */ +L_kyber_aarch64_rej_uniform_neon_bits: + .short 0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080 +#ifndef __APPLE__ + .text + .type L_kyber_aarch64_rej_uniform_neon_indeces, %object + .section .rodata + .size L_kyber_aarch64_rej_uniform_neon_indeces, 4096 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_kyber_aarch64_rej_uniform_neon_indeces: + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0a,0x0b,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0a,0x0b,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x06,0x07,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d + .byte 0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b + .byte 0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff + .byte 0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09 + .byte 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff + .byte 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + .byte 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f +#ifndef __APPLE__ +.text +.globl kyber_rej_uniform_neon +.type kyber_rej_uniform_neon,@function +.align 2 +kyber_rej_uniform_neon: +#else +.section __TEXT,__text +.globl _kyber_rej_uniform_neon +.p2align 2 +_kyber_rej_uniform_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-64]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] +#ifndef __APPLE__ + adrp x4, L_kyber_aarch64_rej_uniform_neon_mask + add x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask +#else + adrp x4, L_kyber_aarch64_rej_uniform_neon_mask@PAGE + add x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x5, L_kyber_aarch64_q + add x5, x5, :lo12:L_kyber_aarch64_q +#else + adrp x5, L_kyber_aarch64_q@PAGE + add x5, x5, :lo12:L_kyber_aarch64_q@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_kyber_aarch64_rej_uniform_neon_bits + add x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits +#else + adrp x6, L_kyber_aarch64_rej_uniform_neon_bits@PAGE + add x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_kyber_aarch64_rej_uniform_neon_indeces + add x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indeces +#else + adrp x7, L_kyber_aarch64_rej_uniform_neon_indeces@PAGE + add x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indeces@PAGEOFF +#endif /* __APPLE__ */ + eor v1.16b, v1.16b, v1.16b + eor v12.16b, v12.16b, v12.16b + eor v13.16b, v13.16b, v13.16b + eor x12, x12, x12 + eor v10.16b, v10.16b, v10.16b + eor v11.16b, v11.16b, v11.16b + mov x13, #0xd01 + ldr q0, [x4] + ldr q3, [x5] + ldr q2, [x6] + subs wzr, w1, #0 + beq L_kyber_aarch64_rej_uniform_neon_done + subs wzr, w1, #16 + blt L_kyber_aarch64_rej_uniform_neon_loop_4 +L_kyber_aarch64_rej_uniform_neon_loop_16: + ld3 {v4.8b, v5.8b, v6.8b}, [x2], #24 + zip1 v4.16b, v4.16b, v1.16b + zip1 v5.16b, v5.16b, v1.16b + zip1 v6.16b, v6.16b, v1.16b + shl v7.8h, v5.8h, #8 + ushr v8.8h, v5.8h, #4 + shl v6.8h, v6.8h, #4 + orr v4.16b, v4.16b, v7.16b + orr v5.16b, v8.16b, v6.16b + and v7.16b, v4.16b, v0.16b + and v8.16b, v5.16b, v0.16b + zip1 v4.8h, v7.8h, v8.8h + zip2 v5.8h, v7.8h, v8.8h + cmgt v7.8h, v3.8h, v4.8h + cmgt v8.8h, v3.8h, v5.8h + ushr v12.8h, v7.8h, #15 + ushr v13.8h, v8.8h, #15 + addv h12, v12.8h + addv h13, v13.8h + mov x10, v12.d[0] + mov x11, v13.d[0] + and v10.16b, v7.16b, v2.16b + and v11.16b, v8.16b, v2.16b + addv h10, v10.8h + addv h11, v11.8h + mov w8, v10.s[0] + mov w9, v11.s[0] + lsl w8, w8, #4 + lsl w9, w9, #4 + ldr q10, [x7, x8] + ldr q11, [x7, x9] + tbl v7.16b, {v4.16b}, v10.16b + tbl v8.16b, {v5.16b}, v11.16b + str q7, [x0] + add x0, x0, x10, lsl 1 + add x12, x12, x10 + str q8, [x0] + add x0, x0, x11, lsl 1 + add x12, x12, x11 + subs w3, w3, #24 + beq L_kyber_aarch64_rej_uniform_neon_done + sub w10, w1, w12 + subs x10, x10, #16 + blt L_kyber_aarch64_rej_uniform_neon_loop_4 + b L_kyber_aarch64_rej_uniform_neon_loop_16 +L_kyber_aarch64_rej_uniform_neon_loop_4: + subs w10, w1, w12 + beq L_kyber_aarch64_rej_uniform_neon_done + subs x10, x10, #4 + blt L_kyber_aarch64_rej_uniform_neon_loop_lt_4 + ldr x4, [x2], #6 + lsr x5, x4, #12 + lsr x6, x4, #24 + lsr x7, x4, #36 + and x4, x4, #0xfff + and x5, x5, #0xfff + and x6, x6, #0xfff + and x7, x7, #0xfff + strh w4, [x0] + subs xzr, x4, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + strh w5, [x0] + subs xzr, x5, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + strh w6, [x0] + subs xzr, x6, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + strh w7, [x0] + subs xzr, x7, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + subs w3, w3, #6 + beq L_kyber_aarch64_rej_uniform_neon_done + b L_kyber_aarch64_rej_uniform_neon_loop_4 +L_kyber_aarch64_rej_uniform_neon_loop_lt_4: + ldr x4, [x2], #6 + lsr x5, x4, #12 + lsr x6, x4, #24 + lsr x7, x4, #36 + and x4, x4, #0xfff + and x5, x5, #0xfff + and x6, x6, #0xfff + and x7, x7, #0xfff + strh w4, [x0] + subs xzr, x4, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + subs wzr, w1, w12 + beq L_kyber_aarch64_rej_uniform_neon_done + strh w5, [x0] + subs xzr, x5, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + subs wzr, w1, w12 + beq L_kyber_aarch64_rej_uniform_neon_done + strh w6, [x0] + subs xzr, x6, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + subs wzr, w1, w12 + beq L_kyber_aarch64_rej_uniform_neon_done + strh w7, [x0] + subs xzr, x7, x13 + cinc x0, x0, lt + cinc x0, x0, lt + cinc x12, x12, lt + subs wzr, w1, w12 + beq L_kyber_aarch64_rej_uniform_neon_done + subs w3, w3, #6 + beq L_kyber_aarch64_rej_uniform_neon_done + b L_kyber_aarch64_rej_uniform_neon_loop_lt_4 +L_kyber_aarch64_rej_uniform_neon_done: + mov x0, x12 + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp x29, x30, [sp], #0x40 + ret +#ifndef __APPLE__ + .size kyber_rej_uniform_neon,.-kyber_rej_uniform_neon +#endif /* __APPLE__ */ +#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 +#ifndef __APPLE__ +.text +.globl kyber_sha3_blocksx3_neon +.type kyber_sha3_blocksx3_neon,@function +.align 2 +kyber_sha3_blocksx3_neon: +#else +.section __TEXT,__text +.globl _kyber_sha3_blocksx3_neon +.p2align 2 +_kyber_sha3_blocksx3_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x27, L_sha3_aarch64_r + add x27, x27, :lo12:L_sha3_aarch64_r +#else + adrp x27, L_sha3_aarch64_r@PAGE + add x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + ld4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + ld4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + ld4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + ld4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + ld4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + ld4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + ld1 {v24.d}[0], [x0] + add x0, x0, #8 + ld4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + ld4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + ld4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + ld4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + ld4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + ld4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + ld1 {v24.d}[1], [x0] + add x0, x0, #8 + ldp x1, x2, [x0] + ldp x3, x4, [x0, #16] + ldp x5, x6, [x0, #32] + ldp x7, x8, [x0, #48] + ldp x9, x10, [x0, #64] + ldp x11, x12, [x0, #80] + ldp x13, x14, [x0, #96] + ldp x15, x16, [x0, #112] + ldp x17, x19, [x0, #128] + ldp x20, x21, [x0, #144] + ldp x22, x23, [x0, #160] + ldp x24, x25, [x0, #176] + ldr x26, [x0, #192] + mov x28, #24 + # Start of 24 rounds +L_SHA3_transform_blocksx3_neon_begin: + stp x27, x28, [x29, #48] + # Col Mix + eor3 v31.16b, v0.16b, v5.16b, v10.16b + eor x0, x5, x10 + eor3 v27.16b, v1.16b, v6.16b, v11.16b + eor x30, x1, x6 + eor3 v28.16b, v2.16b, v7.16b, v12.16b + eor x28, x3, x8 + eor3 v29.16b, v3.16b, v8.16b, v13.16b + eor x0, x0, x15 + eor3 v30.16b, v4.16b, v9.16b, v14.16b + eor x30, x30, x11 + eor3 v31.16b, v31.16b, v15.16b, v20.16b + eor x28, x28, x13 + eor3 v27.16b, v27.16b, v16.16b, v21.16b + eor x0, x0, x21 + eor3 v28.16b, v28.16b, v17.16b, v22.16b + eor x30, x30, x16 + eor3 v29.16b, v29.16b, v18.16b, v23.16b + eor x28, x28, x19 + eor3 v30.16b, v30.16b, v19.16b, v24.16b + eor x0, x0, x26 + rax1 v25.2d, v30.2d, v27.2d + eor x30, x30, x22 + rax1 v26.2d, v31.2d, v28.2d + eor x28, x28, x24 + rax1 v27.2d, v27.2d, v29.2d + str x0, [x29, #32] + rax1 v28.2d, v28.2d, v30.2d + str x28, [x29, #24] + rax1 v29.2d, v29.2d, v31.2d + eor x27, x2, x7 + eor v0.16b, v0.16b, v25.16b + xar v30.2d, v1.2d, v26.2d, #63 + eor x28, x4, x9 + xar v1.2d, v6.2d, v26.2d, #20 + eor x27, x27, x12 + xar v6.2d, v9.2d, v29.2d, #44 + eor x28, x28, x14 + xar v9.2d, v22.2d, v27.2d, #3 + eor x27, x27, x17 + xar v22.2d, v14.2d, v29.2d, #25 + eor x28, x28, x20 + xar v14.2d, v20.2d, v25.2d, #46 + eor x27, x27, x23 + xar v20.2d, v2.2d, v27.2d, #2 + eor x28, x28, x25 + xar v2.2d, v12.2d, v27.2d, #21 + eor x0, x0, x27, ror 63 + xar v12.2d, v13.2d, v28.2d, #39 + eor x27, x27, x28, ror 63 + xar v13.2d, v19.2d, v29.2d, #56 + eor x1, x1, x0 + xar v19.2d, v23.2d, v28.2d, #8 + eor x6, x6, x0 + xar v23.2d, v15.2d, v25.2d, #23 + eor x11, x11, x0 + xar v15.2d, v4.2d, v29.2d, #37 + eor x16, x16, x0 + xar v4.2d, v24.2d, v29.2d, #50 + eor x22, x22, x0 + xar v24.2d, v21.2d, v26.2d, #62 + eor x3, x3, x27 + xar v21.2d, v8.2d, v28.2d, #9 + eor x8, x8, x27 + xar v8.2d, v16.2d, v26.2d, #19 + eor x13, x13, x27 + xar v16.2d, v5.2d, v25.2d, #28 + eor x19, x19, x27 + xar v5.2d, v3.2d, v28.2d, #36 + eor x24, x24, x27 + xar v3.2d, v18.2d, v28.2d, #43 + ldr x0, [x29, #32] + xar v18.2d, v17.2d, v27.2d, #49 + ldr x27, [x29, #24] + xar v17.2d, v11.2d, v26.2d, #54 + eor x28, x28, x30, ror 63 + xar v11.2d, v7.2d, v27.2d, #58 + eor x30, x30, x27, ror 63 + xar v7.2d, v10.2d, v25.2d, #61 + eor x27, x27, x0, ror 63 + # Row Mix + mov v25.16b, v0.16b + eor x5, x5, x28 + mov v26.16b, v1.16b + eor x10, x10, x28 + bcax v0.16b, v25.16b, v2.16b, v26.16b + eor x15, x15, x28 + bcax v1.16b, v26.16b, v3.16b, v2.16b + eor x21, x21, x28 + bcax v2.16b, v2.16b, v4.16b, v3.16b + eor x26, x26, x28 + bcax v3.16b, v3.16b, v25.16b, v4.16b + eor x2, x2, x30 + bcax v4.16b, v4.16b, v26.16b, v25.16b + eor x7, x7, x30 + mov v25.16b, v5.16b + eor x12, x12, x30 + mov v26.16b, v6.16b + eor x17, x17, x30 + bcax v5.16b, v25.16b, v7.16b, v26.16b + eor x23, x23, x30 + bcax v6.16b, v26.16b, v8.16b, v7.16b + eor x4, x4, x27 + bcax v7.16b, v7.16b, v9.16b, v8.16b + eor x9, x9, x27 + bcax v8.16b, v8.16b, v25.16b, v9.16b + eor x14, x14, x27 + bcax v9.16b, v9.16b, v26.16b, v25.16b + eor x20, x20, x27 + mov v26.16b, v11.16b + eor x25, x25, x27 + # Swap Rotate Base + bcax v10.16b, v30.16b, v12.16b, v26.16b + ror x0, x2, #63 + bcax v11.16b, v26.16b, v13.16b, v12.16b + ror x2, x7, #20 + bcax v12.16b, v12.16b, v14.16b, v13.16b + ror x7, x10, #44 + bcax v13.16b, v13.16b, v30.16b, v14.16b + ror x10, x24, #3 + bcax v14.16b, v14.16b, v26.16b, v30.16b + ror x24, x15, #25 + mov v25.16b, v15.16b + ror x15, x22, #46 + mov v26.16b, v16.16b + ror x22, x3, #2 + bcax v15.16b, v25.16b, v17.16b, v26.16b + ror x3, x13, #21 + bcax v16.16b, v26.16b, v18.16b, v17.16b + ror x13, x14, #39 + bcax v17.16b, v17.16b, v19.16b, v18.16b + ror x14, x21, #56 + bcax v18.16b, v18.16b, v25.16b, v19.16b + ror x21, x25, #8 + bcax v19.16b, v19.16b, v26.16b, v25.16b + ror x25, x16, #23 + mov v25.16b, v20.16b + ror x16, x5, #37 + mov v26.16b, v21.16b + ror x5, x26, #50 + bcax v20.16b, v25.16b, v22.16b, v26.16b + ror x26, x23, #62 + bcax v21.16b, v26.16b, v23.16b, v22.16b + ror x23, x9, #9 + bcax v22.16b, v22.16b, v24.16b, v23.16b + ror x9, x17, #19 + bcax v23.16b, v23.16b, v25.16b, v24.16b + ror x17, x6, #28 + bcax v24.16b, v24.16b, v26.16b, v25.16b + ror x6, x4, #36 + ror x4, x20, #43 + ror x20, x19, #49 + ror x19, x12, #54 + ror x12, x8, #58 + ror x8, x11, #61 + # Row Mix Base + bic x11, x3, x2 + bic x27, x4, x3 + bic x28, x1, x5 + bic x30, x2, x1 + eor x1, x1, x11 + eor x2, x2, x27 + bic x11, x5, x4 + eor x4, x4, x28 + eor x3, x3, x11 + eor x5, x5, x30 + bic x11, x8, x7 + bic x27, x9, x8 + bic x28, x6, x10 + bic x30, x7, x6 + eor x6, x6, x11 + eor x7, x7, x27 + bic x11, x10, x9 + eor x9, x9, x28 + eor x8, x8, x11 + eor x10, x10, x30 + bic x11, x13, x12 + bic x27, x14, x13 + bic x28, x0, x15 + bic x30, x12, x0 + eor x11, x0, x11 + eor x12, x12, x27 + bic x0, x15, x14 + eor x14, x14, x28 + eor x13, x13, x0 + eor x15, x15, x30 + bic x0, x19, x17 + bic x27, x20, x19 + bic x28, x16, x21 + bic x30, x17, x16 + eor x16, x16, x0 + eor x17, x17, x27 + bic x0, x21, x20 + eor x20, x20, x28 + eor x19, x19, x0 + eor x21, x21, x30 + bic x0, x24, x23 + bic x27, x25, x24 + bic x28, x22, x26 + bic x30, x23, x22 + eor x22, x22, x0 + eor x23, x23, x27 + bic x0, x26, x25 + eor x25, x25, x28 + eor x24, x24, x0 + eor x26, x26, x30 + # Done tranforming + ldp x27, x28, [x29, #48] + ldr x0, [x27], #8 + subs x28, x28, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x1, x1, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_transform_blocksx3_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x1, x2, [x0] + stp x3, x4, [x0, #16] + stp x5, x6, [x0, #32] + stp x7, x8, [x0, #48] + stp x9, x10, [x0, #64] + stp x11, x12, [x0, #80] + stp x13, x14, [x0, #96] + stp x15, x16, [x0, #112] + stp x17, x19, [x0, #128] + stp x20, x21, [x0, #144] + stp x22, x23, [x0, #160] + stp x24, x25, [x0, #176] + str x26, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_shake128_blocksx3_seed_neon +.type kyber_shake128_blocksx3_seed_neon,@function +.align 2 +kyber_shake128_blocksx3_seed_neon: +#else +.section __TEXT,__text +.globl _kyber_shake128_blocksx3_seed_neon +.p2align 2 +_kyber_shake128_blocksx3_seed_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x28, L_sha3_aarch64_r + add x28, x28, :lo12:L_sha3_aarch64_r +#else + adrp x28, L_sha3_aarch64_r@PAGE + add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + add x0, x0, #32 + ld1 {v4.d}[0], [x0] + ldp x2, x3, [x1], #16 + add x0, x0, #0xc8 + ld1 {v4.d}[1], [x0] + ldp x4, x5, [x1], #16 + ldr x6, [x0, #200] + eor v5.16b, v5.16b, v5.16b + eor x7, x7, x7 + eor v6.16b, v6.16b, v6.16b + eor x8, x8, x8 + eor v7.16b, v7.16b, v7.16b + eor x9, x9, x9 + eor v8.16b, v8.16b, v8.16b + eor x10, x10, x10 + eor v9.16b, v9.16b, v9.16b + eor x11, x11, x11 + eor v10.16b, v10.16b, v10.16b + eor x12, x12, x12 + eor v11.16b, v11.16b, v11.16b + eor x13, x13, x13 + eor v12.16b, v12.16b, v12.16b + eor x14, x14, x14 + eor v13.16b, v13.16b, v13.16b + eor x15, x15, x15 + eor v14.16b, v14.16b, v14.16b + eor x16, x16, x16 + eor v15.16b, v15.16b, v15.16b + eor x17, x17, x17 + eor v16.16b, v16.16b, v16.16b + eor x19, x19, x19 + eor v17.16b, v17.16b, v17.16b + eor x20, x20, x20 + eor v18.16b, v18.16b, v18.16b + eor x21, x21, x21 + eor v19.16b, v19.16b, v19.16b + eor x22, x22, x22 + movz x23, #0x8000, lsl 48 + eor v21.16b, v21.16b, v21.16b + eor x24, x24, x24 + eor v22.16b, v22.16b, v22.16b + eor x25, x25, x25 + eor v23.16b, v23.16b, v23.16b + eor x26, x26, x26 + eor v24.16b, v24.16b, v24.16b + eor x27, x27, x27 + dup v0.2d, x2 + dup v1.2d, x3 + dup v2.2d, x4 + dup v3.2d, x5 + dup v20.2d, x23 + mov x1, #24 + # Start of 24 rounds +L_SHA3_shake128_blocksx3_seed_neon_begin: + stp x28, x1, [x29, #48] + # Col Mix + eor3 v31.16b, v0.16b, v5.16b, v10.16b + eor x0, x6, x11 + eor3 v27.16b, v1.16b, v6.16b, v11.16b + eor x30, x2, x7 + eor3 v28.16b, v2.16b, v7.16b, v12.16b + eor x28, x4, x9 + eor3 v29.16b, v3.16b, v8.16b, v13.16b + eor x0, x0, x16 + eor3 v30.16b, v4.16b, v9.16b, v14.16b + eor x30, x30, x12 + eor3 v31.16b, v31.16b, v15.16b, v20.16b + eor x28, x28, x14 + eor3 v27.16b, v27.16b, v16.16b, v21.16b + eor x0, x0, x22 + eor3 v28.16b, v28.16b, v17.16b, v22.16b + eor x30, x30, x17 + eor3 v29.16b, v29.16b, v18.16b, v23.16b + eor x28, x28, x20 + eor3 v30.16b, v30.16b, v19.16b, v24.16b + eor x0, x0, x27 + rax1 v25.2d, v30.2d, v27.2d + eor x30, x30, x23 + rax1 v26.2d, v31.2d, v28.2d + eor x28, x28, x25 + rax1 v27.2d, v27.2d, v29.2d + str x0, [x29, #32] + rax1 v28.2d, v28.2d, v30.2d + str x28, [x29, #24] + rax1 v29.2d, v29.2d, v31.2d + eor x1, x3, x8 + eor v0.16b, v0.16b, v25.16b + xar v30.2d, v1.2d, v26.2d, #63 + eor x28, x5, x10 + xar v1.2d, v6.2d, v26.2d, #20 + eor x1, x1, x13 + xar v6.2d, v9.2d, v29.2d, #44 + eor x28, x28, x15 + xar v9.2d, v22.2d, v27.2d, #3 + eor x1, x1, x19 + xar v22.2d, v14.2d, v29.2d, #25 + eor x28, x28, x21 + xar v14.2d, v20.2d, v25.2d, #46 + eor x1, x1, x24 + xar v20.2d, v2.2d, v27.2d, #2 + eor x28, x28, x26 + xar v2.2d, v12.2d, v27.2d, #21 + eor x0, x0, x1, ror 63 + xar v12.2d, v13.2d, v28.2d, #39 + eor x1, x1, x28, ror 63 + xar v13.2d, v19.2d, v29.2d, #56 + eor x2, x2, x0 + xar v19.2d, v23.2d, v28.2d, #8 + eor x7, x7, x0 + xar v23.2d, v15.2d, v25.2d, #23 + eor x12, x12, x0 + xar v15.2d, v4.2d, v29.2d, #37 + eor x17, x17, x0 + xar v4.2d, v24.2d, v29.2d, #50 + eor x23, x23, x0 + xar v24.2d, v21.2d, v26.2d, #62 + eor x4, x4, x1 + xar v21.2d, v8.2d, v28.2d, #9 + eor x9, x9, x1 + xar v8.2d, v16.2d, v26.2d, #19 + eor x14, x14, x1 + xar v16.2d, v5.2d, v25.2d, #28 + eor x20, x20, x1 + xar v5.2d, v3.2d, v28.2d, #36 + eor x25, x25, x1 + xar v3.2d, v18.2d, v28.2d, #43 + ldr x0, [x29, #32] + xar v18.2d, v17.2d, v27.2d, #49 + ldr x1, [x29, #24] + xar v17.2d, v11.2d, v26.2d, #54 + eor x28, x28, x30, ror 63 + xar v11.2d, v7.2d, v27.2d, #58 + eor x30, x30, x1, ror 63 + xar v7.2d, v10.2d, v25.2d, #61 + eor x1, x1, x0, ror 63 + # Row Mix + mov v25.16b, v0.16b + eor x6, x6, x28 + mov v26.16b, v1.16b + eor x11, x11, x28 + bcax v0.16b, v25.16b, v2.16b, v26.16b + eor x16, x16, x28 + bcax v1.16b, v26.16b, v3.16b, v2.16b + eor x22, x22, x28 + bcax v2.16b, v2.16b, v4.16b, v3.16b + eor x27, x27, x28 + bcax v3.16b, v3.16b, v25.16b, v4.16b + eor x3, x3, x30 + bcax v4.16b, v4.16b, v26.16b, v25.16b + eor x8, x8, x30 + mov v25.16b, v5.16b + eor x13, x13, x30 + mov v26.16b, v6.16b + eor x19, x19, x30 + bcax v5.16b, v25.16b, v7.16b, v26.16b + eor x24, x24, x30 + bcax v6.16b, v26.16b, v8.16b, v7.16b + eor x5, x5, x1 + bcax v7.16b, v7.16b, v9.16b, v8.16b + eor x10, x10, x1 + bcax v8.16b, v8.16b, v25.16b, v9.16b + eor x15, x15, x1 + bcax v9.16b, v9.16b, v26.16b, v25.16b + eor x21, x21, x1 + mov v26.16b, v11.16b + eor x26, x26, x1 + # Swap Rotate Base + bcax v10.16b, v30.16b, v12.16b, v26.16b + ror x0, x3, #63 + bcax v11.16b, v26.16b, v13.16b, v12.16b + ror x3, x8, #20 + bcax v12.16b, v12.16b, v14.16b, v13.16b + ror x8, x11, #44 + bcax v13.16b, v13.16b, v30.16b, v14.16b + ror x11, x25, #3 + bcax v14.16b, v14.16b, v26.16b, v30.16b + ror x25, x16, #25 + mov v25.16b, v15.16b + ror x16, x23, #46 + mov v26.16b, v16.16b + ror x23, x4, #2 + bcax v15.16b, v25.16b, v17.16b, v26.16b + ror x4, x14, #21 + bcax v16.16b, v26.16b, v18.16b, v17.16b + ror x14, x15, #39 + bcax v17.16b, v17.16b, v19.16b, v18.16b + ror x15, x22, #56 + bcax v18.16b, v18.16b, v25.16b, v19.16b + ror x22, x26, #8 + bcax v19.16b, v19.16b, v26.16b, v25.16b + ror x26, x17, #23 + mov v25.16b, v20.16b + ror x17, x6, #37 + mov v26.16b, v21.16b + ror x6, x27, #50 + bcax v20.16b, v25.16b, v22.16b, v26.16b + ror x27, x24, #62 + bcax v21.16b, v26.16b, v23.16b, v22.16b + ror x24, x10, #9 + bcax v22.16b, v22.16b, v24.16b, v23.16b + ror x10, x19, #19 + bcax v23.16b, v23.16b, v25.16b, v24.16b + ror x19, x7, #28 + bcax v24.16b, v24.16b, v26.16b, v25.16b + ror x7, x5, #36 + ror x5, x21, #43 + ror x21, x20, #49 + ror x20, x13, #54 + ror x13, x9, #58 + ror x9, x12, #61 + # Row Mix Base + bic x12, x4, x3 + bic x1, x5, x4 + bic x28, x2, x6 + bic x30, x3, x2 + eor x2, x2, x12 + eor x3, x3, x1 + bic x12, x6, x5 + eor x5, x5, x28 + eor x4, x4, x12 + eor x6, x6, x30 + bic x12, x9, x8 + bic x1, x10, x9 + bic x28, x7, x11 + bic x30, x8, x7 + eor x7, x7, x12 + eor x8, x8, x1 + bic x12, x11, x10 + eor x10, x10, x28 + eor x9, x9, x12 + eor x11, x11, x30 + bic x12, x14, x13 + bic x1, x15, x14 + bic x28, x0, x16 + bic x30, x13, x0 + eor x12, x0, x12 + eor x13, x13, x1 + bic x0, x16, x15 + eor x15, x15, x28 + eor x14, x14, x0 + eor x16, x16, x30 + bic x0, x20, x19 + bic x1, x21, x20 + bic x28, x17, x22 + bic x30, x19, x17 + eor x17, x17, x0 + eor x19, x19, x1 + bic x0, x22, x21 + eor x21, x21, x28 + eor x20, x20, x0 + eor x22, x22, x30 + bic x0, x25, x24 + bic x1, x26, x25 + bic x28, x23, x27 + bic x30, x24, x23 + eor x23, x23, x0 + eor x24, x24, x1 + bic x0, x27, x26 + eor x26, x26, x28 + eor x25, x25, x0 + eor x27, x27, x30 + # Done tranforming + ldp x28, x1, [x29, #48] + ldr x0, [x28], #8 + subs x1, x1, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x2, x2, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_shake128_blocksx3_seed_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x2, x3, [x0] + stp x4, x5, [x0, #16] + stp x6, x7, [x0, #32] + stp x8, x9, [x0, #48] + stp x10, x11, [x0, #64] + stp x12, x13, [x0, #80] + stp x14, x15, [x0, #96] + stp x16, x17, [x0, #112] + stp x19, x20, [x0, #128] + stp x21, x22, [x0, #144] + stp x23, x24, [x0, #160] + stp x25, x26, [x0, #176] + str x27, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_shake256_blocksx3_seed_neon +.type kyber_shake256_blocksx3_seed_neon,@function +.align 2 +kyber_shake256_blocksx3_seed_neon: +#else +.section __TEXT,__text +.globl _kyber_shake256_blocksx3_seed_neon +.p2align 2 +_kyber_shake256_blocksx3_seed_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x28, L_sha3_aarch64_r + add x28, x28, :lo12:L_sha3_aarch64_r +#else + adrp x28, L_sha3_aarch64_r@PAGE + add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + add x0, x0, #32 + ld1 {v4.d}[0], [x0] + ldp x2, x3, [x1], #16 + add x0, x0, #0xc8 + ld1 {v4.d}[1], [x0] + ldp x4, x5, [x1], #16 + ldr x6, [x0, #200] + eor v5.16b, v5.16b, v5.16b + eor x7, x7, x7 + eor v6.16b, v6.16b, v6.16b + eor x8, x8, x8 + eor v7.16b, v7.16b, v7.16b + eor x9, x9, x9 + eor v8.16b, v8.16b, v8.16b + eor x10, x10, x10 + eor v9.16b, v9.16b, v9.16b + eor x11, x11, x11 + eor v10.16b, v10.16b, v10.16b + eor x12, x12, x12 + eor v11.16b, v11.16b, v11.16b + eor x13, x13, x13 + eor v12.16b, v12.16b, v12.16b + eor x14, x14, x14 + eor v13.16b, v13.16b, v13.16b + eor x15, x15, x15 + eor v14.16b, v14.16b, v14.16b + eor x16, x16, x16 + eor v15.16b, v15.16b, v15.16b + eor x17, x17, x17 + movz x19, #0x8000, lsl 48 + eor v17.16b, v17.16b, v17.16b + eor x20, x20, x20 + eor v18.16b, v18.16b, v18.16b + eor x21, x21, x21 + eor v19.16b, v19.16b, v19.16b + eor x22, x22, x22 + eor v20.16b, v20.16b, v20.16b + eor x23, x23, x23 + eor v21.16b, v21.16b, v21.16b + eor x24, x24, x24 + eor v22.16b, v22.16b, v22.16b + eor x25, x25, x25 + eor v23.16b, v23.16b, v23.16b + eor x26, x26, x26 + eor v24.16b, v24.16b, v24.16b + eor x27, x27, x27 + dup v0.2d, x2 + dup v1.2d, x3 + dup v2.2d, x4 + dup v3.2d, x5 + dup v16.2d, x19 + mov x1, #24 + # Start of 24 rounds +L_SHA3_shake256_blocksx3_seed_neon_begin: + stp x28, x1, [x29, #48] + # Col Mix + eor3 v31.16b, v0.16b, v5.16b, v10.16b + eor x0, x6, x11 + eor3 v27.16b, v1.16b, v6.16b, v11.16b + eor x30, x2, x7 + eor3 v28.16b, v2.16b, v7.16b, v12.16b + eor x28, x4, x9 + eor3 v29.16b, v3.16b, v8.16b, v13.16b + eor x0, x0, x16 + eor3 v30.16b, v4.16b, v9.16b, v14.16b + eor x30, x30, x12 + eor3 v31.16b, v31.16b, v15.16b, v20.16b + eor x28, x28, x14 + eor3 v27.16b, v27.16b, v16.16b, v21.16b + eor x0, x0, x22 + eor3 v28.16b, v28.16b, v17.16b, v22.16b + eor x30, x30, x17 + eor3 v29.16b, v29.16b, v18.16b, v23.16b + eor x28, x28, x20 + eor3 v30.16b, v30.16b, v19.16b, v24.16b + eor x0, x0, x27 + rax1 v25.2d, v30.2d, v27.2d + eor x30, x30, x23 + rax1 v26.2d, v31.2d, v28.2d + eor x28, x28, x25 + rax1 v27.2d, v27.2d, v29.2d + str x0, [x29, #32] + rax1 v28.2d, v28.2d, v30.2d + str x28, [x29, #24] + rax1 v29.2d, v29.2d, v31.2d + eor x1, x3, x8 + eor v0.16b, v0.16b, v25.16b + xar v30.2d, v1.2d, v26.2d, #63 + eor x28, x5, x10 + xar v1.2d, v6.2d, v26.2d, #20 + eor x1, x1, x13 + xar v6.2d, v9.2d, v29.2d, #44 + eor x28, x28, x15 + xar v9.2d, v22.2d, v27.2d, #3 + eor x1, x1, x19 + xar v22.2d, v14.2d, v29.2d, #25 + eor x28, x28, x21 + xar v14.2d, v20.2d, v25.2d, #46 + eor x1, x1, x24 + xar v20.2d, v2.2d, v27.2d, #2 + eor x28, x28, x26 + xar v2.2d, v12.2d, v27.2d, #21 + eor x0, x0, x1, ror 63 + xar v12.2d, v13.2d, v28.2d, #39 + eor x1, x1, x28, ror 63 + xar v13.2d, v19.2d, v29.2d, #56 + eor x2, x2, x0 + xar v19.2d, v23.2d, v28.2d, #8 + eor x7, x7, x0 + xar v23.2d, v15.2d, v25.2d, #23 + eor x12, x12, x0 + xar v15.2d, v4.2d, v29.2d, #37 + eor x17, x17, x0 + xar v4.2d, v24.2d, v29.2d, #50 + eor x23, x23, x0 + xar v24.2d, v21.2d, v26.2d, #62 + eor x4, x4, x1 + xar v21.2d, v8.2d, v28.2d, #9 + eor x9, x9, x1 + xar v8.2d, v16.2d, v26.2d, #19 + eor x14, x14, x1 + xar v16.2d, v5.2d, v25.2d, #28 + eor x20, x20, x1 + xar v5.2d, v3.2d, v28.2d, #36 + eor x25, x25, x1 + xar v3.2d, v18.2d, v28.2d, #43 + ldr x0, [x29, #32] + xar v18.2d, v17.2d, v27.2d, #49 + ldr x1, [x29, #24] + xar v17.2d, v11.2d, v26.2d, #54 + eor x28, x28, x30, ror 63 + xar v11.2d, v7.2d, v27.2d, #58 + eor x30, x30, x1, ror 63 + xar v7.2d, v10.2d, v25.2d, #61 + eor x1, x1, x0, ror 63 + # Row Mix + mov v25.16b, v0.16b + eor x6, x6, x28 + mov v26.16b, v1.16b + eor x11, x11, x28 + bcax v0.16b, v25.16b, v2.16b, v26.16b + eor x16, x16, x28 + bcax v1.16b, v26.16b, v3.16b, v2.16b + eor x22, x22, x28 + bcax v2.16b, v2.16b, v4.16b, v3.16b + eor x27, x27, x28 + bcax v3.16b, v3.16b, v25.16b, v4.16b + eor x3, x3, x30 + bcax v4.16b, v4.16b, v26.16b, v25.16b + eor x8, x8, x30 + mov v25.16b, v5.16b + eor x13, x13, x30 + mov v26.16b, v6.16b + eor x19, x19, x30 + bcax v5.16b, v25.16b, v7.16b, v26.16b + eor x24, x24, x30 + bcax v6.16b, v26.16b, v8.16b, v7.16b + eor x5, x5, x1 + bcax v7.16b, v7.16b, v9.16b, v8.16b + eor x10, x10, x1 + bcax v8.16b, v8.16b, v25.16b, v9.16b + eor x15, x15, x1 + bcax v9.16b, v9.16b, v26.16b, v25.16b + eor x21, x21, x1 + mov v26.16b, v11.16b + eor x26, x26, x1 + # Swap Rotate Base + bcax v10.16b, v30.16b, v12.16b, v26.16b + ror x0, x3, #63 + bcax v11.16b, v26.16b, v13.16b, v12.16b + ror x3, x8, #20 + bcax v12.16b, v12.16b, v14.16b, v13.16b + ror x8, x11, #44 + bcax v13.16b, v13.16b, v30.16b, v14.16b + ror x11, x25, #3 + bcax v14.16b, v14.16b, v26.16b, v30.16b + ror x25, x16, #25 + mov v25.16b, v15.16b + ror x16, x23, #46 + mov v26.16b, v16.16b + ror x23, x4, #2 + bcax v15.16b, v25.16b, v17.16b, v26.16b + ror x4, x14, #21 + bcax v16.16b, v26.16b, v18.16b, v17.16b + ror x14, x15, #39 + bcax v17.16b, v17.16b, v19.16b, v18.16b + ror x15, x22, #56 + bcax v18.16b, v18.16b, v25.16b, v19.16b + ror x22, x26, #8 + bcax v19.16b, v19.16b, v26.16b, v25.16b + ror x26, x17, #23 + mov v25.16b, v20.16b + ror x17, x6, #37 + mov v26.16b, v21.16b + ror x6, x27, #50 + bcax v20.16b, v25.16b, v22.16b, v26.16b + ror x27, x24, #62 + bcax v21.16b, v26.16b, v23.16b, v22.16b + ror x24, x10, #9 + bcax v22.16b, v22.16b, v24.16b, v23.16b + ror x10, x19, #19 + bcax v23.16b, v23.16b, v25.16b, v24.16b + ror x19, x7, #28 + bcax v24.16b, v24.16b, v26.16b, v25.16b + ror x7, x5, #36 + ror x5, x21, #43 + ror x21, x20, #49 + ror x20, x13, #54 + ror x13, x9, #58 + ror x9, x12, #61 + # Row Mix Base + bic x12, x4, x3 + bic x1, x5, x4 + bic x28, x2, x6 + bic x30, x3, x2 + eor x2, x2, x12 + eor x3, x3, x1 + bic x12, x6, x5 + eor x5, x5, x28 + eor x4, x4, x12 + eor x6, x6, x30 + bic x12, x9, x8 + bic x1, x10, x9 + bic x28, x7, x11 + bic x30, x8, x7 + eor x7, x7, x12 + eor x8, x8, x1 + bic x12, x11, x10 + eor x10, x10, x28 + eor x9, x9, x12 + eor x11, x11, x30 + bic x12, x14, x13 + bic x1, x15, x14 + bic x28, x0, x16 + bic x30, x13, x0 + eor x12, x0, x12 + eor x13, x13, x1 + bic x0, x16, x15 + eor x15, x15, x28 + eor x14, x14, x0 + eor x16, x16, x30 + bic x0, x20, x19 + bic x1, x21, x20 + bic x28, x17, x22 + bic x30, x19, x17 + eor x17, x17, x0 + eor x19, x19, x1 + bic x0, x22, x21 + eor x21, x21, x28 + eor x20, x20, x0 + eor x22, x22, x30 + bic x0, x25, x24 + bic x1, x26, x25 + bic x28, x23, x27 + bic x30, x24, x23 + eor x23, x23, x0 + eor x24, x24, x1 + bic x0, x27, x26 + eor x26, x26, x28 + eor x25, x25, x0 + eor x27, x27, x30 + # Done tranforming + ldp x28, x1, [x29, #48] + ldr x0, [x28], #8 + subs x1, x1, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x2, x2, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_shake256_blocksx3_seed_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x2, x3, [x0] + stp x4, x5, [x0, #16] + stp x6, x7, [x0, #32] + stp x8, x9, [x0, #48] + stp x10, x11, [x0, #64] + stp x12, x13, [x0, #80] + stp x14, x15, [x0, #96] + stp x16, x17, [x0, #112] + stp x19, x20, [x0, #128] + stp x21, x22, [x0, #144] + stp x23, x24, [x0, #160] + stp x25, x26, [x0, #176] + str x27, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon +#endif /* __APPLE__ */ +#else +#ifndef __APPLE__ +.text +.globl kyber_sha3_blocksx3_neon +.type kyber_sha3_blocksx3_neon,@function +.align 2 +kyber_sha3_blocksx3_neon: +#else +.section __TEXT,__text +.globl _kyber_sha3_blocksx3_neon +.p2align 2 +_kyber_sha3_blocksx3_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x27, L_sha3_aarch64_r + add x27, x27, :lo12:L_sha3_aarch64_r +#else + adrp x27, L_sha3_aarch64_r@PAGE + add x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + ld4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + ld4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + ld4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + ld4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + ld4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + ld4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + ld1 {v24.d}[0], [x0] + add x0, x0, #8 + ld4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + ld4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + ld4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + ld4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + ld4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + ld4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + ld1 {v24.d}[1], [x0] + add x0, x0, #8 + ldp x1, x2, [x0] + ldp x3, x4, [x0, #16] + ldp x5, x6, [x0, #32] + ldp x7, x8, [x0, #48] + ldp x9, x10, [x0, #64] + ldp x11, x12, [x0, #80] + ldp x13, x14, [x0, #96] + ldp x15, x16, [x0, #112] + ldp x17, x19, [x0, #128] + ldp x20, x21, [x0, #144] + ldp x22, x23, [x0, #160] + ldp x24, x25, [x0, #176] + ldr x26, [x0, #192] + mov x28, #24 + # Start of 24 rounds +L_SHA3_transform_blocksx3_neon_begin: + stp x27, x28, [x29, #48] + # Col Mix NEON + eor v30.16b, v4.16b, v9.16b + eor x0, x5, x10 + eor v27.16b, v1.16b, v6.16b + eor x30, x1, x6 + eor v30.16b, v30.16b, v14.16b + eor x28, x3, x8 + eor v27.16b, v27.16b, v11.16b + eor x0, x0, x15 + eor v30.16b, v30.16b, v19.16b + eor x30, x30, x11 + eor v27.16b, v27.16b, v16.16b + eor x28, x28, x13 + eor v30.16b, v30.16b, v24.16b + eor x0, x0, x21 + eor v27.16b, v27.16b, v21.16b + eor x30, x30, x16 + ushr v25.2d, v27.2d, #63 + eor x28, x28, x19 + sli v25.2d, v27.2d, #1 + eor x0, x0, x26 + eor v25.16b, v25.16b, v30.16b + eor x30, x30, x22 + eor v31.16b, v0.16b, v5.16b + eor x28, x28, x24 + eor v28.16b, v2.16b, v7.16b + str x0, [x29, #32] + eor v31.16b, v31.16b, v10.16b + str x28, [x29, #24] + eor v28.16b, v28.16b, v12.16b + eor x27, x2, x7 + eor v31.16b, v31.16b, v15.16b + eor x28, x4, x9 + eor v28.16b, v28.16b, v17.16b + eor x27, x27, x12 + eor v31.16b, v31.16b, v20.16b + eor x28, x28, x14 + eor v28.16b, v28.16b, v22.16b + eor x27, x27, x17 + ushr v29.2d, v30.2d, #63 + eor x28, x28, x20 + ushr v26.2d, v28.2d, #63 + eor x27, x27, x23 + sli v29.2d, v30.2d, #1 + eor x28, x28, x25 + sli v26.2d, v28.2d, #1 + eor x0, x0, x27, ror 63 + eor v28.16b, v28.16b, v29.16b + eor x27, x27, x28, ror 63 + eor v29.16b, v3.16b, v8.16b + eor x1, x1, x0 + eor v26.16b, v26.16b, v31.16b + eor x6, x6, x0 + eor v29.16b, v29.16b, v13.16b + eor x11, x11, x0 + eor v29.16b, v29.16b, v18.16b + eor x16, x16, x0 + eor v29.16b, v29.16b, v23.16b + eor x22, x22, x0 + ushr v30.2d, v29.2d, #63 + eor x3, x3, x27 + sli v30.2d, v29.2d, #1 + eor x8, x8, x27 + eor v27.16b, v27.16b, v30.16b + eor x13, x13, x27 + ushr v30.2d, v31.2d, #63 + eor x19, x19, x27 + sli v30.2d, v31.2d, #1 + eor x24, x24, x27 + eor v29.16b, v29.16b, v30.16b + ldr x0, [x29, #32] + # Swap Rotate NEON + eor v0.16b, v0.16b, v25.16b + eor v31.16b, v1.16b, v26.16b + ldr x27, [x29, #24] + eor v6.16b, v6.16b, v26.16b + eor x28, x28, x30, ror 63 + ushr v30.2d, v31.2d, #63 + eor x30, x30, x27, ror 63 + ushr v1.2d, v6.2d, #20 + eor x27, x27, x0, ror 63 + sli v30.2d, v31.2d, #1 + eor x5, x5, x28 + sli v1.2d, v6.2d, #44 + eor x10, x10, x28 + eor v31.16b, v9.16b, v29.16b + eor x15, x15, x28 + eor v22.16b, v22.16b, v27.16b + eor x21, x21, x28 + ushr v6.2d, v31.2d, #44 + eor x26, x26, x28 + ushr v9.2d, v22.2d, #3 + eor x2, x2, x30 + sli v6.2d, v31.2d, #20 + eor x7, x7, x30 + sli v9.2d, v22.2d, #61 + eor x12, x12, x30 + eor v31.16b, v14.16b, v29.16b + eor x17, x17, x30 + eor v20.16b, v20.16b, v25.16b + eor x23, x23, x30 + ushr v22.2d, v31.2d, #25 + eor x4, x4, x27 + ushr v14.2d, v20.2d, #46 + eor x9, x9, x27 + sli v22.2d, v31.2d, #39 + eor x14, x14, x27 + sli v14.2d, v20.2d, #18 + eor x20, x20, x27 + eor v31.16b, v2.16b, v27.16b + eor x25, x25, x27 + # Swap Rotate Base + eor v12.16b, v12.16b, v27.16b + ror x0, x2, #63 + ushr v20.2d, v31.2d, #2 + ror x2, x7, #20 + ushr v2.2d, v12.2d, #21 + ror x7, x10, #44 + sli v20.2d, v31.2d, #62 + ror x10, x24, #3 + sli v2.2d, v12.2d, #43 + ror x24, x15, #25 + eor v31.16b, v13.16b, v28.16b + ror x15, x22, #46 + eor v19.16b, v19.16b, v29.16b + ror x22, x3, #2 + ushr v12.2d, v31.2d, #39 + ror x3, x13, #21 + ushr v13.2d, v19.2d, #56 + ror x13, x14, #39 + sli v12.2d, v31.2d, #25 + ror x14, x21, #56 + sli v13.2d, v19.2d, #8 + ror x21, x25, #8 + eor v31.16b, v23.16b, v28.16b + ror x25, x16, #23 + eor v15.16b, v15.16b, v25.16b + ror x16, x5, #37 + ushr v19.2d, v31.2d, #8 + ror x5, x26, #50 + ushr v23.2d, v15.2d, #23 + ror x26, x23, #62 + sli v19.2d, v31.2d, #56 + ror x23, x9, #9 + sli v23.2d, v15.2d, #41 + ror x9, x17, #19 + eor v31.16b, v4.16b, v29.16b + ror x17, x6, #28 + eor v24.16b, v24.16b, v29.16b + ror x6, x4, #36 + ushr v15.2d, v31.2d, #37 + ror x4, x20, #43 + ushr v4.2d, v24.2d, #50 + ror x20, x19, #49 + sli v15.2d, v31.2d, #27 + ror x19, x12, #54 + sli v4.2d, v24.2d, #14 + ror x12, x8, #58 + eor v31.16b, v21.16b, v26.16b + ror x8, x11, #61 + # Row Mix Base + eor v8.16b, v8.16b, v28.16b + bic x11, x3, x2 + ushr v24.2d, v31.2d, #62 + bic x27, x4, x3 + ushr v21.2d, v8.2d, #9 + bic x28, x1, x5 + sli v24.2d, v31.2d, #2 + bic x30, x2, x1 + sli v21.2d, v8.2d, #55 + eor x1, x1, x11 + eor v31.16b, v16.16b, v26.16b + eor x2, x2, x27 + eor v5.16b, v5.16b, v25.16b + bic x11, x5, x4 + ushr v8.2d, v31.2d, #19 + eor x4, x4, x28 + ushr v16.2d, v5.2d, #28 + eor x3, x3, x11 + sli v8.2d, v31.2d, #45 + eor x5, x5, x30 + sli v16.2d, v5.2d, #36 + bic x11, x8, x7 + eor v31.16b, v3.16b, v28.16b + bic x27, x9, x8 + eor v18.16b, v18.16b, v28.16b + bic x28, x6, x10 + ushr v5.2d, v31.2d, #36 + bic x30, x7, x6 + ushr v3.2d, v18.2d, #43 + eor x6, x6, x11 + sli v5.2d, v31.2d, #28 + eor x7, x7, x27 + sli v3.2d, v18.2d, #21 + bic x11, x10, x9 + eor v31.16b, v17.16b, v27.16b + eor x9, x9, x28 + eor v11.16b, v11.16b, v26.16b + eor x8, x8, x11 + ushr v18.2d, v31.2d, #49 + eor x10, x10, x30 + ushr v17.2d, v11.2d, #54 + bic x11, x13, x12 + sli v18.2d, v31.2d, #15 + bic x27, x14, x13 + sli v17.2d, v11.2d, #10 + bic x28, x0, x15 + eor v31.16b, v7.16b, v27.16b + bic x30, x12, x0 + eor v10.16b, v10.16b, v25.16b + eor x11, x0, x11 + ushr v11.2d, v31.2d, #58 + eor x12, x12, x27 + ushr v7.2d, v10.2d, #61 + bic x0, x15, x14 + sli v11.2d, v31.2d, #6 + eor x14, x14, x28 + sli v7.2d, v10.2d, #3 + eor x13, x13, x0 + # Row Mix NEON + bic v25.16b, v2.16b, v1.16b + eor x15, x15, x30 + bic v26.16b, v3.16b, v2.16b + bic x0, x19, x17 + bic v27.16b, v4.16b, v3.16b + bic x27, x20, x19 + bic v28.16b, v0.16b, v4.16b + bic x28, x16, x21 + bic v29.16b, v1.16b, v0.16b + bic x30, x17, x16 + eor v0.16b, v0.16b, v25.16b + eor x16, x16, x0 + eor v1.16b, v1.16b, v26.16b + eor x17, x17, x27 + eor v2.16b, v2.16b, v27.16b + bic x0, x21, x20 + eor v3.16b, v3.16b, v28.16b + eor x20, x20, x28 + eor v4.16b, v4.16b, v29.16b + eor x19, x19, x0 + bic v25.16b, v7.16b, v6.16b + eor x21, x21, x30 + bic v26.16b, v8.16b, v7.16b + bic x0, x24, x23 + bic v27.16b, v9.16b, v8.16b + bic x27, x25, x24 + bic v28.16b, v5.16b, v9.16b + bic x28, x22, x26 + bic v29.16b, v6.16b, v5.16b + bic x30, x23, x22 + eor v5.16b, v5.16b, v25.16b + eor x22, x22, x0 + eor v6.16b, v6.16b, v26.16b + eor x23, x23, x27 + eor v7.16b, v7.16b, v27.16b + bic x0, x26, x25 + eor v8.16b, v8.16b, v28.16b + eor x25, x25, x28 + eor v9.16b, v9.16b, v29.16b + eor x24, x24, x0 + bic v25.16b, v12.16b, v11.16b + eor x26, x26, x30 + bic v26.16b, v13.16b, v12.16b + bic v27.16b, v14.16b, v13.16b + bic v28.16b, v30.16b, v14.16b + bic v29.16b, v11.16b, v30.16b + eor v10.16b, v30.16b, v25.16b + eor v11.16b, v11.16b, v26.16b + eor v12.16b, v12.16b, v27.16b + eor v13.16b, v13.16b, v28.16b + eor v14.16b, v14.16b, v29.16b + bic v25.16b, v17.16b, v16.16b + bic v26.16b, v18.16b, v17.16b + bic v27.16b, v19.16b, v18.16b + bic v28.16b, v15.16b, v19.16b + bic v29.16b, v16.16b, v15.16b + eor v15.16b, v15.16b, v25.16b + eor v16.16b, v16.16b, v26.16b + eor v17.16b, v17.16b, v27.16b + eor v18.16b, v18.16b, v28.16b + eor v19.16b, v19.16b, v29.16b + bic v25.16b, v22.16b, v21.16b + bic v26.16b, v23.16b, v22.16b + bic v27.16b, v24.16b, v23.16b + bic v28.16b, v20.16b, v24.16b + bic v29.16b, v21.16b, v20.16b + eor v20.16b, v20.16b, v25.16b + eor v21.16b, v21.16b, v26.16b + eor v22.16b, v22.16b, v27.16b + eor v23.16b, v23.16b, v28.16b + eor v24.16b, v24.16b, v29.16b + # Done tranforming + ldp x27, x28, [x29, #48] + ldr x0, [x27], #8 + subs x28, x28, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x1, x1, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_transform_blocksx3_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x1, x2, [x0] + stp x3, x4, [x0, #16] + stp x5, x6, [x0, #32] + stp x7, x8, [x0, #48] + stp x9, x10, [x0, #64] + stp x11, x12, [x0, #80] + stp x13, x14, [x0, #96] + stp x15, x16, [x0, #112] + stp x17, x19, [x0, #128] + stp x20, x21, [x0, #144] + stp x22, x23, [x0, #160] + stp x24, x25, [x0, #176] + str x26, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_shake128_blocksx3_seed_neon +.type kyber_shake128_blocksx3_seed_neon,@function +.align 2 +kyber_shake128_blocksx3_seed_neon: +#else +.section __TEXT,__text +.globl _kyber_shake128_blocksx3_seed_neon +.p2align 2 +_kyber_shake128_blocksx3_seed_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x28, L_sha3_aarch64_r + add x28, x28, :lo12:L_sha3_aarch64_r +#else + adrp x28, L_sha3_aarch64_r@PAGE + add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + add x0, x0, #32 + ld1 {v4.d}[0], [x0] + ldp x2, x3, [x1], #16 + add x0, x0, #0xc8 + ld1 {v4.d}[1], [x0] + ldp x4, x5, [x1], #16 + ldr x6, [x0, #200] + eor v5.16b, v5.16b, v5.16b + eor x7, x7, x7 + eor v6.16b, v6.16b, v6.16b + eor x8, x8, x8 + eor v7.16b, v7.16b, v7.16b + eor x9, x9, x9 + eor v8.16b, v8.16b, v8.16b + eor x10, x10, x10 + eor v9.16b, v9.16b, v9.16b + eor x11, x11, x11 + eor v10.16b, v10.16b, v10.16b + eor x12, x12, x12 + eor v11.16b, v11.16b, v11.16b + eor x13, x13, x13 + eor v12.16b, v12.16b, v12.16b + eor x14, x14, x14 + eor v13.16b, v13.16b, v13.16b + eor x15, x15, x15 + eor v14.16b, v14.16b, v14.16b + eor x16, x16, x16 + eor v15.16b, v15.16b, v15.16b + eor x17, x17, x17 + eor v16.16b, v16.16b, v16.16b + eor x19, x19, x19 + eor v17.16b, v17.16b, v17.16b + eor x20, x20, x20 + eor v18.16b, v18.16b, v18.16b + eor x21, x21, x21 + eor v19.16b, v19.16b, v19.16b + eor x22, x22, x22 + movz x23, #0x8000, lsl 48 + eor v21.16b, v21.16b, v21.16b + eor x24, x24, x24 + eor v22.16b, v22.16b, v22.16b + eor x25, x25, x25 + eor v23.16b, v23.16b, v23.16b + eor x26, x26, x26 + eor v24.16b, v24.16b, v24.16b + eor x27, x27, x27 + dup v0.2d, x2 + dup v1.2d, x3 + dup v2.2d, x4 + dup v3.2d, x5 + dup v20.2d, x23 + mov x1, #24 + # Start of 24 rounds +L_SHA3_shake128_blocksx3_seed_neon_begin: + stp x28, x1, [x29, #48] + # Col Mix NEON + eor v30.16b, v4.16b, v9.16b + eor x0, x6, x11 + eor v27.16b, v1.16b, v6.16b + eor x30, x2, x7 + eor v30.16b, v30.16b, v14.16b + eor x28, x4, x9 + eor v27.16b, v27.16b, v11.16b + eor x0, x0, x16 + eor v30.16b, v30.16b, v19.16b + eor x30, x30, x12 + eor v27.16b, v27.16b, v16.16b + eor x28, x28, x14 + eor v30.16b, v30.16b, v24.16b + eor x0, x0, x22 + eor v27.16b, v27.16b, v21.16b + eor x30, x30, x17 + ushr v25.2d, v27.2d, #63 + eor x28, x28, x20 + sli v25.2d, v27.2d, #1 + eor x0, x0, x27 + eor v25.16b, v25.16b, v30.16b + eor x30, x30, x23 + eor v31.16b, v0.16b, v5.16b + eor x28, x28, x25 + eor v28.16b, v2.16b, v7.16b + str x0, [x29, #32] + eor v31.16b, v31.16b, v10.16b + str x28, [x29, #24] + eor v28.16b, v28.16b, v12.16b + eor x1, x3, x8 + eor v31.16b, v31.16b, v15.16b + eor x28, x5, x10 + eor v28.16b, v28.16b, v17.16b + eor x1, x1, x13 + eor v31.16b, v31.16b, v20.16b + eor x28, x28, x15 + eor v28.16b, v28.16b, v22.16b + eor x1, x1, x19 + ushr v29.2d, v30.2d, #63 + eor x28, x28, x21 + ushr v26.2d, v28.2d, #63 + eor x1, x1, x24 + sli v29.2d, v30.2d, #1 + eor x28, x28, x26 + sli v26.2d, v28.2d, #1 + eor x0, x0, x1, ror 63 + eor v28.16b, v28.16b, v29.16b + eor x1, x1, x28, ror 63 + eor v29.16b, v3.16b, v8.16b + eor x2, x2, x0 + eor v26.16b, v26.16b, v31.16b + eor x7, x7, x0 + eor v29.16b, v29.16b, v13.16b + eor x12, x12, x0 + eor v29.16b, v29.16b, v18.16b + eor x17, x17, x0 + eor v29.16b, v29.16b, v23.16b + eor x23, x23, x0 + ushr v30.2d, v29.2d, #63 + eor x4, x4, x1 + sli v30.2d, v29.2d, #1 + eor x9, x9, x1 + eor v27.16b, v27.16b, v30.16b + eor x14, x14, x1 + ushr v30.2d, v31.2d, #63 + eor x20, x20, x1 + sli v30.2d, v31.2d, #1 + eor x25, x25, x1 + eor v29.16b, v29.16b, v30.16b + ldr x0, [x29, #32] + # Swap Rotate NEON + eor v0.16b, v0.16b, v25.16b + eor v31.16b, v1.16b, v26.16b + ldr x1, [x29, #24] + eor v6.16b, v6.16b, v26.16b + eor x28, x28, x30, ror 63 + ushr v30.2d, v31.2d, #63 + eor x30, x30, x1, ror 63 + ushr v1.2d, v6.2d, #20 + eor x1, x1, x0, ror 63 + sli v30.2d, v31.2d, #1 + eor x6, x6, x28 + sli v1.2d, v6.2d, #44 + eor x11, x11, x28 + eor v31.16b, v9.16b, v29.16b + eor x16, x16, x28 + eor v22.16b, v22.16b, v27.16b + eor x22, x22, x28 + ushr v6.2d, v31.2d, #44 + eor x27, x27, x28 + ushr v9.2d, v22.2d, #3 + eor x3, x3, x30 + sli v6.2d, v31.2d, #20 + eor x8, x8, x30 + sli v9.2d, v22.2d, #61 + eor x13, x13, x30 + eor v31.16b, v14.16b, v29.16b + eor x19, x19, x30 + eor v20.16b, v20.16b, v25.16b + eor x24, x24, x30 + ushr v22.2d, v31.2d, #25 + eor x5, x5, x1 + ushr v14.2d, v20.2d, #46 + eor x10, x10, x1 + sli v22.2d, v31.2d, #39 + eor x15, x15, x1 + sli v14.2d, v20.2d, #18 + eor x21, x21, x1 + eor v31.16b, v2.16b, v27.16b + eor x26, x26, x1 + # Swap Rotate Base + eor v12.16b, v12.16b, v27.16b + ror x0, x3, #63 + ushr v20.2d, v31.2d, #2 + ror x3, x8, #20 + ushr v2.2d, v12.2d, #21 + ror x8, x11, #44 + sli v20.2d, v31.2d, #62 + ror x11, x25, #3 + sli v2.2d, v12.2d, #43 + ror x25, x16, #25 + eor v31.16b, v13.16b, v28.16b + ror x16, x23, #46 + eor v19.16b, v19.16b, v29.16b + ror x23, x4, #2 + ushr v12.2d, v31.2d, #39 + ror x4, x14, #21 + ushr v13.2d, v19.2d, #56 + ror x14, x15, #39 + sli v12.2d, v31.2d, #25 + ror x15, x22, #56 + sli v13.2d, v19.2d, #8 + ror x22, x26, #8 + eor v31.16b, v23.16b, v28.16b + ror x26, x17, #23 + eor v15.16b, v15.16b, v25.16b + ror x17, x6, #37 + ushr v19.2d, v31.2d, #8 + ror x6, x27, #50 + ushr v23.2d, v15.2d, #23 + ror x27, x24, #62 + sli v19.2d, v31.2d, #56 + ror x24, x10, #9 + sli v23.2d, v15.2d, #41 + ror x10, x19, #19 + eor v31.16b, v4.16b, v29.16b + ror x19, x7, #28 + eor v24.16b, v24.16b, v29.16b + ror x7, x5, #36 + ushr v15.2d, v31.2d, #37 + ror x5, x21, #43 + ushr v4.2d, v24.2d, #50 + ror x21, x20, #49 + sli v15.2d, v31.2d, #27 + ror x20, x13, #54 + sli v4.2d, v24.2d, #14 + ror x13, x9, #58 + eor v31.16b, v21.16b, v26.16b + ror x9, x12, #61 + # Row Mix Base + eor v8.16b, v8.16b, v28.16b + bic x12, x4, x3 + ushr v24.2d, v31.2d, #62 + bic x1, x5, x4 + ushr v21.2d, v8.2d, #9 + bic x28, x2, x6 + sli v24.2d, v31.2d, #2 + bic x30, x3, x2 + sli v21.2d, v8.2d, #55 + eor x2, x2, x12 + eor v31.16b, v16.16b, v26.16b + eor x3, x3, x1 + eor v5.16b, v5.16b, v25.16b + bic x12, x6, x5 + ushr v8.2d, v31.2d, #19 + eor x5, x5, x28 + ushr v16.2d, v5.2d, #28 + eor x4, x4, x12 + sli v8.2d, v31.2d, #45 + eor x6, x6, x30 + sli v16.2d, v5.2d, #36 + bic x12, x9, x8 + eor v31.16b, v3.16b, v28.16b + bic x1, x10, x9 + eor v18.16b, v18.16b, v28.16b + bic x28, x7, x11 + ushr v5.2d, v31.2d, #36 + bic x30, x8, x7 + ushr v3.2d, v18.2d, #43 + eor x7, x7, x12 + sli v5.2d, v31.2d, #28 + eor x8, x8, x1 + sli v3.2d, v18.2d, #21 + bic x12, x11, x10 + eor v31.16b, v17.16b, v27.16b + eor x10, x10, x28 + eor v11.16b, v11.16b, v26.16b + eor x9, x9, x12 + ushr v18.2d, v31.2d, #49 + eor x11, x11, x30 + ushr v17.2d, v11.2d, #54 + bic x12, x14, x13 + sli v18.2d, v31.2d, #15 + bic x1, x15, x14 + sli v17.2d, v11.2d, #10 + bic x28, x0, x16 + eor v31.16b, v7.16b, v27.16b + bic x30, x13, x0 + eor v10.16b, v10.16b, v25.16b + eor x12, x0, x12 + ushr v11.2d, v31.2d, #58 + eor x13, x13, x1 + ushr v7.2d, v10.2d, #61 + bic x0, x16, x15 + sli v11.2d, v31.2d, #6 + eor x15, x15, x28 + sli v7.2d, v10.2d, #3 + eor x14, x14, x0 + # Row Mix NEON + bic v25.16b, v2.16b, v1.16b + eor x16, x16, x30 + bic v26.16b, v3.16b, v2.16b + bic x0, x20, x19 + bic v27.16b, v4.16b, v3.16b + bic x1, x21, x20 + bic v28.16b, v0.16b, v4.16b + bic x28, x17, x22 + bic v29.16b, v1.16b, v0.16b + bic x30, x19, x17 + eor v0.16b, v0.16b, v25.16b + eor x17, x17, x0 + eor v1.16b, v1.16b, v26.16b + eor x19, x19, x1 + eor v2.16b, v2.16b, v27.16b + bic x0, x22, x21 + eor v3.16b, v3.16b, v28.16b + eor x21, x21, x28 + eor v4.16b, v4.16b, v29.16b + eor x20, x20, x0 + bic v25.16b, v7.16b, v6.16b + eor x22, x22, x30 + bic v26.16b, v8.16b, v7.16b + bic x0, x25, x24 + bic v27.16b, v9.16b, v8.16b + bic x1, x26, x25 + bic v28.16b, v5.16b, v9.16b + bic x28, x23, x27 + bic v29.16b, v6.16b, v5.16b + bic x30, x24, x23 + eor v5.16b, v5.16b, v25.16b + eor x23, x23, x0 + eor v6.16b, v6.16b, v26.16b + eor x24, x24, x1 + eor v7.16b, v7.16b, v27.16b + bic x0, x27, x26 + eor v8.16b, v8.16b, v28.16b + eor x26, x26, x28 + eor v9.16b, v9.16b, v29.16b + eor x25, x25, x0 + bic v25.16b, v12.16b, v11.16b + eor x27, x27, x30 + bic v26.16b, v13.16b, v12.16b + bic v27.16b, v14.16b, v13.16b + bic v28.16b, v30.16b, v14.16b + bic v29.16b, v11.16b, v30.16b + eor v10.16b, v30.16b, v25.16b + eor v11.16b, v11.16b, v26.16b + eor v12.16b, v12.16b, v27.16b + eor v13.16b, v13.16b, v28.16b + eor v14.16b, v14.16b, v29.16b + bic v25.16b, v17.16b, v16.16b + bic v26.16b, v18.16b, v17.16b + bic v27.16b, v19.16b, v18.16b + bic v28.16b, v15.16b, v19.16b + bic v29.16b, v16.16b, v15.16b + eor v15.16b, v15.16b, v25.16b + eor v16.16b, v16.16b, v26.16b + eor v17.16b, v17.16b, v27.16b + eor v18.16b, v18.16b, v28.16b + eor v19.16b, v19.16b, v29.16b + bic v25.16b, v22.16b, v21.16b + bic v26.16b, v23.16b, v22.16b + bic v27.16b, v24.16b, v23.16b + bic v28.16b, v20.16b, v24.16b + bic v29.16b, v21.16b, v20.16b + eor v20.16b, v20.16b, v25.16b + eor v21.16b, v21.16b, v26.16b + eor v22.16b, v22.16b, v27.16b + eor v23.16b, v23.16b, v28.16b + eor v24.16b, v24.16b, v29.16b + # Done tranforming + ldp x28, x1, [x29, #48] + ldr x0, [x28], #8 + subs x1, x1, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x2, x2, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_shake128_blocksx3_seed_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x2, x3, [x0] + stp x4, x5, [x0, #16] + stp x6, x7, [x0, #32] + stp x8, x9, [x0, #48] + stp x10, x11, [x0, #64] + stp x12, x13, [x0, #80] + stp x14, x15, [x0, #96] + stp x16, x17, [x0, #112] + stp x19, x20, [x0, #128] + stp x21, x22, [x0, #144] + stp x23, x24, [x0, #160] + stp x25, x26, [x0, #176] + str x27, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl kyber_shake256_blocksx3_seed_neon +.type kyber_shake256_blocksx3_seed_neon,@function +.align 2 +kyber_shake256_blocksx3_seed_neon: +#else +.section __TEXT,__text +.globl _kyber_shake256_blocksx3_seed_neon +.p2align 2 +_kyber_shake256_blocksx3_seed_neon: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-224]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] + stp d8, d9, [x29, #160] + stp d10, d11, [x29, #176] + stp d12, d13, [x29, #192] + stp d14, d15, [x29, #208] +#ifndef __APPLE__ + adrp x28, L_sha3_aarch64_r + add x28, x28, :lo12:L_sha3_aarch64_r +#else + adrp x28, L_sha3_aarch64_r@PAGE + add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF +#endif /* __APPLE__ */ + str x0, [x29, #40] + add x0, x0, #32 + ld1 {v4.d}[0], [x0] + ldp x2, x3, [x1], #16 + add x0, x0, #0xc8 + ld1 {v4.d}[1], [x0] + ldp x4, x5, [x1], #16 + ldr x6, [x0, #200] + eor v5.16b, v5.16b, v5.16b + eor x7, x7, x7 + eor v6.16b, v6.16b, v6.16b + eor x8, x8, x8 + eor v7.16b, v7.16b, v7.16b + eor x9, x9, x9 + eor v8.16b, v8.16b, v8.16b + eor x10, x10, x10 + eor v9.16b, v9.16b, v9.16b + eor x11, x11, x11 + eor v10.16b, v10.16b, v10.16b + eor x12, x12, x12 + eor v11.16b, v11.16b, v11.16b + eor x13, x13, x13 + eor v12.16b, v12.16b, v12.16b + eor x14, x14, x14 + eor v13.16b, v13.16b, v13.16b + eor x15, x15, x15 + eor v14.16b, v14.16b, v14.16b + eor x16, x16, x16 + eor v15.16b, v15.16b, v15.16b + eor x17, x17, x17 + movz x19, #0x8000, lsl 48 + eor v17.16b, v17.16b, v17.16b + eor x20, x20, x20 + eor v18.16b, v18.16b, v18.16b + eor x21, x21, x21 + eor v19.16b, v19.16b, v19.16b + eor x22, x22, x22 + eor v20.16b, v20.16b, v20.16b + eor x23, x23, x23 + eor v21.16b, v21.16b, v21.16b + eor x24, x24, x24 + eor v22.16b, v22.16b, v22.16b + eor x25, x25, x25 + eor v23.16b, v23.16b, v23.16b + eor x26, x26, x26 + eor v24.16b, v24.16b, v24.16b + eor x27, x27, x27 + dup v0.2d, x2 + dup v1.2d, x3 + dup v2.2d, x4 + dup v3.2d, x5 + dup v16.2d, x19 + mov x1, #24 + # Start of 24 rounds +L_SHA3_shake256_blocksx3_seed_neon_begin: + stp x28, x1, [x29, #48] + # Col Mix NEON + eor v30.16b, v4.16b, v9.16b + eor x0, x6, x11 + eor v27.16b, v1.16b, v6.16b + eor x30, x2, x7 + eor v30.16b, v30.16b, v14.16b + eor x28, x4, x9 + eor v27.16b, v27.16b, v11.16b + eor x0, x0, x16 + eor v30.16b, v30.16b, v19.16b + eor x30, x30, x12 + eor v27.16b, v27.16b, v16.16b + eor x28, x28, x14 + eor v30.16b, v30.16b, v24.16b + eor x0, x0, x22 + eor v27.16b, v27.16b, v21.16b + eor x30, x30, x17 + ushr v25.2d, v27.2d, #63 + eor x28, x28, x20 + sli v25.2d, v27.2d, #1 + eor x0, x0, x27 + eor v25.16b, v25.16b, v30.16b + eor x30, x30, x23 + eor v31.16b, v0.16b, v5.16b + eor x28, x28, x25 + eor v28.16b, v2.16b, v7.16b + str x0, [x29, #32] + eor v31.16b, v31.16b, v10.16b + str x28, [x29, #24] + eor v28.16b, v28.16b, v12.16b + eor x1, x3, x8 + eor v31.16b, v31.16b, v15.16b + eor x28, x5, x10 + eor v28.16b, v28.16b, v17.16b + eor x1, x1, x13 + eor v31.16b, v31.16b, v20.16b + eor x28, x28, x15 + eor v28.16b, v28.16b, v22.16b + eor x1, x1, x19 + ushr v29.2d, v30.2d, #63 + eor x28, x28, x21 + ushr v26.2d, v28.2d, #63 + eor x1, x1, x24 + sli v29.2d, v30.2d, #1 + eor x28, x28, x26 + sli v26.2d, v28.2d, #1 + eor x0, x0, x1, ror 63 + eor v28.16b, v28.16b, v29.16b + eor x1, x1, x28, ror 63 + eor v29.16b, v3.16b, v8.16b + eor x2, x2, x0 + eor v26.16b, v26.16b, v31.16b + eor x7, x7, x0 + eor v29.16b, v29.16b, v13.16b + eor x12, x12, x0 + eor v29.16b, v29.16b, v18.16b + eor x17, x17, x0 + eor v29.16b, v29.16b, v23.16b + eor x23, x23, x0 + ushr v30.2d, v29.2d, #63 + eor x4, x4, x1 + sli v30.2d, v29.2d, #1 + eor x9, x9, x1 + eor v27.16b, v27.16b, v30.16b + eor x14, x14, x1 + ushr v30.2d, v31.2d, #63 + eor x20, x20, x1 + sli v30.2d, v31.2d, #1 + eor x25, x25, x1 + eor v29.16b, v29.16b, v30.16b + ldr x0, [x29, #32] + # Swap Rotate NEON + eor v0.16b, v0.16b, v25.16b + eor v31.16b, v1.16b, v26.16b + ldr x1, [x29, #24] + eor v6.16b, v6.16b, v26.16b + eor x28, x28, x30, ror 63 + ushr v30.2d, v31.2d, #63 + eor x30, x30, x1, ror 63 + ushr v1.2d, v6.2d, #20 + eor x1, x1, x0, ror 63 + sli v30.2d, v31.2d, #1 + eor x6, x6, x28 + sli v1.2d, v6.2d, #44 + eor x11, x11, x28 + eor v31.16b, v9.16b, v29.16b + eor x16, x16, x28 + eor v22.16b, v22.16b, v27.16b + eor x22, x22, x28 + ushr v6.2d, v31.2d, #44 + eor x27, x27, x28 + ushr v9.2d, v22.2d, #3 + eor x3, x3, x30 + sli v6.2d, v31.2d, #20 + eor x8, x8, x30 + sli v9.2d, v22.2d, #61 + eor x13, x13, x30 + eor v31.16b, v14.16b, v29.16b + eor x19, x19, x30 + eor v20.16b, v20.16b, v25.16b + eor x24, x24, x30 + ushr v22.2d, v31.2d, #25 + eor x5, x5, x1 + ushr v14.2d, v20.2d, #46 + eor x10, x10, x1 + sli v22.2d, v31.2d, #39 + eor x15, x15, x1 + sli v14.2d, v20.2d, #18 + eor x21, x21, x1 + eor v31.16b, v2.16b, v27.16b + eor x26, x26, x1 + # Swap Rotate Base + eor v12.16b, v12.16b, v27.16b + ror x0, x3, #63 + ushr v20.2d, v31.2d, #2 + ror x3, x8, #20 + ushr v2.2d, v12.2d, #21 + ror x8, x11, #44 + sli v20.2d, v31.2d, #62 + ror x11, x25, #3 + sli v2.2d, v12.2d, #43 + ror x25, x16, #25 + eor v31.16b, v13.16b, v28.16b + ror x16, x23, #46 + eor v19.16b, v19.16b, v29.16b + ror x23, x4, #2 + ushr v12.2d, v31.2d, #39 + ror x4, x14, #21 + ushr v13.2d, v19.2d, #56 + ror x14, x15, #39 + sli v12.2d, v31.2d, #25 + ror x15, x22, #56 + sli v13.2d, v19.2d, #8 + ror x22, x26, #8 + eor v31.16b, v23.16b, v28.16b + ror x26, x17, #23 + eor v15.16b, v15.16b, v25.16b + ror x17, x6, #37 + ushr v19.2d, v31.2d, #8 + ror x6, x27, #50 + ushr v23.2d, v15.2d, #23 + ror x27, x24, #62 + sli v19.2d, v31.2d, #56 + ror x24, x10, #9 + sli v23.2d, v15.2d, #41 + ror x10, x19, #19 + eor v31.16b, v4.16b, v29.16b + ror x19, x7, #28 + eor v24.16b, v24.16b, v29.16b + ror x7, x5, #36 + ushr v15.2d, v31.2d, #37 + ror x5, x21, #43 + ushr v4.2d, v24.2d, #50 + ror x21, x20, #49 + sli v15.2d, v31.2d, #27 + ror x20, x13, #54 + sli v4.2d, v24.2d, #14 + ror x13, x9, #58 + eor v31.16b, v21.16b, v26.16b + ror x9, x12, #61 + # Row Mix Base + eor v8.16b, v8.16b, v28.16b + bic x12, x4, x3 + ushr v24.2d, v31.2d, #62 + bic x1, x5, x4 + ushr v21.2d, v8.2d, #9 + bic x28, x2, x6 + sli v24.2d, v31.2d, #2 + bic x30, x3, x2 + sli v21.2d, v8.2d, #55 + eor x2, x2, x12 + eor v31.16b, v16.16b, v26.16b + eor x3, x3, x1 + eor v5.16b, v5.16b, v25.16b + bic x12, x6, x5 + ushr v8.2d, v31.2d, #19 + eor x5, x5, x28 + ushr v16.2d, v5.2d, #28 + eor x4, x4, x12 + sli v8.2d, v31.2d, #45 + eor x6, x6, x30 + sli v16.2d, v5.2d, #36 + bic x12, x9, x8 + eor v31.16b, v3.16b, v28.16b + bic x1, x10, x9 + eor v18.16b, v18.16b, v28.16b + bic x28, x7, x11 + ushr v5.2d, v31.2d, #36 + bic x30, x8, x7 + ushr v3.2d, v18.2d, #43 + eor x7, x7, x12 + sli v5.2d, v31.2d, #28 + eor x8, x8, x1 + sli v3.2d, v18.2d, #21 + bic x12, x11, x10 + eor v31.16b, v17.16b, v27.16b + eor x10, x10, x28 + eor v11.16b, v11.16b, v26.16b + eor x9, x9, x12 + ushr v18.2d, v31.2d, #49 + eor x11, x11, x30 + ushr v17.2d, v11.2d, #54 + bic x12, x14, x13 + sli v18.2d, v31.2d, #15 + bic x1, x15, x14 + sli v17.2d, v11.2d, #10 + bic x28, x0, x16 + eor v31.16b, v7.16b, v27.16b + bic x30, x13, x0 + eor v10.16b, v10.16b, v25.16b + eor x12, x0, x12 + ushr v11.2d, v31.2d, #58 + eor x13, x13, x1 + ushr v7.2d, v10.2d, #61 + bic x0, x16, x15 + sli v11.2d, v31.2d, #6 + eor x15, x15, x28 + sli v7.2d, v10.2d, #3 + eor x14, x14, x0 + # Row Mix NEON + bic v25.16b, v2.16b, v1.16b + eor x16, x16, x30 + bic v26.16b, v3.16b, v2.16b + bic x0, x20, x19 + bic v27.16b, v4.16b, v3.16b + bic x1, x21, x20 + bic v28.16b, v0.16b, v4.16b + bic x28, x17, x22 + bic v29.16b, v1.16b, v0.16b + bic x30, x19, x17 + eor v0.16b, v0.16b, v25.16b + eor x17, x17, x0 + eor v1.16b, v1.16b, v26.16b + eor x19, x19, x1 + eor v2.16b, v2.16b, v27.16b + bic x0, x22, x21 + eor v3.16b, v3.16b, v28.16b + eor x21, x21, x28 + eor v4.16b, v4.16b, v29.16b + eor x20, x20, x0 + bic v25.16b, v7.16b, v6.16b + eor x22, x22, x30 + bic v26.16b, v8.16b, v7.16b + bic x0, x25, x24 + bic v27.16b, v9.16b, v8.16b + bic x1, x26, x25 + bic v28.16b, v5.16b, v9.16b + bic x28, x23, x27 + bic v29.16b, v6.16b, v5.16b + bic x30, x24, x23 + eor v5.16b, v5.16b, v25.16b + eor x23, x23, x0 + eor v6.16b, v6.16b, v26.16b + eor x24, x24, x1 + eor v7.16b, v7.16b, v27.16b + bic x0, x27, x26 + eor v8.16b, v8.16b, v28.16b + eor x26, x26, x28 + eor v9.16b, v9.16b, v29.16b + eor x25, x25, x0 + bic v25.16b, v12.16b, v11.16b + eor x27, x27, x30 + bic v26.16b, v13.16b, v12.16b + bic v27.16b, v14.16b, v13.16b + bic v28.16b, v30.16b, v14.16b + bic v29.16b, v11.16b, v30.16b + eor v10.16b, v30.16b, v25.16b + eor v11.16b, v11.16b, v26.16b + eor v12.16b, v12.16b, v27.16b + eor v13.16b, v13.16b, v28.16b + eor v14.16b, v14.16b, v29.16b + bic v25.16b, v17.16b, v16.16b + bic v26.16b, v18.16b, v17.16b + bic v27.16b, v19.16b, v18.16b + bic v28.16b, v15.16b, v19.16b + bic v29.16b, v16.16b, v15.16b + eor v15.16b, v15.16b, v25.16b + eor v16.16b, v16.16b, v26.16b + eor v17.16b, v17.16b, v27.16b + eor v18.16b, v18.16b, v28.16b + eor v19.16b, v19.16b, v29.16b + bic v25.16b, v22.16b, v21.16b + bic v26.16b, v23.16b, v22.16b + bic v27.16b, v24.16b, v23.16b + bic v28.16b, v20.16b, v24.16b + bic v29.16b, v21.16b, v20.16b + eor v20.16b, v20.16b, v25.16b + eor v21.16b, v21.16b, v26.16b + eor v22.16b, v22.16b, v27.16b + eor v23.16b, v23.16b, v28.16b + eor v24.16b, v24.16b, v29.16b + # Done tranforming + ldp x28, x1, [x29, #48] + ldr x0, [x28], #8 + subs x1, x1, #1 + mov v30.d[0], x0 + mov v30.d[1], x0 + eor x2, x2, x0 + eor v0.16b, v0.16b, v30.16b + bne L_SHA3_shake256_blocksx3_seed_neon_begin + ldr x0, [x29, #40] + st4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[0], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[0], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[0], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[0], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[0], [x0], #32 + st1 {v24.d}[0], [x0] + add x0, x0, #8 + st4 {v0.d, v1.d, v2.d, v3.d}[1], [x0], #32 + st4 {v4.d, v5.d, v6.d, v7.d}[1], [x0], #32 + st4 {v8.d, v9.d, v10.d, v11.d}[1], [x0], #32 + st4 {v12.d, v13.d, v14.d, v15.d}[1], [x0], #32 + st4 {v16.d, v17.d, v18.d, v19.d}[1], [x0], #32 + st4 {v20.d, v21.d, v22.d, v23.d}[1], [x0], #32 + st1 {v24.d}[1], [x0] + add x0, x0, #8 + stp x2, x3, [x0] + stp x4, x5, [x0, #16] + stp x6, x7, [x0, #32] + stp x8, x9, [x0, #48] + stp x10, x11, [x0, #64] + stp x12, x13, [x0, #80] + stp x14, x15, [x0, #96] + stp x16, x17, [x0, #112] + stp x19, x20, [x0, #128] + stp x21, x22, [x0, #144] + stp x23, x24, [x0, #160] + stp x25, x26, [x0, #176] + str x27, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp d8, d9, [x29, #160] + ldp d10, d11, [x29, #176] + ldp d12, d13, [x29, #192] + ldp d14, d15, [x29, #208] + ldp x29, x30, [sp], #0xe0 + ret +#ifndef __APPLE__ + .size kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon +#endif /* __APPLE__ */ +#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */ +#endif /* WOLFSSL_WC_KYBER */ +#endif /* __aarch64__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c new file mode 100644 index 000000000..09f123b4c --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c @@ -0,0 +1,14303 @@ +/* armv8-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.c + */ +#ifdef WOLFSSL_ARMASM +#ifdef __aarch64__ +#ifdef WOLFSSL_ARMASM_INLINE +static const uint16_t L_kyber_aarch64_q[] = { + 0xd01, + 0xd01, + 0xd01, + 0xd01, + 0xd01, + 0xd01, + 0xd01, + 0xd01, +}; + +static const uint16_t L_kyber_aarch64_consts[] = { + 0xd01, + 0xf301, + 0x4ebf, + 0x549, + 0x5049, + 0x0, + 0x0, + 0x0, +}; + +static const uint64_t L_sha3_aarch64_r[] = { + 0x1UL, + 0x8082UL, + 0x800000000000808aUL, + 0x8000000080008000UL, + 0x808bUL, + 0x80000001UL, + 0x8000000080008081UL, + 0x8000000000008009UL, + 0x8aUL, + 0x88UL, + 0x80008009UL, + 0x8000000aUL, + 0x8000808bUL, + 0x800000000000008bUL, + 0x8000000000008089UL, + 0x8000000000008003UL, + 0x8000000000008002UL, + 0x8000000000000080UL, + 0x800aUL, + 0x800000008000000aUL, + 0x8000000080008081UL, + 0x8000000000008080UL, + 0x80000001UL, + 0x8000000080008008UL, +}; + +#include + +#ifdef WOLFSSL_WC_KYBER +static const uint16_t L_kyber_aarch64_zetas[] = { + 0x8ed, + 0xa0b, + 0xb9a, + 0x714, + 0x5d5, + 0x58e, + 0x11f, + 0xca, + 0xc56, + 0x26e, + 0x629, + 0xb6, + 0x3c2, + 0x84f, + 0x73f, + 0x5bc, + 0x23d, + 0x7d4, + 0x108, + 0x17f, + 0x9c4, + 0x5b2, + 0x6bf, + 0xc7f, + 0xa58, + 0x3f9, + 0x2dc, + 0x260, + 0x6fb, + 0x19b, + 0xc34, + 0x6de, + 0x4c7, + 0x4c7, + 0x4c7, + 0x4c7, + 0x28c, + 0x28c, + 0x28c, + 0x28c, + 0xad9, + 0xad9, + 0xad9, + 0xad9, + 0x3f7, + 0x3f7, + 0x3f7, + 0x3f7, + 0x7f4, + 0x7f4, + 0x7f4, + 0x7f4, + 0x5d3, + 0x5d3, + 0x5d3, + 0x5d3, + 0xbe7, + 0xbe7, + 0xbe7, + 0xbe7, + 0x6f9, + 0x6f9, + 0x6f9, + 0x6f9, + 0x204, + 0x204, + 0x204, + 0x204, + 0xcf9, + 0xcf9, + 0xcf9, + 0xcf9, + 0xbc1, + 0xbc1, + 0xbc1, + 0xbc1, + 0xa67, + 0xa67, + 0xa67, + 0xa67, + 0x6af, + 0x6af, + 0x6af, + 0x6af, + 0x877, + 0x877, + 0x877, + 0x877, + 0x7e, + 0x7e, + 0x7e, + 0x7e, + 0x5bd, + 0x5bd, + 0x5bd, + 0x5bd, + 0x9ac, + 0x9ac, + 0x9ac, + 0x9ac, + 0xca7, + 0xca7, + 0xca7, + 0xca7, + 0xbf2, + 0xbf2, + 0xbf2, + 0xbf2, + 0x33e, + 0x33e, + 0x33e, + 0x33e, + 0x6b, + 0x6b, + 0x6b, + 0x6b, + 0x774, + 0x774, + 0x774, + 0x774, + 0xc0a, + 0xc0a, + 0xc0a, + 0xc0a, + 0x94a, + 0x94a, + 0x94a, + 0x94a, + 0xb73, + 0xb73, + 0xb73, + 0xb73, + 0x3c1, + 0x3c1, + 0x3c1, + 0x3c1, + 0x71d, + 0x71d, + 0x71d, + 0x71d, + 0xa2c, + 0xa2c, + 0xa2c, + 0xa2c, + 0x1c0, + 0x1c0, + 0x1c0, + 0x1c0, + 0x8d8, + 0x8d8, + 0x8d8, + 0x8d8, + 0x2a5, + 0x2a5, + 0x2a5, + 0x2a5, + 0x806, + 0x806, + 0x806, + 0x806, + 0x8b2, + 0x8b2, + 0x1ae, + 0x1ae, + 0x22b, + 0x22b, + 0x34b, + 0x34b, + 0x81e, + 0x81e, + 0x367, + 0x367, + 0x60e, + 0x60e, + 0x69, + 0x69, + 0x1a6, + 0x1a6, + 0x24b, + 0x24b, + 0xb1, + 0xb1, + 0xc16, + 0xc16, + 0xbde, + 0xbde, + 0xb35, + 0xb35, + 0x626, + 0x626, + 0x675, + 0x675, + 0xc0b, + 0xc0b, + 0x30a, + 0x30a, + 0x487, + 0x487, + 0xc6e, + 0xc6e, + 0x9f8, + 0x9f8, + 0x5cb, + 0x5cb, + 0xaa7, + 0xaa7, + 0x45f, + 0x45f, + 0x6cb, + 0x6cb, + 0x284, + 0x284, + 0x999, + 0x999, + 0x15d, + 0x15d, + 0x1a2, + 0x1a2, + 0x149, + 0x149, + 0xc65, + 0xc65, + 0xcb6, + 0xcb6, + 0x331, + 0x331, + 0x449, + 0x449, + 0x25b, + 0x25b, + 0x262, + 0x262, + 0x52a, + 0x52a, + 0x7fc, + 0x7fc, + 0x748, + 0x748, + 0x180, + 0x180, + 0x842, + 0x842, + 0xc79, + 0xc79, + 0x4c2, + 0x4c2, + 0x7ca, + 0x7ca, + 0x997, + 0x997, + 0xdc, + 0xdc, + 0x85e, + 0x85e, + 0x686, + 0x686, + 0x860, + 0x860, + 0x707, + 0x707, + 0x803, + 0x803, + 0x31a, + 0x31a, + 0x71b, + 0x71b, + 0x9ab, + 0x9ab, + 0x99b, + 0x99b, + 0x1de, + 0x1de, + 0xc95, + 0xc95, + 0xbcd, + 0xbcd, + 0x3e4, + 0x3e4, + 0x3df, + 0x3df, + 0x3be, + 0x3be, + 0x74d, + 0x74d, + 0x5f2, + 0x5f2, + 0x65c, + 0x65c, +}; + +static const uint16_t L_kyber_aarch64_zetas_qinv[] = { + 0xffed, + 0x7b0b, + 0x399a, + 0x314, + 0x34d5, + 0xcf8e, + 0x6e1f, + 0xbeca, + 0xae56, + 0x6c6e, + 0xf129, + 0xc2b6, + 0x29c2, + 0x54f, + 0xd43f, + 0x79bc, + 0xe93d, + 0x43d4, + 0x9908, + 0x8e7f, + 0x15c4, + 0xfbb2, + 0x53bf, + 0x997f, + 0x9258, + 0x5ef9, + 0xd6dc, + 0x2260, + 0x47fb, + 0x229b, + 0x6834, + 0xc0de, + 0xe9c7, + 0xe9c7, + 0xe9c7, + 0xe9c7, + 0xe68c, + 0xe68c, + 0xe68c, + 0xe68c, + 0x5d9, + 0x5d9, + 0x5d9, + 0x5d9, + 0x78f7, + 0x78f7, + 0x78f7, + 0x78f7, + 0xa3f4, + 0xa3f4, + 0xa3f4, + 0xa3f4, + 0x4ed3, + 0x4ed3, + 0x4ed3, + 0x4ed3, + 0x50e7, + 0x50e7, + 0x50e7, + 0x50e7, + 0x61f9, + 0x61f9, + 0x61f9, + 0x61f9, + 0xce04, + 0xce04, + 0xce04, + 0xce04, + 0x67f9, + 0x67f9, + 0x67f9, + 0x67f9, + 0x3ec1, + 0x3ec1, + 0x3ec1, + 0x3ec1, + 0xcf67, + 0xcf67, + 0xcf67, + 0xcf67, + 0x23af, + 0x23af, + 0x23af, + 0x23af, + 0xfd77, + 0xfd77, + 0xfd77, + 0xfd77, + 0x9a7e, + 0x9a7e, + 0x9a7e, + 0x9a7e, + 0x6cbd, + 0x6cbd, + 0x6cbd, + 0x6cbd, + 0x4dac, + 0x4dac, + 0x4dac, + 0x4dac, + 0x91a7, + 0x91a7, + 0x91a7, + 0x91a7, + 0xc1f2, + 0xc1f2, + 0xc1f2, + 0xc1f2, + 0xdd3e, + 0xdd3e, + 0xdd3e, + 0xdd3e, + 0x916b, + 0x916b, + 0x916b, + 0x916b, + 0x2374, + 0x2374, + 0x2374, + 0x2374, + 0x8a0a, + 0x8a0a, + 0x8a0a, + 0x8a0a, + 0x474a, + 0x474a, + 0x474a, + 0x474a, + 0x3473, + 0x3473, + 0x3473, + 0x3473, + 0x36c1, + 0x36c1, + 0x36c1, + 0x36c1, + 0x8e1d, + 0x8e1d, + 0x8e1d, + 0x8e1d, + 0xce2c, + 0xce2c, + 0xce2c, + 0xce2c, + 0x41c0, + 0x41c0, + 0x41c0, + 0x41c0, + 0x10d8, + 0x10d8, + 0x10d8, + 0x10d8, + 0xa1a5, + 0xa1a5, + 0xa1a5, + 0xa1a5, + 0xba06, + 0xba06, + 0xba06, + 0xba06, + 0xfeb2, + 0xfeb2, + 0x2bae, + 0x2bae, + 0xd32b, + 0xd32b, + 0x344b, + 0x344b, + 0x821e, + 0x821e, + 0xc867, + 0xc867, + 0x500e, + 0x500e, + 0xab69, + 0xab69, + 0x93a6, + 0x93a6, + 0x334b, + 0x334b, + 0x3b1, + 0x3b1, + 0xee16, + 0xee16, + 0xc5de, + 0xc5de, + 0x5a35, + 0x5a35, + 0x1826, + 0x1826, + 0x1575, + 0x1575, + 0x7d0b, + 0x7d0b, + 0x810a, + 0x810a, + 0x2987, + 0x2987, + 0x766e, + 0x766e, + 0x71f8, + 0x71f8, + 0xb6cb, + 0xb6cb, + 0x8fa7, + 0x8fa7, + 0x315f, + 0x315f, + 0xb7cb, + 0xb7cb, + 0x4e84, + 0x4e84, + 0x4499, + 0x4499, + 0x485d, + 0x485d, + 0xc7a2, + 0xc7a2, + 0x4c49, + 0x4c49, + 0xeb65, + 0xeb65, + 0xceb6, + 0xceb6, + 0x8631, + 0x8631, + 0x4f49, + 0x4f49, + 0x635b, + 0x635b, + 0x862, + 0x862, + 0xe32a, + 0xe32a, + 0x3bfc, + 0x3bfc, + 0x5f48, + 0x5f48, + 0x8180, + 0x8180, + 0xae42, + 0xae42, + 0xe779, + 0xe779, + 0x2ac2, + 0x2ac2, + 0xc5ca, + 0xc5ca, + 0x5e97, + 0x5e97, + 0xd4dc, + 0xd4dc, + 0x425e, + 0x425e, + 0x3886, + 0x3886, + 0x2860, + 0x2860, + 0xac07, + 0xac07, + 0xe103, + 0xe103, + 0xb11a, + 0xb11a, + 0xa81b, + 0xa81b, + 0x5aab, + 0x5aab, + 0x2a9b, + 0x2a9b, + 0xbbde, + 0xbbde, + 0x7b95, + 0x7b95, + 0xa2cd, + 0xa2cd, + 0x6fe4, + 0x6fe4, + 0xb0df, + 0xb0df, + 0x5dbe, + 0x5dbe, + 0x1e4d, + 0x1e4d, + 0xbbf2, + 0xbbf2, + 0x5a5c, + 0x5a5c, +}; + +void kyber_ntt(sword16* r) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_zetas]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_zetas]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_zetas]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_zetas]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_zetas_qinv]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_zetas_qinv]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_zetas_qinv]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_zetas_qinv]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_consts]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "add x1, %x[r], #0x100\n\t" + "ldr q4, [x4]\n\t" + "ldr q5, [%x[r]]\n\t" + "ldr q6, [%x[r], #32]\n\t" + "ldr q7, [%x[r], #64]\n\t" + "ldr q8, [%x[r], #96]\n\t" + "ldr q9, [%x[r], #128]\n\t" + "ldr q10, [%x[r], #160]\n\t" + "ldr q11, [%x[r], #192]\n\t" + "ldr q12, [%x[r], #224]\n\t" + "ldr q13, [x1]\n\t" + "ldr q14, [x1, #32]\n\t" + "ldr q15, [x1, #64]\n\t" + "ldr q16, [x1, #96]\n\t" + "ldr q17, [x1, #128]\n\t" + "ldr q18, [x1, #160]\n\t" + "ldr q19, [x1, #192]\n\t" + "ldr q20, [x1, #224]\n\t" + "ldr q0, [x2]\n\t" + "ldr q1, [x3]\n\t" + "mul v29.8h, v13.8h, v1.h[1]\n\t" + "mul v30.8h, v14.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v13.8h, v0.h[1]\n\t" + "sqrdmulh v22.8h, v14.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v15.8h, v1.h[1]\n\t" + "mul v30.8h, v16.8h, v1.h[1]\n\t" + "sqrdmulh v23.8h, v15.8h, v0.h[1]\n\t" + "sqrdmulh v24.8h, v16.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v17.8h, v1.h[1]\n\t" + "mul v30.8h, v18.8h, v1.h[1]\n\t" + "sqrdmulh v25.8h, v17.8h, v0.h[1]\n\t" + "sqrdmulh v26.8h, v18.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[1]\n\t" + "mul v30.8h, v20.8h, v1.h[1]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[1]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v13.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v14.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v15.8h, v7.8h, v23.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "sub v16.8h, v8.8h, v24.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sub v17.8h, v9.8h, v25.8h\n\t" + "add v9.8h, v9.8h, v25.8h\n\t" + "sub v18.8h, v10.8h, v26.8h\n\t" + "add v10.8h, v10.8h, v26.8h\n\t" + "sub v19.8h, v11.8h, v27.8h\n\t" + "add v11.8h, v11.8h, v27.8h\n\t" + "sub v20.8h, v12.8h, v28.8h\n\t" + "add v12.8h, v12.8h, v28.8h\n\t" + "mul v29.8h, v9.8h, v1.h[2]\n\t" + "mul v30.8h, v10.8h, v1.h[2]\n\t" + "sqrdmulh v21.8h, v9.8h, v0.h[2]\n\t" + "sqrdmulh v22.8h, v10.8h, v0.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v11.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[2]\n\t" + "sqrdmulh v23.8h, v11.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v17.8h, v1.h[3]\n\t" + "mul v30.8h, v18.8h, v1.h[3]\n\t" + "sqrdmulh v25.8h, v17.8h, v0.h[3]\n\t" + "sqrdmulh v26.8h, v18.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[3]\n\t" + "mul v30.8h, v20.8h, v1.h[3]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[3]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v9.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v10.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v11.8h, v7.8h, v23.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "sub v12.8h, v8.8h, v24.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sub v17.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v18.8h, v14.8h, v26.8h\n\t" + "add v14.8h, v14.8h, v26.8h\n\t" + "sub v19.8h, v15.8h, v27.8h\n\t" + "add v15.8h, v15.8h, v27.8h\n\t" + "sub v20.8h, v16.8h, v28.8h\n\t" + "add v16.8h, v16.8h, v28.8h\n\t" + "mul v29.8h, v7.8h, v1.h[4]\n\t" + "mul v30.8h, v8.8h, v1.h[4]\n\t" + "sqrdmulh v21.8h, v7.8h, v0.h[4]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v11.8h, v1.h[5]\n\t" + "mul v30.8h, v12.8h, v1.h[5]\n\t" + "sqrdmulh v23.8h, v11.8h, v0.h[5]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v15.8h, v1.h[6]\n\t" + "mul v30.8h, v16.8h, v1.h[6]\n\t" + "sqrdmulh v25.8h, v15.8h, v0.h[6]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[7]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[7]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v7.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v11.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v10.8h, v24.8h\n\t" + "add v10.8h, v10.8h, v24.8h\n\t" + "sub v15.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v14.8h, v26.8h\n\t" + "add v14.8h, v14.8h, v26.8h\n\t" + "sub v19.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v18.8h, v28.8h\n\t" + "add v18.8h, v18.8h, v28.8h\n\t" + "ldr q0, [x2, #16]\n\t" + "ldr q1, [x3, #16]\n\t" + "mul v29.8h, v6.8h, v1.h[0]\n\t" + "mul v30.8h, v8.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v6.8h, v0.h[0]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v10.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[3]\n\t" + "sqrdmulh v23.8h, v10.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v14.8h, v1.h[4]\n\t" + "mul v30.8h, v16.8h, v1.h[5]\n\t" + "sqrdmulh v25.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v18.8h, v1.h[6]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v18.8h, v0.h[6]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "str q5, [%x[r]]\n\t" + "str q6, [%x[r], #32]\n\t" + "str q7, [%x[r], #64]\n\t" + "str q8, [%x[r], #96]\n\t" + "str q9, [%x[r], #128]\n\t" + "str q10, [%x[r], #160]\n\t" + "str q11, [%x[r], #192]\n\t" + "str q12, [%x[r], #224]\n\t" + "str q13, [x1]\n\t" + "str q14, [x1, #32]\n\t" + "str q15, [x1, #64]\n\t" + "str q16, [x1, #96]\n\t" + "str q17, [x1, #128]\n\t" + "str q18, [x1, #160]\n\t" + "str q19, [x1, #192]\n\t" + "str q20, [x1, #224]\n\t" + "ldr q5, [%x[r], #16]\n\t" + "ldr q6, [%x[r], #48]\n\t" + "ldr q7, [%x[r], #80]\n\t" + "ldr q8, [%x[r], #112]\n\t" + "ldr q9, [%x[r], #144]\n\t" + "ldr q10, [%x[r], #176]\n\t" + "ldr q11, [%x[r], #208]\n\t" + "ldr q12, [%x[r], #240]\n\t" + "ldr q13, [x1, #16]\n\t" + "ldr q14, [x1, #48]\n\t" + "ldr q15, [x1, #80]\n\t" + "ldr q16, [x1, #112]\n\t" + "ldr q17, [x1, #144]\n\t" + "ldr q18, [x1, #176]\n\t" + "ldr q19, [x1, #208]\n\t" + "ldr q20, [x1, #240]\n\t" + "ldr q0, [x2]\n\t" + "ldr q1, [x3]\n\t" + "mul v29.8h, v13.8h, v1.h[1]\n\t" + "mul v30.8h, v14.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v13.8h, v0.h[1]\n\t" + "sqrdmulh v22.8h, v14.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v15.8h, v1.h[1]\n\t" + "mul v30.8h, v16.8h, v1.h[1]\n\t" + "sqrdmulh v23.8h, v15.8h, v0.h[1]\n\t" + "sqrdmulh v24.8h, v16.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v17.8h, v1.h[1]\n\t" + "mul v30.8h, v18.8h, v1.h[1]\n\t" + "sqrdmulh v25.8h, v17.8h, v0.h[1]\n\t" + "sqrdmulh v26.8h, v18.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[1]\n\t" + "mul v30.8h, v20.8h, v1.h[1]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[1]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v13.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v14.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v15.8h, v7.8h, v23.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "sub v16.8h, v8.8h, v24.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sub v17.8h, v9.8h, v25.8h\n\t" + "add v9.8h, v9.8h, v25.8h\n\t" + "sub v18.8h, v10.8h, v26.8h\n\t" + "add v10.8h, v10.8h, v26.8h\n\t" + "sub v19.8h, v11.8h, v27.8h\n\t" + "add v11.8h, v11.8h, v27.8h\n\t" + "sub v20.8h, v12.8h, v28.8h\n\t" + "add v12.8h, v12.8h, v28.8h\n\t" + "mul v29.8h, v9.8h, v1.h[2]\n\t" + "mul v30.8h, v10.8h, v1.h[2]\n\t" + "sqrdmulh v21.8h, v9.8h, v0.h[2]\n\t" + "sqrdmulh v22.8h, v10.8h, v0.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v11.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[2]\n\t" + "sqrdmulh v23.8h, v11.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v17.8h, v1.h[3]\n\t" + "mul v30.8h, v18.8h, v1.h[3]\n\t" + "sqrdmulh v25.8h, v17.8h, v0.h[3]\n\t" + "sqrdmulh v26.8h, v18.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[3]\n\t" + "mul v30.8h, v20.8h, v1.h[3]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[3]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v9.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v10.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v11.8h, v7.8h, v23.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "sub v12.8h, v8.8h, v24.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sub v17.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v18.8h, v14.8h, v26.8h\n\t" + "add v14.8h, v14.8h, v26.8h\n\t" + "sub v19.8h, v15.8h, v27.8h\n\t" + "add v15.8h, v15.8h, v27.8h\n\t" + "sub v20.8h, v16.8h, v28.8h\n\t" + "add v16.8h, v16.8h, v28.8h\n\t" + "mul v29.8h, v7.8h, v1.h[4]\n\t" + "mul v30.8h, v8.8h, v1.h[4]\n\t" + "sqrdmulh v21.8h, v7.8h, v0.h[4]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v11.8h, v1.h[5]\n\t" + "mul v30.8h, v12.8h, v1.h[5]\n\t" + "sqrdmulh v23.8h, v11.8h, v0.h[5]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v15.8h, v1.h[6]\n\t" + "mul v30.8h, v16.8h, v1.h[6]\n\t" + "sqrdmulh v25.8h, v15.8h, v0.h[6]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v19.8h, v1.h[7]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v19.8h, v0.h[7]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v7.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v6.8h, v22.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "sub v11.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v10.8h, v24.8h\n\t" + "add v10.8h, v10.8h, v24.8h\n\t" + "sub v15.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v14.8h, v26.8h\n\t" + "add v14.8h, v14.8h, v26.8h\n\t" + "sub v19.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v18.8h, v28.8h\n\t" + "add v18.8h, v18.8h, v28.8h\n\t" + "ldr q0, [x2, #16]\n\t" + "ldr q1, [x3, #16]\n\t" + "mul v29.8h, v6.8h, v1.h[0]\n\t" + "mul v30.8h, v8.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v6.8h, v0.h[0]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v10.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[3]\n\t" + "sqrdmulh v23.8h, v10.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v14.8h, v1.h[4]\n\t" + "mul v30.8h, v16.8h, v1.h[5]\n\t" + "sqrdmulh v25.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v18.8h, v1.h[6]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v18.8h, v0.h[6]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "str q5, [%x[r], #16]\n\t" + "str q6, [%x[r], #48]\n\t" + "str q7, [%x[r], #80]\n\t" + "str q8, [%x[r], #112]\n\t" + "str q9, [%x[r], #144]\n\t" + "str q10, [%x[r], #176]\n\t" + "str q11, [%x[r], #208]\n\t" + "str q12, [%x[r], #240]\n\t" + "str q13, [x1, #16]\n\t" + "str q14, [x1, #48]\n\t" + "str q15, [x1, #80]\n\t" + "str q16, [x1, #112]\n\t" + "str q17, [x1, #144]\n\t" + "str q18, [x1, #176]\n\t" + "str q19, [x1, #208]\n\t" + "str q20, [x1, #240]\n\t" + "ldp q5, q6, [%x[r]]\n\t" + "ldp q7, q8, [%x[r], #32]\n\t" + "ldp q9, q10, [%x[r], #64]\n\t" + "ldp q11, q12, [%x[r], #96]\n\t" + "ldp q13, q14, [%x[r], #128]\n\t" + "ldp q15, q16, [%x[r], #160]\n\t" + "ldp q17, q18, [%x[r], #192]\n\t" + "ldp q19, q20, [%x[r], #224]\n\t" + "ldr q0, [x2, #32]\n\t" + "ldr q1, [x3, #32]\n\t" + "mul v29.8h, v6.8h, v1.h[0]\n\t" + "mul v30.8h, v8.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v6.8h, v0.h[0]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v10.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[3]\n\t" + "sqrdmulh v23.8h, v10.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v14.8h, v1.h[4]\n\t" + "mul v30.8h, v16.8h, v1.h[5]\n\t" + "sqrdmulh v25.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v18.8h, v1.h[6]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v18.8h, v0.h[6]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "ldr q0, [x2, #64]\n\t" + "ldr q2, [x2, #80]\n\t" + "ldr q1, [x3, #64]\n\t" + "ldr q3, [x3, #80]\n\t" + "mov v29.16b, v5.16b\n\t" + "mov v30.16b, v7.16b\n\t" + "trn1 v5.2d, v5.2d, v6.2d\n\t" + "trn1 v7.2d, v7.2d, v8.2d\n\t" + "trn2 v6.2d, v29.2d, v6.2d\n\t" + "trn2 v8.2d, v30.2d, v8.2d\n\t" + "mul v29.8h, v6.8h, v1.8h\n\t" + "mul v30.8h, v8.8h, v3.8h\n\t" + "sqrdmulh v21.8h, v6.8h, v0.8h\n\t" + "sqrdmulh v22.8h, v8.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "ldr q0, [x2, #96]\n\t" + "ldr q2, [x2, #112]\n\t" + "ldr q1, [x3, #96]\n\t" + "ldr q3, [x3, #112]\n\t" + "mov v29.16b, v9.16b\n\t" + "mov v30.16b, v11.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v10.2d, v29.2d, v10.2d\n\t" + "trn2 v12.2d, v30.2d, v12.2d\n\t" + "mul v29.8h, v10.8h, v1.8h\n\t" + "mul v30.8h, v12.8h, v3.8h\n\t" + "sqrdmulh v23.8h, v10.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v12.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #128]\n\t" + "ldr q2, [x2, #144]\n\t" + "ldr q1, [x3, #128]\n\t" + "ldr q3, [x3, #144]\n\t" + "mov v29.16b, v13.16b\n\t" + "mov v30.16b, v15.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v14.2d, v29.2d, v14.2d\n\t" + "trn2 v16.2d, v30.2d, v16.2d\n\t" + "mul v29.8h, v14.8h, v1.8h\n\t" + "mul v30.8h, v16.8h, v3.8h\n\t" + "sqrdmulh v25.8h, v14.8h, v0.8h\n\t" + "sqrdmulh v26.8h, v16.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "ldr q0, [x2, #160]\n\t" + "ldr q2, [x2, #176]\n\t" + "ldr q1, [x3, #160]\n\t" + "ldr q3, [x3, #176]\n\t" + "mov v29.16b, v17.16b\n\t" + "mov v30.16b, v19.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v18.2d, v29.2d, v18.2d\n\t" + "trn2 v20.2d, v30.2d, v20.2d\n\t" + "mul v29.8h, v18.8h, v1.8h\n\t" + "mul v30.8h, v20.8h, v3.8h\n\t" + "sqrdmulh v27.8h, v18.8h, v0.8h\n\t" + "sqrdmulh v28.8h, v20.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "ldr q0, [x2, #320]\n\t" + "ldr q2, [x2, #336]\n\t" + "ldr q1, [x3, #320]\n\t" + "ldr q3, [x3, #336]\n\t" + "mov v29.16b, v5.16b\n\t" + "mov v30.16b, v7.16b\n\t" + "trn1 v5.4s, v5.4s, v6.4s\n\t" + "trn1 v7.4s, v7.4s, v8.4s\n\t" + "trn2 v6.4s, v29.4s, v6.4s\n\t" + "trn2 v8.4s, v30.4s, v8.4s\n\t" + "mul v29.8h, v6.8h, v1.8h\n\t" + "mul v30.8h, v8.8h, v3.8h\n\t" + "sqrdmulh v21.8h, v6.8h, v0.8h\n\t" + "sqrdmulh v22.8h, v8.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "ldr q0, [x2, #352]\n\t" + "ldr q2, [x2, #368]\n\t" + "ldr q1, [x3, #352]\n\t" + "ldr q3, [x3, #368]\n\t" + "mov v29.16b, v9.16b\n\t" + "mov v30.16b, v11.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v10.4s, v29.4s, v10.4s\n\t" + "trn2 v12.4s, v30.4s, v12.4s\n\t" + "mul v29.8h, v10.8h, v1.8h\n\t" + "mul v30.8h, v12.8h, v3.8h\n\t" + "sqrdmulh v23.8h, v10.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v12.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #384]\n\t" + "ldr q2, [x2, #400]\n\t" + "ldr q1, [x3, #384]\n\t" + "ldr q3, [x3, #400]\n\t" + "mov v29.16b, v13.16b\n\t" + "mov v30.16b, v15.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v14.4s, v29.4s, v14.4s\n\t" + "trn2 v16.4s, v30.4s, v16.4s\n\t" + "mul v29.8h, v14.8h, v1.8h\n\t" + "mul v30.8h, v16.8h, v3.8h\n\t" + "sqrdmulh v25.8h, v14.8h, v0.8h\n\t" + "sqrdmulh v26.8h, v16.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "ldr q0, [x2, #416]\n\t" + "ldr q2, [x2, #432]\n\t" + "ldr q1, [x3, #416]\n\t" + "ldr q3, [x3, #432]\n\t" + "mov v29.16b, v17.16b\n\t" + "mov v30.16b, v19.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v18.4s, v29.4s, v18.4s\n\t" + "trn2 v20.4s, v30.4s, v20.4s\n\t" + "mul v29.8h, v18.8h, v1.8h\n\t" + "mul v30.8h, v20.8h, v3.8h\n\t" + "sqrdmulh v27.8h, v18.8h, v0.8h\n\t" + "sqrdmulh v28.8h, v20.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "sqdmulh v21.8h, v5.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v6.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v5.8h, v21.8h, v4.h[0]\n\t" + "mls v6.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v7.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v8.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v7.8h, v21.8h, v4.h[0]\n\t" + "mls v8.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v9.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v10.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v9.8h, v21.8h, v4.h[0]\n\t" + "mls v10.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v11.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v12.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v11.8h, v21.8h, v4.h[0]\n\t" + "mls v12.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v13.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v14.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v13.8h, v21.8h, v4.h[0]\n\t" + "mls v14.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v15.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v16.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v15.8h, v21.8h, v4.h[0]\n\t" + "mls v16.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v17.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v18.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v17.8h, v21.8h, v4.h[0]\n\t" + "mls v18.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v19.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v20.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v19.8h, v21.8h, v4.h[0]\n\t" + "mls v20.8h, v22.8h, v4.h[0]\n\t" + "mov v29.16b, v5.16b\n\t" + "trn1 v5.4s, v5.4s, v6.4s\n\t" + "trn2 v6.4s, v29.4s, v6.4s\n\t" + "mov v29.16b, v5.16b\n\t" + "trn1 v5.2d, v5.2d, v6.2d\n\t" + "trn2 v6.2d, v29.2d, v6.2d\n\t" + "mov v29.16b, v7.16b\n\t" + "trn1 v7.4s, v7.4s, v8.4s\n\t" + "trn2 v8.4s, v29.4s, v8.4s\n\t" + "mov v29.16b, v7.16b\n\t" + "trn1 v7.2d, v7.2d, v8.2d\n\t" + "trn2 v8.2d, v29.2d, v8.2d\n\t" + "mov v29.16b, v9.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn2 v10.4s, v29.4s, v10.4s\n\t" + "mov v29.16b, v9.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn2 v10.2d, v29.2d, v10.2d\n\t" + "mov v29.16b, v11.16b\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v12.4s, v29.4s, v12.4s\n\t" + "mov v29.16b, v11.16b\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v12.2d, v29.2d, v12.2d\n\t" + "mov v29.16b, v13.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn2 v14.4s, v29.4s, v14.4s\n\t" + "mov v29.16b, v13.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn2 v14.2d, v29.2d, v14.2d\n\t" + "mov v29.16b, v15.16b\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v16.4s, v29.4s, v16.4s\n\t" + "mov v29.16b, v15.16b\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v16.2d, v29.2d, v16.2d\n\t" + "mov v29.16b, v17.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn2 v18.4s, v29.4s, v18.4s\n\t" + "mov v29.16b, v17.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn2 v18.2d, v29.2d, v18.2d\n\t" + "mov v29.16b, v19.16b\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v20.4s, v29.4s, v20.4s\n\t" + "mov v29.16b, v19.16b\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v20.2d, v29.2d, v20.2d\n\t" + "stp q5, q6, [%x[r]]\n\t" + "stp q7, q8, [%x[r], #32]\n\t" + "stp q9, q10, [%x[r], #64]\n\t" + "stp q11, q12, [%x[r], #96]\n\t" + "stp q13, q14, [%x[r], #128]\n\t" + "stp q15, q16, [%x[r], #160]\n\t" + "stp q17, q18, [%x[r], #192]\n\t" + "stp q19, q20, [%x[r], #224]\n\t" + "ldp q5, q6, [x1]\n\t" + "ldp q7, q8, [x1, #32]\n\t" + "ldp q9, q10, [x1, #64]\n\t" + "ldp q11, q12, [x1, #96]\n\t" + "ldp q13, q14, [x1, #128]\n\t" + "ldp q15, q16, [x1, #160]\n\t" + "ldp q17, q18, [x1, #192]\n\t" + "ldp q19, q20, [x1, #224]\n\t" + "ldr q0, [x2, #48]\n\t" + "ldr q1, [x3, #48]\n\t" + "mul v29.8h, v6.8h, v1.h[0]\n\t" + "mul v30.8h, v8.8h, v1.h[1]\n\t" + "sqrdmulh v21.8h, v6.8h, v0.h[0]\n\t" + "sqrdmulh v22.8h, v8.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v29.8h, v10.8h, v1.h[2]\n\t" + "mul v30.8h, v12.8h, v1.h[3]\n\t" + "sqrdmulh v23.8h, v10.8h, v0.h[2]\n\t" + "sqrdmulh v24.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v29.8h, v14.8h, v1.h[4]\n\t" + "mul v30.8h, v16.8h, v1.h[5]\n\t" + "sqrdmulh v25.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v26.8h, v16.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "mul v29.8h, v18.8h, v1.h[6]\n\t" + "mul v30.8h, v20.8h, v1.h[7]\n\t" + "sqrdmulh v27.8h, v18.8h, v0.h[6]\n\t" + "sqrdmulh v28.8h, v20.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "ldr q0, [x2, #192]\n\t" + "ldr q2, [x2, #208]\n\t" + "ldr q1, [x3, #192]\n\t" + "ldr q3, [x3, #208]\n\t" + "mov v29.16b, v5.16b\n\t" + "mov v30.16b, v7.16b\n\t" + "trn1 v5.2d, v5.2d, v6.2d\n\t" + "trn1 v7.2d, v7.2d, v8.2d\n\t" + "trn2 v6.2d, v29.2d, v6.2d\n\t" + "trn2 v8.2d, v30.2d, v8.2d\n\t" + "mul v29.8h, v6.8h, v1.8h\n\t" + "mul v30.8h, v8.8h, v3.8h\n\t" + "sqrdmulh v21.8h, v6.8h, v0.8h\n\t" + "sqrdmulh v22.8h, v8.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "ldr q0, [x2, #224]\n\t" + "ldr q2, [x2, #240]\n\t" + "ldr q1, [x3, #224]\n\t" + "ldr q3, [x3, #240]\n\t" + "mov v29.16b, v9.16b\n\t" + "mov v30.16b, v11.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v10.2d, v29.2d, v10.2d\n\t" + "trn2 v12.2d, v30.2d, v12.2d\n\t" + "mul v29.8h, v10.8h, v1.8h\n\t" + "mul v30.8h, v12.8h, v3.8h\n\t" + "sqrdmulh v23.8h, v10.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v12.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #256]\n\t" + "ldr q2, [x2, #272]\n\t" + "ldr q1, [x3, #256]\n\t" + "ldr q3, [x3, #272]\n\t" + "mov v29.16b, v13.16b\n\t" + "mov v30.16b, v15.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v14.2d, v29.2d, v14.2d\n\t" + "trn2 v16.2d, v30.2d, v16.2d\n\t" + "mul v29.8h, v14.8h, v1.8h\n\t" + "mul v30.8h, v16.8h, v3.8h\n\t" + "sqrdmulh v25.8h, v14.8h, v0.8h\n\t" + "sqrdmulh v26.8h, v16.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "ldr q0, [x2, #288]\n\t" + "ldr q2, [x2, #304]\n\t" + "ldr q1, [x3, #288]\n\t" + "ldr q3, [x3, #304]\n\t" + "mov v29.16b, v17.16b\n\t" + "mov v30.16b, v19.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v18.2d, v29.2d, v18.2d\n\t" + "trn2 v20.2d, v30.2d, v20.2d\n\t" + "mul v29.8h, v18.8h, v1.8h\n\t" + "mul v30.8h, v20.8h, v3.8h\n\t" + "sqrdmulh v27.8h, v18.8h, v0.8h\n\t" + "sqrdmulh v28.8h, v20.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "ldr q0, [x2, #448]\n\t" + "ldr q2, [x2, #464]\n\t" + "ldr q1, [x3, #448]\n\t" + "ldr q3, [x3, #464]\n\t" + "mov v29.16b, v5.16b\n\t" + "mov v30.16b, v7.16b\n\t" + "trn1 v5.4s, v5.4s, v6.4s\n\t" + "trn1 v7.4s, v7.4s, v8.4s\n\t" + "trn2 v6.4s, v29.4s, v6.4s\n\t" + "trn2 v8.4s, v30.4s, v8.4s\n\t" + "mul v29.8h, v6.8h, v1.8h\n\t" + "mul v30.8h, v8.8h, v3.8h\n\t" + "sqrdmulh v21.8h, v6.8h, v0.8h\n\t" + "sqrdmulh v22.8h, v8.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v22.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v21.8h, v21.8h, v29.8h\n\t" + "sub v22.8h, v22.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "ldr q0, [x2, #480]\n\t" + "ldr q2, [x2, #496]\n\t" + "ldr q1, [x3, #480]\n\t" + "ldr q3, [x3, #496]\n\t" + "mov v29.16b, v9.16b\n\t" + "mov v30.16b, v11.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v10.4s, v29.4s, v10.4s\n\t" + "trn2 v12.4s, v30.4s, v12.4s\n\t" + "mul v29.8h, v10.8h, v1.8h\n\t" + "mul v30.8h, v12.8h, v3.8h\n\t" + "sqrdmulh v23.8h, v10.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v12.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v24.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v23.8h, v23.8h, v29.8h\n\t" + "sub v24.8h, v24.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #512]\n\t" + "ldr q2, [x2, #528]\n\t" + "ldr q1, [x3, #512]\n\t" + "ldr q3, [x3, #528]\n\t" + "mov v29.16b, v13.16b\n\t" + "mov v30.16b, v15.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v14.4s, v29.4s, v14.4s\n\t" + "trn2 v16.4s, v30.4s, v16.4s\n\t" + "mul v29.8h, v14.8h, v1.8h\n\t" + "mul v30.8h, v16.8h, v3.8h\n\t" + "sqrdmulh v25.8h, v14.8h, v0.8h\n\t" + "sqrdmulh v26.8h, v16.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v25.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v26.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v25.8h, v25.8h, v29.8h\n\t" + "sub v26.8h, v26.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v25.8h, v25.8h, #1\n\t" + "sshr v26.8h, v26.8h, #1\n\t" + "ldr q0, [x2, #544]\n\t" + "ldr q2, [x2, #560]\n\t" + "ldr q1, [x3, #544]\n\t" + "ldr q3, [x3, #560]\n\t" + "mov v29.16b, v17.16b\n\t" + "mov v30.16b, v19.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v18.4s, v29.4s, v18.4s\n\t" + "trn2 v20.4s, v30.4s, v20.4s\n\t" + "mul v29.8h, v18.8h, v1.8h\n\t" + "mul v30.8h, v20.8h, v3.8h\n\t" + "sqrdmulh v27.8h, v18.8h, v0.8h\n\t" + "sqrdmulh v28.8h, v20.8h, v2.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v27.8h, v29.8h, v4.h[0]\n\t" + "sqrdmlsh v28.8h, v30.8h, v4.h[0]\n\t" +#else + "sqrdmulh v29.8h, v29.8h, v4.h[0]\n\t" + "sqrdmulh v30.8h, v30.8h, v4.h[0]\n\t" + "sub v27.8h, v27.8h, v29.8h\n\t" + "sub v28.8h, v28.8h, v30.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v27.8h, v27.8h, #1\n\t" + "sshr v28.8h, v28.8h, #1\n\t" + "sub v6.8h, v5.8h, v21.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "sub v8.8h, v7.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v22.8h\n\t" + "sub v10.8h, v9.8h, v23.8h\n\t" + "add v9.8h, v9.8h, v23.8h\n\t" + "sub v12.8h, v11.8h, v24.8h\n\t" + "add v11.8h, v11.8h, v24.8h\n\t" + "sub v14.8h, v13.8h, v25.8h\n\t" + "add v13.8h, v13.8h, v25.8h\n\t" + "sub v16.8h, v15.8h, v26.8h\n\t" + "add v15.8h, v15.8h, v26.8h\n\t" + "sub v18.8h, v17.8h, v27.8h\n\t" + "add v17.8h, v17.8h, v27.8h\n\t" + "sub v20.8h, v19.8h, v28.8h\n\t" + "add v19.8h, v19.8h, v28.8h\n\t" + "sqdmulh v21.8h, v5.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v6.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v5.8h, v21.8h, v4.h[0]\n\t" + "mls v6.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v7.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v8.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v7.8h, v21.8h, v4.h[0]\n\t" + "mls v8.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v9.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v10.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v9.8h, v21.8h, v4.h[0]\n\t" + "mls v10.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v11.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v12.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v11.8h, v21.8h, v4.h[0]\n\t" + "mls v12.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v13.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v14.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v13.8h, v21.8h, v4.h[0]\n\t" + "mls v14.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v15.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v16.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v15.8h, v21.8h, v4.h[0]\n\t" + "mls v16.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v17.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v18.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v17.8h, v21.8h, v4.h[0]\n\t" + "mls v18.8h, v22.8h, v4.h[0]\n\t" + "sqdmulh v21.8h, v19.8h, v4.h[2]\n\t" + "sqdmulh v22.8h, v20.8h, v4.h[2]\n\t" + "sshr v21.8h, v21.8h, #11\n\t" + "sshr v22.8h, v22.8h, #11\n\t" + "mls v19.8h, v21.8h, v4.h[0]\n\t" + "mls v20.8h, v22.8h, v4.h[0]\n\t" + "mov v29.16b, v5.16b\n\t" + "trn1 v5.4s, v5.4s, v6.4s\n\t" + "trn2 v6.4s, v29.4s, v6.4s\n\t" + "mov v29.16b, v5.16b\n\t" + "trn1 v5.2d, v5.2d, v6.2d\n\t" + "trn2 v6.2d, v29.2d, v6.2d\n\t" + "mov v29.16b, v7.16b\n\t" + "trn1 v7.4s, v7.4s, v8.4s\n\t" + "trn2 v8.4s, v29.4s, v8.4s\n\t" + "mov v29.16b, v7.16b\n\t" + "trn1 v7.2d, v7.2d, v8.2d\n\t" + "trn2 v8.2d, v29.2d, v8.2d\n\t" + "mov v29.16b, v9.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn2 v10.4s, v29.4s, v10.4s\n\t" + "mov v29.16b, v9.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn2 v10.2d, v29.2d, v10.2d\n\t" + "mov v29.16b, v11.16b\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v12.4s, v29.4s, v12.4s\n\t" + "mov v29.16b, v11.16b\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v12.2d, v29.2d, v12.2d\n\t" + "mov v29.16b, v13.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn2 v14.4s, v29.4s, v14.4s\n\t" + "mov v29.16b, v13.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn2 v14.2d, v29.2d, v14.2d\n\t" + "mov v29.16b, v15.16b\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v16.4s, v29.4s, v16.4s\n\t" + "mov v29.16b, v15.16b\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v16.2d, v29.2d, v16.2d\n\t" + "mov v29.16b, v17.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn2 v18.4s, v29.4s, v18.4s\n\t" + "mov v29.16b, v17.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn2 v18.2d, v29.2d, v18.2d\n\t" + "mov v29.16b, v19.16b\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v20.4s, v29.4s, v20.4s\n\t" + "mov v29.16b, v19.16b\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v20.2d, v29.2d, v20.2d\n\t" + "stp q5, q6, [x1]\n\t" + "stp q7, q8, [x1, #32]\n\t" + "stp q9, q10, [x1, #64]\n\t" + "stp q11, q12, [x1, #96]\n\t" + "stp q13, q14, [x1, #128]\n\t" + "stp q15, q16, [x1, #160]\n\t" + "stp q17, q18, [x1, #192]\n\t" + "stp q19, q20, [x1, #224]\n\t" + : [r] "+r" (r) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv) + : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "cc" + ); +} + +static const uint16_t L_kyber_aarch64_zetas_inv[] = { + 0x6a5, + 0x6a5, + 0x70f, + 0x70f, + 0x5b4, + 0x5b4, + 0x943, + 0x943, + 0x922, + 0x922, + 0x91d, + 0x91d, + 0x134, + 0x134, + 0x6c, + 0x6c, + 0xb23, + 0xb23, + 0x366, + 0x366, + 0x356, + 0x356, + 0x5e6, + 0x5e6, + 0x9e7, + 0x9e7, + 0x4fe, + 0x4fe, + 0x5fa, + 0x5fa, + 0x4a1, + 0x4a1, + 0x67b, + 0x67b, + 0x4a3, + 0x4a3, + 0xc25, + 0xc25, + 0x36a, + 0x36a, + 0x537, + 0x537, + 0x83f, + 0x83f, + 0x88, + 0x88, + 0x4bf, + 0x4bf, + 0xb81, + 0xb81, + 0x5b9, + 0x5b9, + 0x505, + 0x505, + 0x7d7, + 0x7d7, + 0xa9f, + 0xa9f, + 0xaa6, + 0xaa6, + 0x8b8, + 0x8b8, + 0x9d0, + 0x9d0, + 0x4b, + 0x4b, + 0x9c, + 0x9c, + 0xbb8, + 0xbb8, + 0xb5f, + 0xb5f, + 0xba4, + 0xba4, + 0x368, + 0x368, + 0xa7d, + 0xa7d, + 0x636, + 0x636, + 0x8a2, + 0x8a2, + 0x25a, + 0x25a, + 0x736, + 0x736, + 0x309, + 0x309, + 0x93, + 0x93, + 0x87a, + 0x87a, + 0x9f7, + 0x9f7, + 0xf6, + 0xf6, + 0x68c, + 0x68c, + 0x6db, + 0x6db, + 0x1cc, + 0x1cc, + 0x123, + 0x123, + 0xeb, + 0xeb, + 0xc50, + 0xc50, + 0xab6, + 0xab6, + 0xb5b, + 0xb5b, + 0xc98, + 0xc98, + 0x6f3, + 0x6f3, + 0x99a, + 0x99a, + 0x4e3, + 0x4e3, + 0x9b6, + 0x9b6, + 0xad6, + 0xad6, + 0xb53, + 0xb53, + 0x44f, + 0x44f, + 0x4fb, + 0x4fb, + 0x4fb, + 0x4fb, + 0xa5c, + 0xa5c, + 0xa5c, + 0xa5c, + 0x429, + 0x429, + 0x429, + 0x429, + 0xb41, + 0xb41, + 0xb41, + 0xb41, + 0x2d5, + 0x2d5, + 0x2d5, + 0x2d5, + 0x5e4, + 0x5e4, + 0x5e4, + 0x5e4, + 0x940, + 0x940, + 0x940, + 0x940, + 0x18e, + 0x18e, + 0x18e, + 0x18e, + 0x3b7, + 0x3b7, + 0x3b7, + 0x3b7, + 0xf7, + 0xf7, + 0xf7, + 0xf7, + 0x58d, + 0x58d, + 0x58d, + 0x58d, + 0xc96, + 0xc96, + 0xc96, + 0xc96, + 0x9c3, + 0x9c3, + 0x9c3, + 0x9c3, + 0x10f, + 0x10f, + 0x10f, + 0x10f, + 0x5a, + 0x5a, + 0x5a, + 0x5a, + 0x355, + 0x355, + 0x355, + 0x355, + 0x744, + 0x744, + 0x744, + 0x744, + 0xc83, + 0xc83, + 0xc83, + 0xc83, + 0x48a, + 0x48a, + 0x48a, + 0x48a, + 0x652, + 0x652, + 0x652, + 0x652, + 0x29a, + 0x29a, + 0x29a, + 0x29a, + 0x140, + 0x140, + 0x140, + 0x140, + 0x8, + 0x8, + 0x8, + 0x8, + 0xafd, + 0xafd, + 0xafd, + 0xafd, + 0x608, + 0x608, + 0x608, + 0x608, + 0x11a, + 0x11a, + 0x11a, + 0x11a, + 0x72e, + 0x72e, + 0x72e, + 0x72e, + 0x50d, + 0x50d, + 0x50d, + 0x50d, + 0x90a, + 0x90a, + 0x90a, + 0x90a, + 0x228, + 0x228, + 0x228, + 0x228, + 0xa75, + 0xa75, + 0xa75, + 0xa75, + 0x83a, + 0x83a, + 0x83a, + 0x83a, + 0x623, + 0xcd, + 0xb66, + 0x606, + 0xaa1, + 0xa25, + 0x908, + 0x2a9, + 0x82, + 0x642, + 0x74f, + 0x33d, + 0xb82, + 0xbf9, + 0x52d, + 0xac4, + 0x745, + 0x5c2, + 0x4b2, + 0x93f, + 0xc4b, + 0x6d8, + 0xa93, + 0xab, + 0xc37, + 0xbe2, + 0x773, + 0x72c, + 0x5ed, + 0x167, + 0x2f6, + 0x5a1, +}; + +static const uint16_t L_kyber_aarch64_zetas_inv_qinv[] = { + 0xa5a5, + 0xa5a5, + 0x440f, + 0x440f, + 0xe1b4, + 0xe1b4, + 0xa243, + 0xa243, + 0x4f22, + 0x4f22, + 0x901d, + 0x901d, + 0x5d34, + 0x5d34, + 0x846c, + 0x846c, + 0x4423, + 0x4423, + 0xd566, + 0xd566, + 0xa556, + 0xa556, + 0x57e6, + 0x57e6, + 0x4ee7, + 0x4ee7, + 0x1efe, + 0x1efe, + 0x53fa, + 0x53fa, + 0xd7a1, + 0xd7a1, + 0xc77b, + 0xc77b, + 0xbda3, + 0xbda3, + 0x2b25, + 0x2b25, + 0xa16a, + 0xa16a, + 0x3a37, + 0x3a37, + 0xd53f, + 0xd53f, + 0x1888, + 0x1888, + 0x51bf, + 0x51bf, + 0x7e81, + 0x7e81, + 0xa0b9, + 0xa0b9, + 0xc405, + 0xc405, + 0x1cd7, + 0x1cd7, + 0xf79f, + 0xf79f, + 0x9ca6, + 0x9ca6, + 0xb0b8, + 0xb0b8, + 0x79d0, + 0x79d0, + 0x314b, + 0x314b, + 0x149c, + 0x149c, + 0xb3b8, + 0xb3b8, + 0x385f, + 0x385f, + 0xb7a4, + 0xb7a4, + 0xbb68, + 0xbb68, + 0xb17d, + 0xb17d, + 0x4836, + 0x4836, + 0xcea2, + 0xcea2, + 0x705a, + 0x705a, + 0x4936, + 0x4936, + 0x8e09, + 0x8e09, + 0x8993, + 0x8993, + 0xd67a, + 0xd67a, + 0x7ef7, + 0x7ef7, + 0x82f6, + 0x82f6, + 0xea8c, + 0xea8c, + 0xe7db, + 0xe7db, + 0xa5cc, + 0xa5cc, + 0x3a23, + 0x3a23, + 0x11eb, + 0x11eb, + 0xfc50, + 0xfc50, + 0xccb6, + 0xccb6, + 0x6c5b, + 0x6c5b, + 0x5498, + 0x5498, + 0xaff3, + 0xaff3, + 0x379a, + 0x379a, + 0x7de3, + 0x7de3, + 0xcbb6, + 0xcbb6, + 0x2cd6, + 0x2cd6, + 0xd453, + 0xd453, + 0x14f, + 0x14f, + 0x45fb, + 0x45fb, + 0x45fb, + 0x45fb, + 0x5e5c, + 0x5e5c, + 0x5e5c, + 0x5e5c, + 0xef29, + 0xef29, + 0xef29, + 0xef29, + 0xbe41, + 0xbe41, + 0xbe41, + 0xbe41, + 0x31d5, + 0x31d5, + 0x31d5, + 0x31d5, + 0x71e4, + 0x71e4, + 0x71e4, + 0x71e4, + 0xc940, + 0xc940, + 0xc940, + 0xc940, + 0xcb8e, + 0xcb8e, + 0xcb8e, + 0xcb8e, + 0xb8b7, + 0xb8b7, + 0xb8b7, + 0xb8b7, + 0x75f7, + 0x75f7, + 0x75f7, + 0x75f7, + 0xdc8d, + 0xdc8d, + 0xdc8d, + 0xdc8d, + 0x6e96, + 0x6e96, + 0x6e96, + 0x6e96, + 0x22c3, + 0x22c3, + 0x22c3, + 0x22c3, + 0x3e0f, + 0x3e0f, + 0x3e0f, + 0x3e0f, + 0x6e5a, + 0x6e5a, + 0x6e5a, + 0x6e5a, + 0xb255, + 0xb255, + 0xb255, + 0xb255, + 0x9344, + 0x9344, + 0x9344, + 0x9344, + 0x6583, + 0x6583, + 0x6583, + 0x6583, + 0x28a, + 0x28a, + 0x28a, + 0x28a, + 0xdc52, + 0xdc52, + 0xdc52, + 0xdc52, + 0x309a, + 0x309a, + 0x309a, + 0x309a, + 0xc140, + 0xc140, + 0xc140, + 0xc140, + 0x9808, + 0x9808, + 0x9808, + 0x9808, + 0x31fd, + 0x31fd, + 0x31fd, + 0x31fd, + 0x9e08, + 0x9e08, + 0x9e08, + 0x9e08, + 0xaf1a, + 0xaf1a, + 0xaf1a, + 0xaf1a, + 0xb12e, + 0xb12e, + 0xb12e, + 0xb12e, + 0x5c0d, + 0x5c0d, + 0x5c0d, + 0x5c0d, + 0x870a, + 0x870a, + 0x870a, + 0x870a, + 0xfa28, + 0xfa28, + 0xfa28, + 0xfa28, + 0x1975, + 0x1975, + 0x1975, + 0x1975, + 0x163a, + 0x163a, + 0x163a, + 0x163a, + 0x3f23, + 0x97cd, + 0xdd66, + 0xb806, + 0xdda1, + 0x2925, + 0xa108, + 0x6da9, + 0x6682, + 0xac42, + 0x44f, + 0xea3d, + 0x7182, + 0x66f9, + 0xbc2d, + 0x16c4, + 0x8645, + 0x2bc2, + 0xfab2, + 0xd63f, + 0x3d4b, + 0xed8, + 0x9393, + 0x51ab, + 0x4137, + 0x91e2, + 0x3073, + 0xcb2c, + 0xfced, + 0xc667, + 0x84f6, + 0xd8a1, +}; + +void kyber_invntt(sword16* r) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_zetas_inv]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_zetas_inv]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_zetas_inv]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_zetas_inv]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_zetas_inv_qinv]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_consts]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "add x1, %x[r], #0x100\n\t" + "ldr q8, [x4]\n\t" + "ldp q9, q10, [%x[r]]\n\t" + "ldp q11, q12, [%x[r], #32]\n\t" + "ldp q13, q14, [%x[r], #64]\n\t" + "ldp q15, q16, [%x[r], #96]\n\t" + "ldp q17, q18, [%x[r], #128]\n\t" + "ldp q19, q20, [%x[r], #160]\n\t" + "ldp q21, q22, [%x[r], #192]\n\t" + "ldp q23, q24, [%x[r], #224]\n\t" + "mov v25.16b, v9.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn2 v10.2d, v25.2d, v10.2d\n\t" + "mov v25.16b, v9.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn2 v10.4s, v25.4s, v10.4s\n\t" + "mov v25.16b, v11.16b\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v12.2d, v25.2d, v12.2d\n\t" + "mov v25.16b, v11.16b\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v12.4s, v25.4s, v12.4s\n\t" + "mov v25.16b, v13.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn2 v14.2d, v25.2d, v14.2d\n\t" + "mov v25.16b, v13.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn2 v14.4s, v25.4s, v14.4s\n\t" + "mov v25.16b, v15.16b\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v16.2d, v25.2d, v16.2d\n\t" + "mov v25.16b, v15.16b\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v16.4s, v25.4s, v16.4s\n\t" + "mov v25.16b, v17.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn2 v18.2d, v25.2d, v18.2d\n\t" + "mov v25.16b, v17.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn2 v18.4s, v25.4s, v18.4s\n\t" + "mov v25.16b, v19.16b\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v20.2d, v25.2d, v20.2d\n\t" + "mov v25.16b, v19.16b\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v20.4s, v25.4s, v20.4s\n\t" + "mov v25.16b, v21.16b\n\t" + "trn1 v21.2d, v21.2d, v22.2d\n\t" + "trn2 v22.2d, v25.2d, v22.2d\n\t" + "mov v25.16b, v21.16b\n\t" + "trn1 v21.4s, v21.4s, v22.4s\n\t" + "trn2 v22.4s, v25.4s, v22.4s\n\t" + "mov v25.16b, v23.16b\n\t" + "trn1 v23.2d, v23.2d, v24.2d\n\t" + "trn2 v24.2d, v25.2d, v24.2d\n\t" + "mov v25.16b, v23.16b\n\t" + "trn1 v23.4s, v23.4s, v24.4s\n\t" + "trn2 v24.4s, v25.4s, v24.4s\n\t" + "ldr q0, [x2]\n\t" + "ldr q1, [x2, #16]\n\t" + "ldr q2, [x3]\n\t" + "ldr q3, [x3, #16]\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v10.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v12.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "ldr q0, [x2, #32]\n\t" + "ldr q1, [x2, #48]\n\t" + "ldr q2, [x3, #32]\n\t" + "ldr q3, [x3, #48]\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v14.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v16.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "ldr q0, [x2, #64]\n\t" + "ldr q1, [x2, #80]\n\t" + "ldr q2, [x3, #64]\n\t" + "ldr q3, [x3, #80]\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v18.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v20.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "ldr q0, [x2, #96]\n\t" + "ldr q1, [x2, #112]\n\t" + "ldr q2, [x3, #96]\n\t" + "ldr q3, [x3, #112]\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v22.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #256]\n\t" + "ldr q1, [x2, #272]\n\t" + "ldr q2, [x3, #256]\n\t" + "ldr q3, [x3, #272]\n\t" + "mov v25.16b, v9.16b\n\t" + "mov v26.16b, v11.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v10.4s, v25.4s, v10.4s\n\t" + "trn2 v12.4s, v26.4s, v12.4s\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v10.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v12.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "ldr q0, [x2, #288]\n\t" + "ldr q1, [x2, #304]\n\t" + "ldr q2, [x3, #288]\n\t" + "ldr q3, [x3, #304]\n\t" + "mov v25.16b, v13.16b\n\t" + "mov v26.16b, v15.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v14.4s, v25.4s, v14.4s\n\t" + "trn2 v16.4s, v26.4s, v16.4s\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v14.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v16.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "ldr q0, [x2, #320]\n\t" + "ldr q1, [x2, #336]\n\t" + "ldr q2, [x3, #320]\n\t" + "ldr q3, [x3, #336]\n\t" + "mov v25.16b, v17.16b\n\t" + "mov v26.16b, v19.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v18.4s, v25.4s, v18.4s\n\t" + "trn2 v20.4s, v26.4s, v20.4s\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v18.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v20.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "ldr q0, [x2, #352]\n\t" + "ldr q1, [x2, #368]\n\t" + "ldr q2, [x3, #352]\n\t" + "ldr q3, [x3, #368]\n\t" + "mov v25.16b, v21.16b\n\t" + "mov v26.16b, v23.16b\n\t" + "trn1 v21.4s, v21.4s, v22.4s\n\t" + "trn1 v23.4s, v23.4s, v24.4s\n\t" + "trn2 v22.4s, v25.4s, v22.4s\n\t" + "trn2 v24.4s, v26.4s, v24.4s\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v22.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #512]\n\t" + "ldr q2, [x3, #512]\n\t" + "mov v25.16b, v9.16b\n\t" + "mov v26.16b, v11.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v10.2d, v25.2d, v10.2d\n\t" + "trn2 v12.2d, v26.2d, v12.2d\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.h[0]\n\t" + "mul v27.8h, v28.8h, v2.h[1]\n\t" + "sqrdmulh v10.8h, v26.8h, v0.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mov v25.16b, v13.16b\n\t" + "mov v26.16b, v15.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v14.2d, v25.2d, v14.2d\n\t" + "trn2 v16.2d, v26.2d, v16.2d\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.h[2]\n\t" + "mul v27.8h, v28.8h, v2.h[3]\n\t" + "sqrdmulh v14.8h, v26.8h, v0.h[2]\n\t" + "sqrdmulh v16.8h, v28.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "mov v25.16b, v17.16b\n\t" + "mov v26.16b, v19.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v18.2d, v25.2d, v18.2d\n\t" + "trn2 v20.2d, v26.2d, v20.2d\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.h[4]\n\t" + "mul v27.8h, v28.8h, v2.h[5]\n\t" + "sqrdmulh v18.8h, v26.8h, v0.h[4]\n\t" + "sqrdmulh v20.8h, v28.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "mov v25.16b, v21.16b\n\t" + "mov v26.16b, v23.16b\n\t" + "trn1 v21.2d, v21.2d, v22.2d\n\t" + "trn1 v23.2d, v23.2d, v24.2d\n\t" + "trn2 v22.2d, v25.2d, v22.2d\n\t" + "trn2 v24.2d, v26.2d, v24.2d\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.h[6]\n\t" + "mul v27.8h, v28.8h, v2.h[7]\n\t" + "sqrdmulh v22.8h, v26.8h, v0.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sqdmulh v25.8h, v9.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v11.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v9.8h, v25.8h, v8.h[0]\n\t" + "mls v11.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v13.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v15.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v13.8h, v25.8h, v8.h[0]\n\t" + "mls v15.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v17.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v19.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v17.8h, v25.8h, v8.h[0]\n\t" + "mls v19.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v21.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v23.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v21.8h, v25.8h, v8.h[0]\n\t" + "mls v23.8h, v26.8h, v8.h[0]\n\t" + "stp q9, q10, [%x[r]]\n\t" + "stp q11, q12, [%x[r], #32]\n\t" + "stp q13, q14, [%x[r], #64]\n\t" + "stp q15, q16, [%x[r], #96]\n\t" + "stp q17, q18, [%x[r], #128]\n\t" + "stp q19, q20, [%x[r], #160]\n\t" + "stp q21, q22, [%x[r], #192]\n\t" + "stp q23, q24, [%x[r], #224]\n\t" + "ldp q9, q10, [x1]\n\t" + "ldp q11, q12, [x1, #32]\n\t" + "ldp q13, q14, [x1, #64]\n\t" + "ldp q15, q16, [x1, #96]\n\t" + "ldp q17, q18, [x1, #128]\n\t" + "ldp q19, q20, [x1, #160]\n\t" + "ldp q21, q22, [x1, #192]\n\t" + "ldp q23, q24, [x1, #224]\n\t" + "mov v25.16b, v9.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn2 v10.2d, v25.2d, v10.2d\n\t" + "mov v25.16b, v9.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn2 v10.4s, v25.4s, v10.4s\n\t" + "mov v25.16b, v11.16b\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v12.2d, v25.2d, v12.2d\n\t" + "mov v25.16b, v11.16b\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v12.4s, v25.4s, v12.4s\n\t" + "mov v25.16b, v13.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn2 v14.2d, v25.2d, v14.2d\n\t" + "mov v25.16b, v13.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn2 v14.4s, v25.4s, v14.4s\n\t" + "mov v25.16b, v15.16b\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v16.2d, v25.2d, v16.2d\n\t" + "mov v25.16b, v15.16b\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v16.4s, v25.4s, v16.4s\n\t" + "mov v25.16b, v17.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn2 v18.2d, v25.2d, v18.2d\n\t" + "mov v25.16b, v17.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn2 v18.4s, v25.4s, v18.4s\n\t" + "mov v25.16b, v19.16b\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v20.2d, v25.2d, v20.2d\n\t" + "mov v25.16b, v19.16b\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v20.4s, v25.4s, v20.4s\n\t" + "mov v25.16b, v21.16b\n\t" + "trn1 v21.2d, v21.2d, v22.2d\n\t" + "trn2 v22.2d, v25.2d, v22.2d\n\t" + "mov v25.16b, v21.16b\n\t" + "trn1 v21.4s, v21.4s, v22.4s\n\t" + "trn2 v22.4s, v25.4s, v22.4s\n\t" + "mov v25.16b, v23.16b\n\t" + "trn1 v23.2d, v23.2d, v24.2d\n\t" + "trn2 v24.2d, v25.2d, v24.2d\n\t" + "mov v25.16b, v23.16b\n\t" + "trn1 v23.4s, v23.4s, v24.4s\n\t" + "trn2 v24.4s, v25.4s, v24.4s\n\t" + "ldr q0, [x2, #128]\n\t" + "ldr q1, [x2, #144]\n\t" + "ldr q2, [x3, #128]\n\t" + "ldr q3, [x3, #144]\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v10.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v12.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "ldr q0, [x2, #160]\n\t" + "ldr q1, [x2, #176]\n\t" + "ldr q2, [x3, #160]\n\t" + "ldr q3, [x3, #176]\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v14.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v16.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "ldr q0, [x2, #192]\n\t" + "ldr q1, [x2, #208]\n\t" + "ldr q2, [x3, #192]\n\t" + "ldr q3, [x3, #208]\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v18.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v20.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "ldr q0, [x2, #224]\n\t" + "ldr q1, [x2, #240]\n\t" + "ldr q2, [x3, #224]\n\t" + "ldr q3, [x3, #240]\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v22.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #384]\n\t" + "ldr q1, [x2, #400]\n\t" + "ldr q2, [x3, #384]\n\t" + "ldr q3, [x3, #400]\n\t" + "mov v25.16b, v9.16b\n\t" + "mov v26.16b, v11.16b\n\t" + "trn1 v9.4s, v9.4s, v10.4s\n\t" + "trn1 v11.4s, v11.4s, v12.4s\n\t" + "trn2 v10.4s, v25.4s, v10.4s\n\t" + "trn2 v12.4s, v26.4s, v12.4s\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v10.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v12.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "ldr q0, [x2, #416]\n\t" + "ldr q1, [x2, #432]\n\t" + "ldr q2, [x3, #416]\n\t" + "ldr q3, [x3, #432]\n\t" + "mov v25.16b, v13.16b\n\t" + "mov v26.16b, v15.16b\n\t" + "trn1 v13.4s, v13.4s, v14.4s\n\t" + "trn1 v15.4s, v15.4s, v16.4s\n\t" + "trn2 v14.4s, v25.4s, v14.4s\n\t" + "trn2 v16.4s, v26.4s, v16.4s\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v14.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v16.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "ldr q0, [x2, #448]\n\t" + "ldr q1, [x2, #464]\n\t" + "ldr q2, [x3, #448]\n\t" + "ldr q3, [x3, #464]\n\t" + "mov v25.16b, v17.16b\n\t" + "mov v26.16b, v19.16b\n\t" + "trn1 v17.4s, v17.4s, v18.4s\n\t" + "trn1 v19.4s, v19.4s, v20.4s\n\t" + "trn2 v18.4s, v25.4s, v18.4s\n\t" + "trn2 v20.4s, v26.4s, v20.4s\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v18.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v20.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "ldr q0, [x2, #480]\n\t" + "ldr q1, [x2, #496]\n\t" + "ldr q2, [x3, #480]\n\t" + "ldr q3, [x3, #496]\n\t" + "mov v25.16b, v21.16b\n\t" + "mov v26.16b, v23.16b\n\t" + "trn1 v21.4s, v21.4s, v22.4s\n\t" + "trn1 v23.4s, v23.4s, v24.4s\n\t" + "trn2 v22.4s, v25.4s, v22.4s\n\t" + "trn2 v24.4s, v26.4s, v24.4s\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.8h\n\t" + "mul v27.8h, v28.8h, v3.8h\n\t" + "sqrdmulh v22.8h, v26.8h, v0.8h\n\t" + "sqrdmulh v24.8h, v28.8h, v1.8h\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "ldr q0, [x2, #528]\n\t" + "ldr q2, [x3, #528]\n\t" + "mov v25.16b, v9.16b\n\t" + "mov v26.16b, v11.16b\n\t" + "trn1 v9.2d, v9.2d, v10.2d\n\t" + "trn1 v11.2d, v11.2d, v12.2d\n\t" + "trn2 v10.2d, v25.2d, v10.2d\n\t" + "trn2 v12.2d, v26.2d, v12.2d\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v2.h[0]\n\t" + "mul v27.8h, v28.8h, v2.h[1]\n\t" + "sqrdmulh v10.8h, v26.8h, v0.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v0.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mov v25.16b, v13.16b\n\t" + "mov v26.16b, v15.16b\n\t" + "trn1 v13.2d, v13.2d, v14.2d\n\t" + "trn1 v15.2d, v15.2d, v16.2d\n\t" + "trn2 v14.2d, v25.2d, v14.2d\n\t" + "trn2 v16.2d, v26.2d, v16.2d\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v2.h[2]\n\t" + "mul v27.8h, v28.8h, v2.h[3]\n\t" + "sqrdmulh v14.8h, v26.8h, v0.h[2]\n\t" + "sqrdmulh v16.8h, v28.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "mov v25.16b, v17.16b\n\t" + "mov v26.16b, v19.16b\n\t" + "trn1 v17.2d, v17.2d, v18.2d\n\t" + "trn1 v19.2d, v19.2d, v20.2d\n\t" + "trn2 v18.2d, v25.2d, v18.2d\n\t" + "trn2 v20.2d, v26.2d, v20.2d\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v2.h[4]\n\t" + "mul v27.8h, v28.8h, v2.h[5]\n\t" + "sqrdmulh v18.8h, v26.8h, v0.h[4]\n\t" + "sqrdmulh v20.8h, v28.8h, v0.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "mov v25.16b, v21.16b\n\t" + "mov v26.16b, v23.16b\n\t" + "trn1 v21.2d, v21.2d, v22.2d\n\t" + "trn1 v23.2d, v23.2d, v24.2d\n\t" + "trn2 v22.2d, v25.2d, v22.2d\n\t" + "trn2 v24.2d, v26.2d, v24.2d\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v2.h[6]\n\t" + "mul v27.8h, v28.8h, v2.h[7]\n\t" + "sqrdmulh v22.8h, v26.8h, v0.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v0.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sqdmulh v25.8h, v9.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v11.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v9.8h, v25.8h, v8.h[0]\n\t" + "mls v11.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v13.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v15.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v13.8h, v25.8h, v8.h[0]\n\t" + "mls v15.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v17.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v19.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v17.8h, v25.8h, v8.h[0]\n\t" + "mls v19.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v21.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v23.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v21.8h, v25.8h, v8.h[0]\n\t" + "mls v23.8h, v26.8h, v8.h[0]\n\t" + "stp q9, q10, [x1]\n\t" + "stp q11, q12, [x1, #32]\n\t" + "stp q13, q14, [x1, #64]\n\t" + "stp q15, q16, [x1, #96]\n\t" + "stp q17, q18, [x1, #128]\n\t" + "stp q19, q20, [x1, #160]\n\t" + "stp q21, q22, [x1, #192]\n\t" + "stp q23, q24, [x1, #224]\n\t" + "ldr q4, [x2, #544]\n\t" + "ldr q5, [x2, #560]\n\t" + "ldr q6, [x3, #544]\n\t" + "ldr q7, [x3, #560]\n\t" + "ldr q9, [%x[r]]\n\t" + "ldr q10, [%x[r], #32]\n\t" + "ldr q11, [%x[r], #64]\n\t" + "ldr q12, [%x[r], #96]\n\t" + "ldr q13, [%x[r], #128]\n\t" + "ldr q14, [%x[r], #160]\n\t" + "ldr q15, [%x[r], #192]\n\t" + "ldr q16, [%x[r], #224]\n\t" + "ldr q17, [x1]\n\t" + "ldr q18, [x1, #32]\n\t" + "ldr q19, [x1, #64]\n\t" + "ldr q20, [x1, #96]\n\t" + "ldr q21, [x1, #128]\n\t" + "ldr q22, [x1, #160]\n\t" + "ldr q23, [x1, #192]\n\t" + "ldr q24, [x1, #224]\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v6.h[0]\n\t" + "mul v27.8h, v28.8h, v6.h[1]\n\t" + "sqrdmulh v10.8h, v26.8h, v4.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v4.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v6.h[2]\n\t" + "mul v27.8h, v28.8h, v6.h[3]\n\t" + "sqrdmulh v14.8h, v26.8h, v4.h[2]\n\t" + "sqrdmulh v16.8h, v28.8h, v4.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v6.h[4]\n\t" + "mul v27.8h, v28.8h, v6.h[5]\n\t" + "sqrdmulh v18.8h, v26.8h, v4.h[4]\n\t" + "sqrdmulh v20.8h, v28.8h, v4.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v6.h[6]\n\t" + "mul v27.8h, v28.8h, v6.h[7]\n\t" + "sqrdmulh v22.8h, v26.8h, v4.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v4.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sub v26.8h, v9.8h, v11.8h\n\t" + "sub v28.8h, v10.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v11.8h\n\t" + "add v10.8h, v10.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v7.h[0]\n\t" + "mul v27.8h, v28.8h, v7.h[0]\n\t" + "sqrdmulh v11.8h, v26.8h, v5.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v5.h[0]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v11.8h, v11.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "sub v26.8h, v13.8h, v15.8h\n\t" + "sub v28.8h, v14.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v15.8h\n\t" + "add v14.8h, v14.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v7.h[1]\n\t" + "mul v27.8h, v28.8h, v7.h[1]\n\t" + "sqrdmulh v15.8h, v26.8h, v5.h[1]\n\t" + "sqrdmulh v16.8h, v28.8h, v5.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v19.8h\n\t" + "sub v28.8h, v18.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v19.8h\n\t" + "add v18.8h, v18.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v7.h[2]\n\t" + "mul v27.8h, v28.8h, v7.h[2]\n\t" + "sqrdmulh v19.8h, v26.8h, v5.h[2]\n\t" + "sqrdmulh v20.8h, v28.8h, v5.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v21.8h, v23.8h\n\t" + "sub v28.8h, v22.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v23.8h\n\t" + "add v22.8h, v22.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[3]\n\t" + "mul v27.8h, v28.8h, v7.h[3]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[3]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sub v26.8h, v9.8h, v13.8h\n\t" + "sub v28.8h, v10.8h, v14.8h\n\t" + "add v9.8h, v9.8h, v13.8h\n\t" + "add v10.8h, v10.8h, v14.8h\n\t" + "mul v25.8h, v26.8h, v7.h[4]\n\t" + "mul v27.8h, v28.8h, v7.h[4]\n\t" + "sqrdmulh v13.8h, v26.8h, v5.h[4]\n\t" + "sqrdmulh v14.8h, v28.8h, v5.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v14.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v13.8h, v13.8h, v25.8h\n\t" + "sub v14.8h, v14.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "sub v26.8h, v11.8h, v15.8h\n\t" + "sub v28.8h, v12.8h, v16.8h\n\t" + "add v11.8h, v11.8h, v15.8h\n\t" + "add v12.8h, v12.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v7.h[4]\n\t" + "mul v27.8h, v28.8h, v7.h[4]\n\t" + "sqrdmulh v15.8h, v26.8h, v5.h[4]\n\t" + "sqrdmulh v16.8h, v28.8h, v5.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v21.8h\n\t" + "sub v28.8h, v18.8h, v22.8h\n\t" + "add v17.8h, v17.8h, v21.8h\n\t" + "add v18.8h, v18.8h, v22.8h\n\t" + "mul v25.8h, v26.8h, v7.h[5]\n\t" + "mul v27.8h, v28.8h, v7.h[5]\n\t" + "sqrdmulh v21.8h, v26.8h, v5.h[5]\n\t" + "sqrdmulh v22.8h, v28.8h, v5.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "sub v26.8h, v19.8h, v23.8h\n\t" + "sub v28.8h, v20.8h, v24.8h\n\t" + "add v19.8h, v19.8h, v23.8h\n\t" + "add v20.8h, v20.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[5]\n\t" + "mul v27.8h, v28.8h, v7.h[5]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[5]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sqdmulh v25.8h, v9.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v10.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v9.8h, v25.8h, v8.h[0]\n\t" + "mls v10.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v11.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v12.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v11.8h, v25.8h, v8.h[0]\n\t" + "mls v12.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v17.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v18.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v17.8h, v25.8h, v8.h[0]\n\t" + "mls v18.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v19.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v20.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v19.8h, v25.8h, v8.h[0]\n\t" + "mls v20.8h, v26.8h, v8.h[0]\n\t" + "sub v26.8h, v9.8h, v17.8h\n\t" + "sub v28.8h, v10.8h, v18.8h\n\t" + "add v9.8h, v9.8h, v17.8h\n\t" + "add v10.8h, v10.8h, v18.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v17.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v18.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v17.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v18.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v17.8h, v17.8h, v25.8h\n\t" + "sub v18.8h, v18.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v17.8h, v17.8h, #1\n\t" + "sshr v18.8h, v18.8h, #1\n\t" + "sub v26.8h, v11.8h, v19.8h\n\t" + "sub v28.8h, v12.8h, v20.8h\n\t" + "add v11.8h, v11.8h, v19.8h\n\t" + "add v12.8h, v12.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v19.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v20.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v13.8h, v21.8h\n\t" + "sub v28.8h, v14.8h, v22.8h\n\t" + "add v13.8h, v13.8h, v21.8h\n\t" + "add v14.8h, v14.8h, v22.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v21.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v22.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "sub v26.8h, v15.8h, v23.8h\n\t" + "sub v28.8h, v16.8h, v24.8h\n\t" + "add v15.8h, v15.8h, v23.8h\n\t" + "add v16.8h, v16.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v25.8h, v9.8h, v7.h[7]\n\t" + "mul v26.8h, v10.8h, v7.h[7]\n\t" + "sqrdmulh v9.8h, v9.8h, v5.h[7]\n\t" + "sqrdmulh v10.8h, v10.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v9.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v10.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v9.8h, v9.8h, v25.8h\n\t" + "sub v10.8h, v10.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v9.8h, v9.8h, #1\n\t" + "sshr v10.8h, v10.8h, #1\n\t" + "mul v25.8h, v11.8h, v7.h[7]\n\t" + "mul v26.8h, v12.8h, v7.h[7]\n\t" + "sqrdmulh v11.8h, v11.8h, v5.h[7]\n\t" + "sqrdmulh v12.8h, v12.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v11.8h, v11.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mul v25.8h, v13.8h, v7.h[7]\n\t" + "mul v26.8h, v14.8h, v7.h[7]\n\t" + "sqrdmulh v13.8h, v13.8h, v5.h[7]\n\t" + "sqrdmulh v14.8h, v14.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v14.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v13.8h, v13.8h, v25.8h\n\t" + "sub v14.8h, v14.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "mul v25.8h, v15.8h, v7.h[7]\n\t" + "mul v26.8h, v16.8h, v7.h[7]\n\t" + "sqrdmulh v15.8h, v15.8h, v5.h[7]\n\t" + "sqrdmulh v16.8h, v16.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "mul v25.8h, v17.8h, v7.h[7]\n\t" + "mul v26.8h, v18.8h, v7.h[7]\n\t" + "sqrdmulh v17.8h, v17.8h, v5.h[7]\n\t" + "sqrdmulh v18.8h, v18.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v17.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v18.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v17.8h, v17.8h, v25.8h\n\t" + "sub v18.8h, v18.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v17.8h, v17.8h, #1\n\t" + "sshr v18.8h, v18.8h, #1\n\t" + "mul v25.8h, v19.8h, v7.h[7]\n\t" + "mul v26.8h, v20.8h, v7.h[7]\n\t" + "sqrdmulh v19.8h, v19.8h, v5.h[7]\n\t" + "sqrdmulh v20.8h, v20.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "mul v25.8h, v21.8h, v7.h[7]\n\t" + "mul v26.8h, v22.8h, v7.h[7]\n\t" + "sqrdmulh v21.8h, v21.8h, v5.h[7]\n\t" + "sqrdmulh v22.8h, v22.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v25.8h, v23.8h, v7.h[7]\n\t" + "mul v26.8h, v24.8h, v7.h[7]\n\t" + "sqrdmulh v23.8h, v23.8h, v5.h[7]\n\t" + "sqrdmulh v24.8h, v24.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "str q9, [%x[r]]\n\t" + "str q10, [%x[r], #32]\n\t" + "str q11, [%x[r], #64]\n\t" + "str q12, [%x[r], #96]\n\t" + "str q13, [%x[r], #128]\n\t" + "str q14, [%x[r], #160]\n\t" + "str q15, [%x[r], #192]\n\t" + "str q16, [%x[r], #224]\n\t" + "str q17, [x1]\n\t" + "str q18, [x1, #32]\n\t" + "str q19, [x1, #64]\n\t" + "str q20, [x1, #96]\n\t" + "str q21, [x1, #128]\n\t" + "str q22, [x1, #160]\n\t" + "str q23, [x1, #192]\n\t" + "str q24, [x1, #224]\n\t" + "ldr q9, [%x[r], #16]\n\t" + "ldr q10, [%x[r], #48]\n\t" + "ldr q11, [%x[r], #80]\n\t" + "ldr q12, [%x[r], #112]\n\t" + "ldr q13, [%x[r], #144]\n\t" + "ldr q14, [%x[r], #176]\n\t" + "ldr q15, [%x[r], #208]\n\t" + "ldr q16, [%x[r], #240]\n\t" + "ldr q17, [x1, #16]\n\t" + "ldr q18, [x1, #48]\n\t" + "ldr q19, [x1, #80]\n\t" + "ldr q20, [x1, #112]\n\t" + "ldr q21, [x1, #144]\n\t" + "ldr q22, [x1, #176]\n\t" + "ldr q23, [x1, #208]\n\t" + "ldr q24, [x1, #240]\n\t" + "sub v26.8h, v9.8h, v10.8h\n\t" + "sub v28.8h, v11.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v10.8h\n\t" + "add v11.8h, v11.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v6.h[0]\n\t" + "mul v27.8h, v28.8h, v6.h[1]\n\t" + "sqrdmulh v10.8h, v26.8h, v4.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v4.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v10.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v10.8h, v10.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v10.8h, v10.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "sub v26.8h, v13.8h, v14.8h\n\t" + "sub v28.8h, v15.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v14.8h\n\t" + "add v15.8h, v15.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v6.h[2]\n\t" + "mul v27.8h, v28.8h, v6.h[3]\n\t" + "sqrdmulh v14.8h, v26.8h, v4.h[2]\n\t" + "sqrdmulh v16.8h, v28.8h, v4.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v14.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v14.8h, v14.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v14.8h, v14.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v18.8h\n\t" + "sub v28.8h, v19.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v18.8h\n\t" + "add v19.8h, v19.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v6.h[4]\n\t" + "mul v27.8h, v28.8h, v6.h[5]\n\t" + "sqrdmulh v18.8h, v26.8h, v4.h[4]\n\t" + "sqrdmulh v20.8h, v28.8h, v4.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v18.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v18.8h, v18.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v18.8h, v18.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v21.8h, v22.8h\n\t" + "sub v28.8h, v23.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v22.8h\n\t" + "add v23.8h, v23.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v6.h[6]\n\t" + "mul v27.8h, v28.8h, v6.h[7]\n\t" + "sqrdmulh v22.8h, v26.8h, v4.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v4.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v22.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v22.8h, v22.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v22.8h, v22.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sub v26.8h, v9.8h, v11.8h\n\t" + "sub v28.8h, v10.8h, v12.8h\n\t" + "add v9.8h, v9.8h, v11.8h\n\t" + "add v10.8h, v10.8h, v12.8h\n\t" + "mul v25.8h, v26.8h, v7.h[0]\n\t" + "mul v27.8h, v28.8h, v7.h[0]\n\t" + "sqrdmulh v11.8h, v26.8h, v5.h[0]\n\t" + "sqrdmulh v12.8h, v28.8h, v5.h[0]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v11.8h, v11.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "sub v26.8h, v13.8h, v15.8h\n\t" + "sub v28.8h, v14.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v15.8h\n\t" + "add v14.8h, v14.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v7.h[1]\n\t" + "mul v27.8h, v28.8h, v7.h[1]\n\t" + "sqrdmulh v15.8h, v26.8h, v5.h[1]\n\t" + "sqrdmulh v16.8h, v28.8h, v5.h[1]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v19.8h\n\t" + "sub v28.8h, v18.8h, v20.8h\n\t" + "add v17.8h, v17.8h, v19.8h\n\t" + "add v18.8h, v18.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v7.h[2]\n\t" + "mul v27.8h, v28.8h, v7.h[2]\n\t" + "sqrdmulh v19.8h, v26.8h, v5.h[2]\n\t" + "sqrdmulh v20.8h, v28.8h, v5.h[2]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v21.8h, v23.8h\n\t" + "sub v28.8h, v22.8h, v24.8h\n\t" + "add v21.8h, v21.8h, v23.8h\n\t" + "add v22.8h, v22.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[3]\n\t" + "mul v27.8h, v28.8h, v7.h[3]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[3]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sub v26.8h, v9.8h, v13.8h\n\t" + "sub v28.8h, v10.8h, v14.8h\n\t" + "add v9.8h, v9.8h, v13.8h\n\t" + "add v10.8h, v10.8h, v14.8h\n\t" + "mul v25.8h, v26.8h, v7.h[4]\n\t" + "mul v27.8h, v28.8h, v7.h[4]\n\t" + "sqrdmulh v13.8h, v26.8h, v5.h[4]\n\t" + "sqrdmulh v14.8h, v28.8h, v5.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v14.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v13.8h, v13.8h, v25.8h\n\t" + "sub v14.8h, v14.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "sub v26.8h, v11.8h, v15.8h\n\t" + "sub v28.8h, v12.8h, v16.8h\n\t" + "add v11.8h, v11.8h, v15.8h\n\t" + "add v12.8h, v12.8h, v16.8h\n\t" + "mul v25.8h, v26.8h, v7.h[4]\n\t" + "mul v27.8h, v28.8h, v7.h[4]\n\t" + "sqrdmulh v15.8h, v26.8h, v5.h[4]\n\t" + "sqrdmulh v16.8h, v28.8h, v5.h[4]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "sub v26.8h, v17.8h, v21.8h\n\t" + "sub v28.8h, v18.8h, v22.8h\n\t" + "add v17.8h, v17.8h, v21.8h\n\t" + "add v18.8h, v18.8h, v22.8h\n\t" + "mul v25.8h, v26.8h, v7.h[5]\n\t" + "mul v27.8h, v28.8h, v7.h[5]\n\t" + "sqrdmulh v21.8h, v26.8h, v5.h[5]\n\t" + "sqrdmulh v22.8h, v28.8h, v5.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "sub v26.8h, v19.8h, v23.8h\n\t" + "sub v28.8h, v20.8h, v24.8h\n\t" + "add v19.8h, v19.8h, v23.8h\n\t" + "add v20.8h, v20.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[5]\n\t" + "mul v27.8h, v28.8h, v7.h[5]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[5]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[5]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "sqdmulh v25.8h, v9.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v10.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v9.8h, v25.8h, v8.h[0]\n\t" + "mls v10.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v11.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v12.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v11.8h, v25.8h, v8.h[0]\n\t" + "mls v12.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v17.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v18.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v17.8h, v25.8h, v8.h[0]\n\t" + "mls v18.8h, v26.8h, v8.h[0]\n\t" + "sqdmulh v25.8h, v19.8h, v8.h[2]\n\t" + "sqdmulh v26.8h, v20.8h, v8.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v19.8h, v25.8h, v8.h[0]\n\t" + "mls v20.8h, v26.8h, v8.h[0]\n\t" + "sub v26.8h, v9.8h, v17.8h\n\t" + "sub v28.8h, v10.8h, v18.8h\n\t" + "add v9.8h, v9.8h, v17.8h\n\t" + "add v10.8h, v10.8h, v18.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v17.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v18.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v17.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v18.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v17.8h, v17.8h, v25.8h\n\t" + "sub v18.8h, v18.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v17.8h, v17.8h, #1\n\t" + "sshr v18.8h, v18.8h, #1\n\t" + "sub v26.8h, v11.8h, v19.8h\n\t" + "sub v28.8h, v12.8h, v20.8h\n\t" + "add v11.8h, v11.8h, v19.8h\n\t" + "add v12.8h, v12.8h, v20.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v19.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v20.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "sub v26.8h, v13.8h, v21.8h\n\t" + "sub v28.8h, v14.8h, v22.8h\n\t" + "add v13.8h, v13.8h, v21.8h\n\t" + "add v14.8h, v14.8h, v22.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v21.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v22.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "sub v26.8h, v15.8h, v23.8h\n\t" + "sub v28.8h, v16.8h, v24.8h\n\t" + "add v15.8h, v15.8h, v23.8h\n\t" + "add v16.8h, v16.8h, v24.8h\n\t" + "mul v25.8h, v26.8h, v7.h[6]\n\t" + "mul v27.8h, v28.8h, v7.h[6]\n\t" + "sqrdmulh v23.8h, v26.8h, v5.h[6]\n\t" + "sqrdmulh v24.8h, v28.8h, v5.h[6]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v27.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v27.8h, v27.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v27.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "mul v25.8h, v9.8h, v7.h[7]\n\t" + "mul v26.8h, v10.8h, v7.h[7]\n\t" + "sqrdmulh v9.8h, v9.8h, v5.h[7]\n\t" + "sqrdmulh v10.8h, v10.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v9.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v10.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v9.8h, v9.8h, v25.8h\n\t" + "sub v10.8h, v10.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v9.8h, v9.8h, #1\n\t" + "sshr v10.8h, v10.8h, #1\n\t" + "mul v25.8h, v11.8h, v7.h[7]\n\t" + "mul v26.8h, v12.8h, v7.h[7]\n\t" + "sqrdmulh v11.8h, v11.8h, v5.h[7]\n\t" + "sqrdmulh v12.8h, v12.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v12.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v11.8h, v11.8h, v25.8h\n\t" + "sub v12.8h, v12.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mul v25.8h, v13.8h, v7.h[7]\n\t" + "mul v26.8h, v14.8h, v7.h[7]\n\t" + "sqrdmulh v13.8h, v13.8h, v5.h[7]\n\t" + "sqrdmulh v14.8h, v14.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v14.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v13.8h, v13.8h, v25.8h\n\t" + "sub v14.8h, v14.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "mul v25.8h, v15.8h, v7.h[7]\n\t" + "mul v26.8h, v16.8h, v7.h[7]\n\t" + "sqrdmulh v15.8h, v15.8h, v5.h[7]\n\t" + "sqrdmulh v16.8h, v16.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v16.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v15.8h, v15.8h, v25.8h\n\t" + "sub v16.8h, v16.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "mul v25.8h, v17.8h, v7.h[7]\n\t" + "mul v26.8h, v18.8h, v7.h[7]\n\t" + "sqrdmulh v17.8h, v17.8h, v5.h[7]\n\t" + "sqrdmulh v18.8h, v18.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v17.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v18.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v17.8h, v17.8h, v25.8h\n\t" + "sub v18.8h, v18.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v17.8h, v17.8h, #1\n\t" + "sshr v18.8h, v18.8h, #1\n\t" + "mul v25.8h, v19.8h, v7.h[7]\n\t" + "mul v26.8h, v20.8h, v7.h[7]\n\t" + "sqrdmulh v19.8h, v19.8h, v5.h[7]\n\t" + "sqrdmulh v20.8h, v20.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v19.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v20.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v19.8h, v19.8h, v25.8h\n\t" + "sub v20.8h, v20.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v19.8h, v19.8h, #1\n\t" + "sshr v20.8h, v20.8h, #1\n\t" + "mul v25.8h, v21.8h, v7.h[7]\n\t" + "mul v26.8h, v22.8h, v7.h[7]\n\t" + "sqrdmulh v21.8h, v21.8h, v5.h[7]\n\t" + "sqrdmulh v22.8h, v22.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v21.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v22.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v21.8h, v21.8h, v25.8h\n\t" + "sub v22.8h, v22.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v21.8h, v21.8h, #1\n\t" + "sshr v22.8h, v22.8h, #1\n\t" + "mul v25.8h, v23.8h, v7.h[7]\n\t" + "mul v26.8h, v24.8h, v7.h[7]\n\t" + "sqrdmulh v23.8h, v23.8h, v5.h[7]\n\t" + "sqrdmulh v24.8h, v24.8h, v5.h[7]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v23.8h, v25.8h, v8.h[0]\n\t" + "sqrdmlsh v24.8h, v26.8h, v8.h[0]\n\t" +#else + "sqrdmulh v25.8h, v25.8h, v8.h[0]\n\t" + "sqrdmulh v26.8h, v26.8h, v8.h[0]\n\t" + "sub v23.8h, v23.8h, v25.8h\n\t" + "sub v24.8h, v24.8h, v26.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v23.8h, v23.8h, #1\n\t" + "sshr v24.8h, v24.8h, #1\n\t" + "str q9, [%x[r], #16]\n\t" + "str q10, [%x[r], #48]\n\t" + "str q11, [%x[r], #80]\n\t" + "str q12, [%x[r], #112]\n\t" + "str q13, [%x[r], #144]\n\t" + "str q14, [%x[r], #176]\n\t" + "str q15, [%x[r], #208]\n\t" + "str q16, [%x[r], #240]\n\t" + "str q17, [x1, #16]\n\t" + "str q18, [x1, #48]\n\t" + "str q19, [x1, #80]\n\t" + "str q20, [x1, #112]\n\t" + "str q21, [x1, #144]\n\t" + "str q22, [x1, #176]\n\t" + "str q23, [x1, #208]\n\t" + "str q24, [x1, #240]\n\t" + : [r] "+r" (r) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv) + : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "cc" + ); +} + +static const uint16_t L_kyber_aarch64_zetas_mul[] = { + 0x8b2, + 0xf74e, + 0x1ae, + 0xfe52, + 0x22b, + 0xfdd5, + 0x34b, + 0xfcb5, + 0x81e, + 0xf7e2, + 0x367, + 0xfc99, + 0x60e, + 0xf9f2, + 0x69, + 0xff97, + 0x1a6, + 0xfe5a, + 0x24b, + 0xfdb5, + 0xb1, + 0xff4f, + 0xc16, + 0xf3ea, + 0xbde, + 0xf422, + 0xb35, + 0xf4cb, + 0x626, + 0xf9da, + 0x675, + 0xf98b, + 0xc0b, + 0xf3f5, + 0x30a, + 0xfcf6, + 0x487, + 0xfb79, + 0xc6e, + 0xf392, + 0x9f8, + 0xf608, + 0x5cb, + 0xfa35, + 0xaa7, + 0xf559, + 0x45f, + 0xfba1, + 0x6cb, + 0xf935, + 0x284, + 0xfd7c, + 0x999, + 0xf667, + 0x15d, + 0xfea3, + 0x1a2, + 0xfe5e, + 0x149, + 0xfeb7, + 0xc65, + 0xf39b, + 0xcb6, + 0xf34a, + 0x331, + 0xfccf, + 0x449, + 0xfbb7, + 0x25b, + 0xfda5, + 0x262, + 0xfd9e, + 0x52a, + 0xfad6, + 0x7fc, + 0xf804, + 0x748, + 0xf8b8, + 0x180, + 0xfe80, + 0x842, + 0xf7be, + 0xc79, + 0xf387, + 0x4c2, + 0xfb3e, + 0x7ca, + 0xf836, + 0x997, + 0xf669, + 0xdc, + 0xff24, + 0x85e, + 0xf7a2, + 0x686, + 0xf97a, + 0x860, + 0xf7a0, + 0x707, + 0xf8f9, + 0x803, + 0xf7fd, + 0x31a, + 0xfce6, + 0x71b, + 0xf8e5, + 0x9ab, + 0xf655, + 0x99b, + 0xf665, + 0x1de, + 0xfe22, + 0xc95, + 0xf36b, + 0xbcd, + 0xf433, + 0x3e4, + 0xfc1c, + 0x3df, + 0xfc21, + 0x3be, + 0xfc42, + 0x74d, + 0xf8b3, + 0x5f2, + 0xfa0e, + 0x65c, + 0xf9a4, +}; + +void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_consts]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q1, [x4]\n\t" + "ldp q2, q3, [%x[a]]\n\t" + "ldp q4, q5, [%x[a], #32]\n\t" + "ldp q6, q7, [%x[a], #64]\n\t" + "ldp q8, q9, [%x[a], #96]\n\t" + "ldp q10, q11, [%x[b]]\n\t" + "ldp q12, q13, [%x[b], #32]\n\t" + "ldp q14, q15, [%x[b], #64]\n\t" + "ldp q16, q17, [%x[b], #96]\n\t" + "ldr q0, [x3]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r]]\n\t" + "ldr q0, [x3, #16]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #32]\n\t" + "ldr q0, [x3, #32]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #64]\n\t" + "ldr q0, [x3, #48]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #96]\n\t" + "ldp q2, q3, [%x[a], #128]\n\t" + "ldp q4, q5, [%x[a], #160]\n\t" + "ldp q6, q7, [%x[a], #192]\n\t" + "ldp q8, q9, [%x[a], #224]\n\t" + "ldp q10, q11, [%x[b], #128]\n\t" + "ldp q12, q13, [%x[b], #160]\n\t" + "ldp q14, q15, [%x[b], #192]\n\t" + "ldp q16, q17, [%x[b], #224]\n\t" + "ldr q0, [x3, #64]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #128]\n\t" + "ldr q0, [x3, #80]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #160]\n\t" + "ldr q0, [x3, #96]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #192]\n\t" + "ldr q0, [x3, #112]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #224]\n\t" + "ldp q2, q3, [%x[a], #256]\n\t" + "ldp q4, q5, [%x[a], #288]\n\t" + "ldp q6, q7, [%x[a], #320]\n\t" + "ldp q8, q9, [%x[a], #352]\n\t" + "ldp q10, q11, [%x[b], #256]\n\t" + "ldp q12, q13, [%x[b], #288]\n\t" + "ldp q14, q15, [%x[b], #320]\n\t" + "ldp q16, q17, [%x[b], #352]\n\t" + "ldr q0, [x3, #128]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #256]\n\t" + "ldr q0, [x3, #144]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #288]\n\t" + "ldr q0, [x3, #160]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #320]\n\t" + "ldr q0, [x3, #176]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #352]\n\t" + "ldp q2, q3, [%x[a], #384]\n\t" + "ldp q4, q5, [%x[a], #416]\n\t" + "ldp q6, q7, [%x[a], #448]\n\t" + "ldp q8, q9, [%x[a], #480]\n\t" + "ldp q10, q11, [%x[b], #384]\n\t" + "ldp q12, q13, [%x[b], #416]\n\t" + "ldp q14, q15, [%x[b], #448]\n\t" + "ldp q16, q17, [%x[b], #480]\n\t" + "ldr q0, [x3, #192]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #384]\n\t" + "ldr q0, [x3, #208]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #416]\n\t" + "ldr q0, [x3, #224]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #448]\n\t" + "ldr q0, [x3, #240]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "stp q24, q25, [%x[r], #480]\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "cc" + ); +} + +void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_consts]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q1, [x4]\n\t" + "ldp q2, q3, [%x[a]]\n\t" + "ldp q4, q5, [%x[a], #32]\n\t" + "ldp q6, q7, [%x[a], #64]\n\t" + "ldp q8, q9, [%x[a], #96]\n\t" + "ldp q10, q11, [%x[b]]\n\t" + "ldp q12, q13, [%x[b], #32]\n\t" + "ldp q14, q15, [%x[b], #64]\n\t" + "ldp q16, q17, [%x[b], #96]\n\t" + "ldp q28, q29, [%x[r]]\n\t" + "ldr q0, [x3]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r]]\n\t" + "ldp q28, q29, [%x[r], #32]\n\t" + "ldr q0, [x3, #16]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #32]\n\t" + "ldp q28, q29, [%x[r], #64]\n\t" + "ldr q0, [x3, #32]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #64]\n\t" + "ldp q28, q29, [%x[r], #96]\n\t" + "ldr q0, [x3, #48]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #96]\n\t" + "ldp q2, q3, [%x[a], #128]\n\t" + "ldp q4, q5, [%x[a], #160]\n\t" + "ldp q6, q7, [%x[a], #192]\n\t" + "ldp q8, q9, [%x[a], #224]\n\t" + "ldp q10, q11, [%x[b], #128]\n\t" + "ldp q12, q13, [%x[b], #160]\n\t" + "ldp q14, q15, [%x[b], #192]\n\t" + "ldp q16, q17, [%x[b], #224]\n\t" + "ldp q28, q29, [%x[r], #128]\n\t" + "ldr q0, [x3, #64]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #128]\n\t" + "ldp q28, q29, [%x[r], #160]\n\t" + "ldr q0, [x3, #80]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #160]\n\t" + "ldp q28, q29, [%x[r], #192]\n\t" + "ldr q0, [x3, #96]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #192]\n\t" + "ldp q28, q29, [%x[r], #224]\n\t" + "ldr q0, [x3, #112]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #224]\n\t" + "ldp q2, q3, [%x[a], #256]\n\t" + "ldp q4, q5, [%x[a], #288]\n\t" + "ldp q6, q7, [%x[a], #320]\n\t" + "ldp q8, q9, [%x[a], #352]\n\t" + "ldp q10, q11, [%x[b], #256]\n\t" + "ldp q12, q13, [%x[b], #288]\n\t" + "ldp q14, q15, [%x[b], #320]\n\t" + "ldp q16, q17, [%x[b], #352]\n\t" + "ldp q28, q29, [%x[r], #256]\n\t" + "ldr q0, [x3, #128]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #256]\n\t" + "ldp q28, q29, [%x[r], #288]\n\t" + "ldr q0, [x3, #144]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #288]\n\t" + "ldp q28, q29, [%x[r], #320]\n\t" + "ldr q0, [x3, #160]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #320]\n\t" + "ldp q28, q29, [%x[r], #352]\n\t" + "ldr q0, [x3, #176]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #352]\n\t" + "ldp q2, q3, [%x[a], #384]\n\t" + "ldp q4, q5, [%x[a], #416]\n\t" + "ldp q6, q7, [%x[a], #448]\n\t" + "ldp q8, q9, [%x[a], #480]\n\t" + "ldp q10, q11, [%x[b], #384]\n\t" + "ldp q12, q13, [%x[b], #416]\n\t" + "ldp q14, q15, [%x[b], #448]\n\t" + "ldp q16, q17, [%x[b], #480]\n\t" + "ldp q28, q29, [%x[r], #384]\n\t" + "ldr q0, [x3, #192]\n\t" + "uzp1 v18.8h, v2.8h, v3.8h\n\t" + "uzp2 v19.8h, v2.8h, v3.8h\n\t" + "uzp1 v20.8h, v10.8h, v11.8h\n\t" + "uzp2 v21.8h, v10.8h, v11.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #384]\n\t" + "ldp q28, q29, [%x[r], #416]\n\t" + "ldr q0, [x3, #208]\n\t" + "uzp1 v18.8h, v4.8h, v5.8h\n\t" + "uzp2 v19.8h, v4.8h, v5.8h\n\t" + "uzp1 v20.8h, v12.8h, v13.8h\n\t" + "uzp2 v21.8h, v12.8h, v13.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #416]\n\t" + "ldp q28, q29, [%x[r], #448]\n\t" + "ldr q0, [x3, #224]\n\t" + "uzp1 v18.8h, v6.8h, v7.8h\n\t" + "uzp2 v19.8h, v6.8h, v7.8h\n\t" + "uzp1 v20.8h, v14.8h, v15.8h\n\t" + "uzp2 v21.8h, v14.8h, v15.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #448]\n\t" + "ldp q28, q29, [%x[r], #480]\n\t" + "ldr q0, [x3, #240]\n\t" + "uzp1 v18.8h, v8.8h, v9.8h\n\t" + "uzp2 v19.8h, v8.8h, v9.8h\n\t" + "uzp1 v20.8h, v16.8h, v17.8h\n\t" + "uzp2 v21.8h, v16.8h, v17.8h\n\t" + "smull v26.4s, v18.4h, v20.4h\n\t" + "smull2 v27.4s, v18.8h, v20.8h\n\t" + "smull v23.4s, v19.4h, v21.4h\n\t" + "smull2 v24.4s, v19.8h, v21.8h\n\t" + "xtn v25.4h, v23.4s\n\t" + "xtn2 v25.8h, v24.4s\n\t" + "mul v25.8h, v25.8h, v1.h[1]\n\t" + "smlsl v23.4s, v25.4h, v1.h[0]\n\t" + "smlsl2 v24.4s, v25.8h, v1.h[0]\n\t" + "shrn v22.4h, v23.4s, #16\n\t" + "shrn2 v22.8h, v24.4s, #16\n\t" + "smlal v26.4s, v22.4h, v0.4h\n\t" + "smlal2 v27.4s, v22.8h, v0.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v22.4h, v26.4s, #16\n\t" + "shrn2 v22.8h, v27.4s, #16\n\t" + "smull v26.4s, v18.4h, v21.4h\n\t" + "smull2 v27.4s, v18.8h, v21.8h\n\t" + "smlal v26.4s, v19.4h, v20.4h\n\t" + "smlal2 v27.4s, v19.8h, v20.8h\n\t" + "xtn v24.4h, v26.4s\n\t" + "xtn2 v24.8h, v27.4s\n\t" + "mul v24.8h, v24.8h, v1.h[1]\n\t" + "smlsl v26.4s, v24.4h, v1.h[0]\n\t" + "smlsl2 v27.4s, v24.8h, v1.h[0]\n\t" + "shrn v23.4h, v26.4s, #16\n\t" + "shrn2 v23.8h, v27.4s, #16\n\t" + "zip1 v24.8h, v22.8h, v23.8h\n\t" + "zip2 v25.8h, v22.8h, v23.8h\n\t" + "add v28.8h, v28.8h, v24.8h\n\t" + "add v29.8h, v29.8h, v25.8h\n\t" + "stp q28, q29, [%x[r], #480]\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "cc" + ); +} + +void kyber_csubq_neon(sword16* p) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x1, %[L_kyber_aarch64_q]\n\t" + "add x1, x1, :lo12:%[L_kyber_aarch64_q]\n\t" +#else + "adrp x1, %[L_kyber_aarch64_q]@PAGE\n\t" + "add x1, x1, %[L_kyber_aarch64_q]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q20, [x1]\n\t" + "ld4 {v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t" + "ld4 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "ld4 {v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t" + "ld4 {v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t" + "sub %x[p], %x[p], #0x100\n\t" + "sub v0.8h, v0.8h, v20.8h\n\t" + "sub v1.8h, v1.8h, v20.8h\n\t" + "sub v2.8h, v2.8h, v20.8h\n\t" + "sub v3.8h, v3.8h, v20.8h\n\t" + "sub v4.8h, v4.8h, v20.8h\n\t" + "sub v5.8h, v5.8h, v20.8h\n\t" + "sub v6.8h, v6.8h, v20.8h\n\t" + "sub v7.8h, v7.8h, v20.8h\n\t" + "sub v8.8h, v8.8h, v20.8h\n\t" + "sub v9.8h, v9.8h, v20.8h\n\t" + "sub v10.8h, v10.8h, v20.8h\n\t" + "sub v11.8h, v11.8h, v20.8h\n\t" + "sub v12.8h, v12.8h, v20.8h\n\t" + "sub v13.8h, v13.8h, v20.8h\n\t" + "sub v14.8h, v14.8h, v20.8h\n\t" + "sub v15.8h, v15.8h, v20.8h\n\t" + "sshr v16.8h, v0.8h, #15\n\t" + "sshr v17.8h, v1.8h, #15\n\t" + "sshr v18.8h, v2.8h, #15\n\t" + "sshr v19.8h, v3.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v0.8h, v0.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "sshr v16.8h, v4.8h, #15\n\t" + "sshr v17.8h, v5.8h, #15\n\t" + "sshr v18.8h, v6.8h, #15\n\t" + "sshr v19.8h, v7.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v4.8h, v4.8h, v16.8h\n\t" + "add v5.8h, v5.8h, v17.8h\n\t" + "add v6.8h, v6.8h, v18.8h\n\t" + "add v7.8h, v7.8h, v19.8h\n\t" + "sshr v16.8h, v8.8h, #15\n\t" + "sshr v17.8h, v9.8h, #15\n\t" + "sshr v18.8h, v10.8h, #15\n\t" + "sshr v19.8h, v11.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v9.8h, v9.8h, v17.8h\n\t" + "add v10.8h, v10.8h, v18.8h\n\t" + "add v11.8h, v11.8h, v19.8h\n\t" + "sshr v16.8h, v12.8h, #15\n\t" + "sshr v17.8h, v13.8h, #15\n\t" + "sshr v18.8h, v14.8h, #15\n\t" + "sshr v19.8h, v15.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v12.8h, v12.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v17.8h\n\t" + "add v14.8h, v14.8h, v18.8h\n\t" + "add v15.8h, v15.8h, v19.8h\n\t" + "st4 {v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t" + "st4 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "st4 {v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t" + "st4 {v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t" + "ld4 {v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t" + "ld4 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "ld4 {v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t" + "ld4 {v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t" + "sub %x[p], %x[p], #0x100\n\t" + "sub v0.8h, v0.8h, v20.8h\n\t" + "sub v1.8h, v1.8h, v20.8h\n\t" + "sub v2.8h, v2.8h, v20.8h\n\t" + "sub v3.8h, v3.8h, v20.8h\n\t" + "sub v4.8h, v4.8h, v20.8h\n\t" + "sub v5.8h, v5.8h, v20.8h\n\t" + "sub v6.8h, v6.8h, v20.8h\n\t" + "sub v7.8h, v7.8h, v20.8h\n\t" + "sub v8.8h, v8.8h, v20.8h\n\t" + "sub v9.8h, v9.8h, v20.8h\n\t" + "sub v10.8h, v10.8h, v20.8h\n\t" + "sub v11.8h, v11.8h, v20.8h\n\t" + "sub v12.8h, v12.8h, v20.8h\n\t" + "sub v13.8h, v13.8h, v20.8h\n\t" + "sub v14.8h, v14.8h, v20.8h\n\t" + "sub v15.8h, v15.8h, v20.8h\n\t" + "sshr v16.8h, v0.8h, #15\n\t" + "sshr v17.8h, v1.8h, #15\n\t" + "sshr v18.8h, v2.8h, #15\n\t" + "sshr v19.8h, v3.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v0.8h, v0.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "sshr v16.8h, v4.8h, #15\n\t" + "sshr v17.8h, v5.8h, #15\n\t" + "sshr v18.8h, v6.8h, #15\n\t" + "sshr v19.8h, v7.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v4.8h, v4.8h, v16.8h\n\t" + "add v5.8h, v5.8h, v17.8h\n\t" + "add v6.8h, v6.8h, v18.8h\n\t" + "add v7.8h, v7.8h, v19.8h\n\t" + "sshr v16.8h, v8.8h, #15\n\t" + "sshr v17.8h, v9.8h, #15\n\t" + "sshr v18.8h, v10.8h, #15\n\t" + "sshr v19.8h, v11.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v9.8h, v9.8h, v17.8h\n\t" + "add v10.8h, v10.8h, v18.8h\n\t" + "add v11.8h, v11.8h, v19.8h\n\t" + "sshr v16.8h, v12.8h, #15\n\t" + "sshr v17.8h, v13.8h, #15\n\t" + "sshr v18.8h, v14.8h, #15\n\t" + "sshr v19.8h, v15.8h, #15\n\t" + "and v16.16b, v16.16b, v20.16b\n\t" + "and v17.16b, v17.16b, v20.16b\n\t" + "and v18.16b, v18.16b, v20.16b\n\t" + "and v19.16b, v19.16b, v20.16b\n\t" + "add v12.8h, v12.8h, v16.8h\n\t" + "add v13.8h, v13.8h, v17.8h\n\t" + "add v14.8h, v14.8h, v18.8h\n\t" + "add v15.8h, v15.8h, v19.8h\n\t" + "st4 {v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t" + "st4 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "st4 {v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t" + "st4 {v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t" + : [p] "+r" (p) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "cc" + ); +} + +void kyber_add_reduce(sword16* r, const sword16* a) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_consts]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q0, [x2]\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + : [r] "+r" (r), [a] "+r" (a) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc" + ); +} + +void kyber_add3_reduce(sword16* r, const sword16* a, const sword16* b) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_consts]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q0, [x3]\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t" + "ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "add v4.8h, v4.8h, v20.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sqdmulh v25.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v2.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v1.8h, v25.8h, v0.h[0]\n\t" + "mls v2.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v4.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v3.8h, v25.8h, v0.h[0]\n\t" + "mls v4.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v6.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v5.8h, v25.8h, v0.h[0]\n\t" + "mls v6.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v8.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v7.8h, v25.8h, v0.h[0]\n\t" + "mls v8.8h, v26.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t" + "ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "add v4.8h, v4.8h, v20.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sqdmulh v25.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v2.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v1.8h, v25.8h, v0.h[0]\n\t" + "mls v2.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v4.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v3.8h, v25.8h, v0.h[0]\n\t" + "mls v4.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v6.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v5.8h, v25.8h, v0.h[0]\n\t" + "mls v6.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v8.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v7.8h, v25.8h, v0.h[0]\n\t" + "mls v8.8h, v26.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t" + "ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "add v4.8h, v4.8h, v20.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sqdmulh v25.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v2.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v1.8h, v25.8h, v0.h[0]\n\t" + "mls v2.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v4.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v3.8h, v25.8h, v0.h[0]\n\t" + "mls v4.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v6.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v5.8h, v25.8h, v0.h[0]\n\t" + "mls v6.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v8.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v7.8h, v25.8h, v0.h[0]\n\t" + "mls v8.8h, v26.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "ld4 {v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t" + "ld4 {v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "add v1.8h, v1.8h, v9.8h\n\t" + "add v2.8h, v2.8h, v10.8h\n\t" + "add v3.8h, v3.8h, v11.8h\n\t" + "add v4.8h, v4.8h, v12.8h\n\t" + "add v5.8h, v5.8h, v13.8h\n\t" + "add v6.8h, v6.8h, v14.8h\n\t" + "add v7.8h, v7.8h, v15.8h\n\t" + "add v8.8h, v8.8h, v16.8h\n\t" + "add v1.8h, v1.8h, v17.8h\n\t" + "add v2.8h, v2.8h, v18.8h\n\t" + "add v3.8h, v3.8h, v19.8h\n\t" + "add v4.8h, v4.8h, v20.8h\n\t" + "add v5.8h, v5.8h, v21.8h\n\t" + "add v6.8h, v6.8h, v22.8h\n\t" + "add v7.8h, v7.8h, v23.8h\n\t" + "add v8.8h, v8.8h, v24.8h\n\t" + "sqdmulh v25.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v2.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v1.8h, v25.8h, v0.h[0]\n\t" + "mls v2.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v4.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v3.8h, v25.8h, v0.h[0]\n\t" + "mls v4.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v6.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v5.8h, v25.8h, v0.h[0]\n\t" + "mls v6.8h, v26.8h, v0.h[0]\n\t" + "sqdmulh v25.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v26.8h, v8.8h, v0.h[2]\n\t" + "sshr v25.8h, v25.8h, #11\n\t" + "sshr v26.8h, v26.8h, #11\n\t" + "mls v7.8h, v25.8h, v0.h[0]\n\t" + "mls v8.8h, v26.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc" + ); +} + +void kyber_rsub_reduce(sword16* r, const sword16* a) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_consts]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q0, [x2]\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "sub v1.8h, v9.8h, v1.8h\n\t" + "sub v2.8h, v10.8h, v2.8h\n\t" + "sub v3.8h, v11.8h, v3.8h\n\t" + "sub v4.8h, v12.8h, v4.8h\n\t" + "sub v5.8h, v13.8h, v5.8h\n\t" + "sub v6.8h, v14.8h, v6.8h\n\t" + "sub v7.8h, v15.8h, v7.8h\n\t" + "sub v8.8h, v16.8h, v8.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "sub v1.8h, v9.8h, v1.8h\n\t" + "sub v2.8h, v10.8h, v2.8h\n\t" + "sub v3.8h, v11.8h, v3.8h\n\t" + "sub v4.8h, v12.8h, v4.8h\n\t" + "sub v5.8h, v13.8h, v5.8h\n\t" + "sub v6.8h, v14.8h, v6.8h\n\t" + "sub v7.8h, v15.8h, v7.8h\n\t" + "sub v8.8h, v16.8h, v8.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "sub v1.8h, v9.8h, v1.8h\n\t" + "sub v2.8h, v10.8h, v2.8h\n\t" + "sub v3.8h, v11.8h, v3.8h\n\t" + "sub v4.8h, v12.8h, v4.8h\n\t" + "sub v5.8h, v13.8h, v5.8h\n\t" + "sub v6.8h, v14.8h, v6.8h\n\t" + "sub v7.8h, v15.8h, v7.8h\n\t" + "sub v8.8h, v16.8h, v8.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t" + "sub %x[r], %x[r], #0x80\n\t" + "sub v1.8h, v9.8h, v1.8h\n\t" + "sub v2.8h, v10.8h, v2.8h\n\t" + "sub v3.8h, v11.8h, v3.8h\n\t" + "sub v4.8h, v12.8h, v4.8h\n\t" + "sub v5.8h, v13.8h, v5.8h\n\t" + "sub v6.8h, v14.8h, v6.8h\n\t" + "sub v7.8h, v15.8h, v7.8h\n\t" + "sub v8.8h, v16.8h, v8.8h\n\t" + "sqdmulh v17.8h, v1.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v2.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v1.8h, v17.8h, v0.h[0]\n\t" + "mls v2.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v3.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v4.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v3.8h, v17.8h, v0.h[0]\n\t" + "mls v4.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v5.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v6.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v5.8h, v17.8h, v0.h[0]\n\t" + "mls v6.8h, v18.8h, v0.h[0]\n\t" + "sqdmulh v17.8h, v7.8h, v0.h[2]\n\t" + "sqdmulh v18.8h, v8.8h, v0.h[2]\n\t" + "sshr v17.8h, v17.8h, #11\n\t" + "sshr v18.8h, v18.8h, #11\n\t" + "mls v7.8h, v17.8h, v0.h[0]\n\t" + "mls v8.8h, v18.8h, v0.h[0]\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t" + : [r] "+r" (r), [a] "+r" (a) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc" + ); +} + +void kyber_to_mont(sword16* p) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x1, %[L_kyber_aarch64_consts]\n\t" + "add x1, x1, :lo12:%[L_kyber_aarch64_consts]\n\t" +#else + "adrp x1, %[L_kyber_aarch64_consts]@PAGE\n\t" + "add x1, x1, %[L_kyber_aarch64_consts]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q0, [x1]\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t" + "sub %x[p], %x[p], #0x100\n\t" + "mul v17.8h, v1.8h, v0.h[4]\n\t" + "mul v18.8h, v2.8h, v0.h[4]\n\t" + "sqrdmulh v1.8h, v1.8h, v0.h[3]\n\t" + "sqrdmulh v2.8h, v2.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v1.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v2.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v1.8h, v1.8h, v17.8h\n\t" + "sub v2.8h, v2.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v1.8h, v1.8h, #1\n\t" + "sshr v2.8h, v2.8h, #1\n\t" + "mul v17.8h, v3.8h, v0.h[4]\n\t" + "mul v18.8h, v4.8h, v0.h[4]\n\t" + "sqrdmulh v3.8h, v3.8h, v0.h[3]\n\t" + "sqrdmulh v4.8h, v4.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v3.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v4.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v3.8h, v3.8h, v17.8h\n\t" + "sub v4.8h, v4.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v3.8h, v3.8h, #1\n\t" + "sshr v4.8h, v4.8h, #1\n\t" + "mul v17.8h, v5.8h, v0.h[4]\n\t" + "mul v18.8h, v6.8h, v0.h[4]\n\t" + "sqrdmulh v5.8h, v5.8h, v0.h[3]\n\t" + "sqrdmulh v6.8h, v6.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v5.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v6.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v5.8h, v5.8h, v17.8h\n\t" + "sub v6.8h, v6.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v5.8h, v5.8h, #1\n\t" + "sshr v6.8h, v6.8h, #1\n\t" + "mul v17.8h, v7.8h, v0.h[4]\n\t" + "mul v18.8h, v8.8h, v0.h[4]\n\t" + "sqrdmulh v7.8h, v7.8h, v0.h[3]\n\t" + "sqrdmulh v8.8h, v8.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v7.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v8.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v7.8h, v7.8h, v17.8h\n\t" + "sub v8.8h, v8.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v7.8h, v7.8h, #1\n\t" + "sshr v8.8h, v8.8h, #1\n\t" + "mul v17.8h, v9.8h, v0.h[4]\n\t" + "mul v18.8h, v10.8h, v0.h[4]\n\t" + "sqrdmulh v9.8h, v9.8h, v0.h[3]\n\t" + "sqrdmulh v10.8h, v10.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v9.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v10.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v9.8h, v9.8h, v17.8h\n\t" + "sub v10.8h, v10.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v9.8h, v9.8h, #1\n\t" + "sshr v10.8h, v10.8h, #1\n\t" + "mul v17.8h, v11.8h, v0.h[4]\n\t" + "mul v18.8h, v12.8h, v0.h[4]\n\t" + "sqrdmulh v11.8h, v11.8h, v0.h[3]\n\t" + "sqrdmulh v12.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v12.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v11.8h, v11.8h, v17.8h\n\t" + "sub v12.8h, v12.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mul v17.8h, v13.8h, v0.h[4]\n\t" + "mul v18.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v13.8h, v13.8h, v0.h[3]\n\t" + "sqrdmulh v14.8h, v14.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v14.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v13.8h, v13.8h, v17.8h\n\t" + "sub v14.8h, v14.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "mul v17.8h, v15.8h, v0.h[4]\n\t" + "mul v18.8h, v16.8h, v0.h[4]\n\t" + "sqrdmulh v15.8h, v15.8h, v0.h[3]\n\t" + "sqrdmulh v16.8h, v16.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v16.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v15.8h, v15.8h, v17.8h\n\t" + "sub v16.8h, v16.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t" + "st4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t" + "st4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t" + "ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t" + "ld4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t" + "ld4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t" + "ld4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t" + "sub %x[p], %x[p], #0x100\n\t" + "mul v17.8h, v1.8h, v0.h[4]\n\t" + "mul v18.8h, v2.8h, v0.h[4]\n\t" + "sqrdmulh v1.8h, v1.8h, v0.h[3]\n\t" + "sqrdmulh v2.8h, v2.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v1.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v2.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v1.8h, v1.8h, v17.8h\n\t" + "sub v2.8h, v2.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v1.8h, v1.8h, #1\n\t" + "sshr v2.8h, v2.8h, #1\n\t" + "mul v17.8h, v3.8h, v0.h[4]\n\t" + "mul v18.8h, v4.8h, v0.h[4]\n\t" + "sqrdmulh v3.8h, v3.8h, v0.h[3]\n\t" + "sqrdmulh v4.8h, v4.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v3.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v4.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v3.8h, v3.8h, v17.8h\n\t" + "sub v4.8h, v4.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v3.8h, v3.8h, #1\n\t" + "sshr v4.8h, v4.8h, #1\n\t" + "mul v17.8h, v5.8h, v0.h[4]\n\t" + "mul v18.8h, v6.8h, v0.h[4]\n\t" + "sqrdmulh v5.8h, v5.8h, v0.h[3]\n\t" + "sqrdmulh v6.8h, v6.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v5.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v6.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v5.8h, v5.8h, v17.8h\n\t" + "sub v6.8h, v6.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v5.8h, v5.8h, #1\n\t" + "sshr v6.8h, v6.8h, #1\n\t" + "mul v17.8h, v7.8h, v0.h[4]\n\t" + "mul v18.8h, v8.8h, v0.h[4]\n\t" + "sqrdmulh v7.8h, v7.8h, v0.h[3]\n\t" + "sqrdmulh v8.8h, v8.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v7.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v8.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v7.8h, v7.8h, v17.8h\n\t" + "sub v8.8h, v8.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v7.8h, v7.8h, #1\n\t" + "sshr v8.8h, v8.8h, #1\n\t" + "mul v17.8h, v9.8h, v0.h[4]\n\t" + "mul v18.8h, v10.8h, v0.h[4]\n\t" + "sqrdmulh v9.8h, v9.8h, v0.h[3]\n\t" + "sqrdmulh v10.8h, v10.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v9.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v10.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v9.8h, v9.8h, v17.8h\n\t" + "sub v10.8h, v10.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v9.8h, v9.8h, #1\n\t" + "sshr v10.8h, v10.8h, #1\n\t" + "mul v17.8h, v11.8h, v0.h[4]\n\t" + "mul v18.8h, v12.8h, v0.h[4]\n\t" + "sqrdmulh v11.8h, v11.8h, v0.h[3]\n\t" + "sqrdmulh v12.8h, v12.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v11.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v12.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v11.8h, v11.8h, v17.8h\n\t" + "sub v12.8h, v12.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v11.8h, v11.8h, #1\n\t" + "sshr v12.8h, v12.8h, #1\n\t" + "mul v17.8h, v13.8h, v0.h[4]\n\t" + "mul v18.8h, v14.8h, v0.h[4]\n\t" + "sqrdmulh v13.8h, v13.8h, v0.h[3]\n\t" + "sqrdmulh v14.8h, v14.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v13.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v14.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v13.8h, v13.8h, v17.8h\n\t" + "sub v14.8h, v14.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v13.8h, v13.8h, #1\n\t" + "sshr v14.8h, v14.8h, #1\n\t" + "mul v17.8h, v15.8h, v0.h[4]\n\t" + "mul v18.8h, v16.8h, v0.h[4]\n\t" + "sqrdmulh v15.8h, v15.8h, v0.h[3]\n\t" + "sqrdmulh v16.8h, v16.8h, v0.h[3]\n\t" +#ifndef WOLFSSL_AARCH64_NO_SQRMLSH + "sqrdmlsh v15.8h, v17.8h, v0.h[0]\n\t" + "sqrdmlsh v16.8h, v18.8h, v0.h[0]\n\t" +#else + "sqrdmulh v17.8h, v17.8h, v0.h[0]\n\t" + "sqrdmulh v18.8h, v18.8h, v0.h[0]\n\t" + "sub v15.8h, v15.8h, v17.8h\n\t" + "sub v16.8h, v16.8h, v18.8h\n\t" +#endif /* !WOLFSSL_AARCH64_NO_SQRMLSH */ + "sshr v15.8h, v15.8h, #1\n\t" + "sshr v16.8h, v16.8h, #1\n\t" + "st4 {v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t" + "st4 {v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t" + "st4 {v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t" + "st4 {v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t" + : [p] "+r" (p) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul) + : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc" + ); +} + +static const uint16_t L_kyber_aarch64_to_msg_neon_low[] = { + 0x373, + 0x373, + 0x373, + 0x373, + 0x373, + 0x373, + 0x373, + 0x373, +}; + +static const uint16_t L_kyber_aarch64_to_msg_neon_high[] = { + 0x9c0, + 0x9c0, + 0x9c0, + 0x9c0, + 0x9c0, + 0x9c0, + 0x9c0, + 0x9c0, +}; + +static const uint16_t L_kyber_aarch64_to_msg_neon_bits[] = { + 0x1, + 0x2, + 0x4, + 0x8, + 0x10, + 0x20, + 0x40, + 0x80, +}; + +void kyber_to_msg_neon(byte* msg, sword16* p) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_to_msg_neon_low]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_to_msg_neon_high]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_to_msg_neon_bits]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldr q0, [x2]\n\t" + "ldr q1, [x3]\n\t" + "ldr q26, [x4]\n\t" + "ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t" + "ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t" + "cmge v10.8h, v2.8h, v0.8h\n\t" + "cmge v18.8h, v1.8h, v2.8h\n\t" + "cmge v11.8h, v3.8h, v0.8h\n\t" + "cmge v19.8h, v1.8h, v3.8h\n\t" + "cmge v12.8h, v4.8h, v0.8h\n\t" + "cmge v20.8h, v1.8h, v4.8h\n\t" + "cmge v13.8h, v5.8h, v0.8h\n\t" + "cmge v21.8h, v1.8h, v5.8h\n\t" + "cmge v14.8h, v6.8h, v0.8h\n\t" + "cmge v22.8h, v1.8h, v6.8h\n\t" + "cmge v15.8h, v7.8h, v0.8h\n\t" + "cmge v23.8h, v1.8h, v7.8h\n\t" + "cmge v16.8h, v8.8h, v0.8h\n\t" + "cmge v24.8h, v1.8h, v8.8h\n\t" + "cmge v17.8h, v9.8h, v0.8h\n\t" + "cmge v25.8h, v1.8h, v9.8h\n\t" + "and v18.16b, v18.16b, v10.16b\n\t" + "and v19.16b, v19.16b, v11.16b\n\t" + "and v20.16b, v20.16b, v12.16b\n\t" + "and v21.16b, v21.16b, v13.16b\n\t" + "and v22.16b, v22.16b, v14.16b\n\t" + "and v23.16b, v23.16b, v15.16b\n\t" + "and v24.16b, v24.16b, v16.16b\n\t" + "and v25.16b, v25.16b, v17.16b\n\t" + "and v18.16b, v18.16b, v26.16b\n\t" + "and v19.16b, v19.16b, v26.16b\n\t" + "and v20.16b, v20.16b, v26.16b\n\t" + "and v21.16b, v21.16b, v26.16b\n\t" + "and v22.16b, v22.16b, v26.16b\n\t" + "and v23.16b, v23.16b, v26.16b\n\t" + "and v24.16b, v24.16b, v26.16b\n\t" + "and v25.16b, v25.16b, v26.16b\n\t" + "addv h18, v18.8h\n\t" + "addv h19, v19.8h\n\t" + "addv h20, v20.8h\n\t" + "addv h21, v21.8h\n\t" + "addv h22, v22.8h\n\t" + "addv h23, v23.8h\n\t" + "addv h24, v24.8h\n\t" + "addv h25, v25.8h\n\t" + "ins v18.b[1], v19.b[0]\n\t" + "ins v18.b[2], v20.b[0]\n\t" + "ins v18.b[3], v21.b[0]\n\t" + "ins v18.b[4], v22.b[0]\n\t" + "ins v18.b[5], v23.b[0]\n\t" + "ins v18.b[6], v24.b[0]\n\t" + "ins v18.b[7], v25.b[0]\n\t" + "st1 {v18.8b}, [%x[msg]], #8\n\t" + "ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t" + "ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t" + "cmge v10.8h, v2.8h, v0.8h\n\t" + "cmge v18.8h, v1.8h, v2.8h\n\t" + "cmge v11.8h, v3.8h, v0.8h\n\t" + "cmge v19.8h, v1.8h, v3.8h\n\t" + "cmge v12.8h, v4.8h, v0.8h\n\t" + "cmge v20.8h, v1.8h, v4.8h\n\t" + "cmge v13.8h, v5.8h, v0.8h\n\t" + "cmge v21.8h, v1.8h, v5.8h\n\t" + "cmge v14.8h, v6.8h, v0.8h\n\t" + "cmge v22.8h, v1.8h, v6.8h\n\t" + "cmge v15.8h, v7.8h, v0.8h\n\t" + "cmge v23.8h, v1.8h, v7.8h\n\t" + "cmge v16.8h, v8.8h, v0.8h\n\t" + "cmge v24.8h, v1.8h, v8.8h\n\t" + "cmge v17.8h, v9.8h, v0.8h\n\t" + "cmge v25.8h, v1.8h, v9.8h\n\t" + "and v18.16b, v18.16b, v10.16b\n\t" + "and v19.16b, v19.16b, v11.16b\n\t" + "and v20.16b, v20.16b, v12.16b\n\t" + "and v21.16b, v21.16b, v13.16b\n\t" + "and v22.16b, v22.16b, v14.16b\n\t" + "and v23.16b, v23.16b, v15.16b\n\t" + "and v24.16b, v24.16b, v16.16b\n\t" + "and v25.16b, v25.16b, v17.16b\n\t" + "and v18.16b, v18.16b, v26.16b\n\t" + "and v19.16b, v19.16b, v26.16b\n\t" + "and v20.16b, v20.16b, v26.16b\n\t" + "and v21.16b, v21.16b, v26.16b\n\t" + "and v22.16b, v22.16b, v26.16b\n\t" + "and v23.16b, v23.16b, v26.16b\n\t" + "and v24.16b, v24.16b, v26.16b\n\t" + "and v25.16b, v25.16b, v26.16b\n\t" + "addv h18, v18.8h\n\t" + "addv h19, v19.8h\n\t" + "addv h20, v20.8h\n\t" + "addv h21, v21.8h\n\t" + "addv h22, v22.8h\n\t" + "addv h23, v23.8h\n\t" + "addv h24, v24.8h\n\t" + "addv h25, v25.8h\n\t" + "ins v18.b[1], v19.b[0]\n\t" + "ins v18.b[2], v20.b[0]\n\t" + "ins v18.b[3], v21.b[0]\n\t" + "ins v18.b[4], v22.b[0]\n\t" + "ins v18.b[5], v23.b[0]\n\t" + "ins v18.b[6], v24.b[0]\n\t" + "ins v18.b[7], v25.b[0]\n\t" + "st1 {v18.8b}, [%x[msg]], #8\n\t" + "ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t" + "ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t" + "cmge v10.8h, v2.8h, v0.8h\n\t" + "cmge v18.8h, v1.8h, v2.8h\n\t" + "cmge v11.8h, v3.8h, v0.8h\n\t" + "cmge v19.8h, v1.8h, v3.8h\n\t" + "cmge v12.8h, v4.8h, v0.8h\n\t" + "cmge v20.8h, v1.8h, v4.8h\n\t" + "cmge v13.8h, v5.8h, v0.8h\n\t" + "cmge v21.8h, v1.8h, v5.8h\n\t" + "cmge v14.8h, v6.8h, v0.8h\n\t" + "cmge v22.8h, v1.8h, v6.8h\n\t" + "cmge v15.8h, v7.8h, v0.8h\n\t" + "cmge v23.8h, v1.8h, v7.8h\n\t" + "cmge v16.8h, v8.8h, v0.8h\n\t" + "cmge v24.8h, v1.8h, v8.8h\n\t" + "cmge v17.8h, v9.8h, v0.8h\n\t" + "cmge v25.8h, v1.8h, v9.8h\n\t" + "and v18.16b, v18.16b, v10.16b\n\t" + "and v19.16b, v19.16b, v11.16b\n\t" + "and v20.16b, v20.16b, v12.16b\n\t" + "and v21.16b, v21.16b, v13.16b\n\t" + "and v22.16b, v22.16b, v14.16b\n\t" + "and v23.16b, v23.16b, v15.16b\n\t" + "and v24.16b, v24.16b, v16.16b\n\t" + "and v25.16b, v25.16b, v17.16b\n\t" + "and v18.16b, v18.16b, v26.16b\n\t" + "and v19.16b, v19.16b, v26.16b\n\t" + "and v20.16b, v20.16b, v26.16b\n\t" + "and v21.16b, v21.16b, v26.16b\n\t" + "and v22.16b, v22.16b, v26.16b\n\t" + "and v23.16b, v23.16b, v26.16b\n\t" + "and v24.16b, v24.16b, v26.16b\n\t" + "and v25.16b, v25.16b, v26.16b\n\t" + "addv h18, v18.8h\n\t" + "addv h19, v19.8h\n\t" + "addv h20, v20.8h\n\t" + "addv h21, v21.8h\n\t" + "addv h22, v22.8h\n\t" + "addv h23, v23.8h\n\t" + "addv h24, v24.8h\n\t" + "addv h25, v25.8h\n\t" + "ins v18.b[1], v19.b[0]\n\t" + "ins v18.b[2], v20.b[0]\n\t" + "ins v18.b[3], v21.b[0]\n\t" + "ins v18.b[4], v22.b[0]\n\t" + "ins v18.b[5], v23.b[0]\n\t" + "ins v18.b[6], v24.b[0]\n\t" + "ins v18.b[7], v25.b[0]\n\t" + "st1 {v18.8b}, [%x[msg]], #8\n\t" + "ld1 {v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t" + "ld1 {v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t" + "cmge v10.8h, v2.8h, v0.8h\n\t" + "cmge v18.8h, v1.8h, v2.8h\n\t" + "cmge v11.8h, v3.8h, v0.8h\n\t" + "cmge v19.8h, v1.8h, v3.8h\n\t" + "cmge v12.8h, v4.8h, v0.8h\n\t" + "cmge v20.8h, v1.8h, v4.8h\n\t" + "cmge v13.8h, v5.8h, v0.8h\n\t" + "cmge v21.8h, v1.8h, v5.8h\n\t" + "cmge v14.8h, v6.8h, v0.8h\n\t" + "cmge v22.8h, v1.8h, v6.8h\n\t" + "cmge v15.8h, v7.8h, v0.8h\n\t" + "cmge v23.8h, v1.8h, v7.8h\n\t" + "cmge v16.8h, v8.8h, v0.8h\n\t" + "cmge v24.8h, v1.8h, v8.8h\n\t" + "cmge v17.8h, v9.8h, v0.8h\n\t" + "cmge v25.8h, v1.8h, v9.8h\n\t" + "and v18.16b, v18.16b, v10.16b\n\t" + "and v19.16b, v19.16b, v11.16b\n\t" + "and v20.16b, v20.16b, v12.16b\n\t" + "and v21.16b, v21.16b, v13.16b\n\t" + "and v22.16b, v22.16b, v14.16b\n\t" + "and v23.16b, v23.16b, v15.16b\n\t" + "and v24.16b, v24.16b, v16.16b\n\t" + "and v25.16b, v25.16b, v17.16b\n\t" + "and v18.16b, v18.16b, v26.16b\n\t" + "and v19.16b, v19.16b, v26.16b\n\t" + "and v20.16b, v20.16b, v26.16b\n\t" + "and v21.16b, v21.16b, v26.16b\n\t" + "and v22.16b, v22.16b, v26.16b\n\t" + "and v23.16b, v23.16b, v26.16b\n\t" + "and v24.16b, v24.16b, v26.16b\n\t" + "and v25.16b, v25.16b, v26.16b\n\t" + "addv h18, v18.8h\n\t" + "addv h19, v19.8h\n\t" + "addv h20, v20.8h\n\t" + "addv h21, v21.8h\n\t" + "addv h22, v22.8h\n\t" + "addv h23, v23.8h\n\t" + "addv h24, v24.8h\n\t" + "addv h25, v25.8h\n\t" + "ins v18.b[1], v19.b[0]\n\t" + "ins v18.b[2], v20.b[0]\n\t" + "ins v18.b[3], v21.b[0]\n\t" + "ins v18.b[4], v22.b[0]\n\t" + "ins v18.b[5], v23.b[0]\n\t" + "ins v18.b[6], v24.b[0]\n\t" + "ins v18.b[7], v25.b[0]\n\t" + "st1 {v18.8b}, [%x[msg]], #8\n\t" + : [msg] "+r" (msg), [p] "+r" (p) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits) + : "memory", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc" + ); +} + +static const uint16_t L_kyber_aarch64_from_msg_neon_q1half[] = { + 0x681, + 0x681, + 0x681, + 0x681, + 0x681, + 0x681, + 0x681, + 0x681, +}; + +static const uint8_t L_kyber_aarch64_from_msg_neon_bits[] = { + 0x1, + 0x2, + 0x4, + 0x8, + 0x10, + 0x20, + 0x40, + 0x80, + 0x1, + 0x2, + 0x4, + 0x8, + 0x10, + 0x20, + 0x40, + 0x80, +}; + +void kyber_from_msg_neon(sword16* p, const byte* msg) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]\n\t" + "add x2, x2, :lo12:%[L_kyber_aarch64_from_msg_neon_q1half]\n\t" +#else + "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGE\n\t" + "add x2, x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]\n\t" + "add x3, x3, :lo12:%[L_kyber_aarch64_from_msg_neon_bits]\n\t" +#else + "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGE\n\t" + "add x3, x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ld1 {v2.16b, v3.16b}, [%x[msg]]\n\t" + "ldr q1, [x2]\n\t" + "ldr q0, [x3]\n\t" + "dup v4.8b, v2.b[0]\n\t" + "dup v5.8b, v2.b[1]\n\t" + "dup v6.8b, v2.b[2]\n\t" + "dup v7.8b, v2.b[3]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v2.b[4]\n\t" + "dup v5.8b, v2.b[5]\n\t" + "dup v6.8b, v2.b[6]\n\t" + "dup v7.8b, v2.b[7]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v2.b[8]\n\t" + "dup v5.8b, v2.b[9]\n\t" + "dup v6.8b, v2.b[10]\n\t" + "dup v7.8b, v2.b[11]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v2.b[12]\n\t" + "dup v5.8b, v2.b[13]\n\t" + "dup v6.8b, v2.b[14]\n\t" + "dup v7.8b, v2.b[15]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v3.b[0]\n\t" + "dup v5.8b, v3.b[1]\n\t" + "dup v6.8b, v3.b[2]\n\t" + "dup v7.8b, v3.b[3]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v3.b[4]\n\t" + "dup v5.8b, v3.b[5]\n\t" + "dup v6.8b, v3.b[6]\n\t" + "dup v7.8b, v3.b[7]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v3.b[8]\n\t" + "dup v5.8b, v3.b[9]\n\t" + "dup v6.8b, v3.b[10]\n\t" + "dup v7.8b, v3.b[11]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + "dup v4.8b, v3.b[12]\n\t" + "dup v5.8b, v3.b[13]\n\t" + "dup v6.8b, v3.b[14]\n\t" + "dup v7.8b, v3.b[15]\n\t" + "cmtst v4.8b, v4.8b, v0.8b\n\t" + "cmtst v5.8b, v5.8b, v0.8b\n\t" + "cmtst v6.8b, v6.8b, v0.8b\n\t" + "cmtst v7.8b, v7.8b, v0.8b\n\t" + "zip1 v4.16b, v4.16b, v4.16b\n\t" + "zip1 v5.16b, v5.16b, v5.16b\n\t" + "zip1 v6.16b, v6.16b, v6.16b\n\t" + "zip1 v7.16b, v7.16b, v7.16b\n\t" + "and v4.16b, v4.16b, v1.16b\n\t" + "and v5.16b, v5.16b, v1.16b\n\t" + "and v6.16b, v6.16b, v1.16b\n\t" + "and v7.16b, v7.16b, v1.16b\n\t" + "st1 {v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t" + : [p] "+r" (p), [msg] "+r" (msg) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits) + : "memory", "x2", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc" + ); +} + +int kyber_cmp_neon(const byte* a, const byte* b, int sz) +{ + __asm__ __volatile__ ( + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v8.16b, v0.16b, v4.16b\n\t" + "eor v9.16b, v1.16b, v5.16b\n\t" + "eor v10.16b, v2.16b, v6.16b\n\t" + "eor v11.16b, v3.16b, v7.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "subs %w[sz], %w[sz], #0x300\n\t" + "beq L_kyber_aarch64_cmp_neon_done_%=\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "subs %w[sz], %w[sz], #0x140\n\t" + "beq L_kyber_aarch64_cmp_neon_done_%=\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld4 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t" + "ld4 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld2 {v0.16b, v1.16b}, [%x[a]]\n\t" + "ld2 {v4.16b, v5.16b}, [%x[b]]\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "\n" + "L_kyber_aarch64_cmp_neon_done_%=: \n\t" + "orr v8.16b, v8.16b, v9.16b\n\t" + "orr v10.16b, v10.16b, v11.16b\n\t" + "orr v8.16b, v8.16b, v10.16b\n\t" + "ins v9.b[0], v8.b[1]\n\t" + "orr v8.16b, v8.16b, v9.16b\n\t" + "mov x0, v8.d[0]\n\t" + "subs x0, x0, xzr\n\t" + "csetm w0, ne\n\t" + : [a] "+r" (a), [b] "+r" (b), [sz] "+r" (sz) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits) + : "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc" + ); + return (uint32_t)(size_t)a; +} + +static const uint16_t L_kyber_aarch64_rej_uniform_neon_mask[] = { + 0xfff, + 0xfff, + 0xfff, + 0xfff, + 0xfff, + 0xfff, + 0xfff, + 0xfff, +}; + +static const uint16_t L_kyber_aarch64_rej_uniform_neon_bits[] = { + 0x1, + 0x2, + 0x4, + 0x8, + 0x10, + 0x20, + 0x40, + 0x80, +}; + +static const uint8_t L_kyber_aarch64_rej_uniform_neon_indeces[] = { + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xff, + 0xff, + 0xff, + 0xff, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xff, + 0xff, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xe, + 0xf, + 0xff, + 0xff, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0xff, + 0xff, + 0x0, + 0x1, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, + 0xff, + 0xff, + 0x0, + 0x1, + 0x2, + 0x3, + 0x4, + 0x5, + 0x6, + 0x7, + 0x8, + 0x9, + 0xa, + 0xb, + 0xc, + 0xd, + 0xe, + 0xf, +}; + +unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, const byte* r, unsigned int rLen) +{ + __asm__ __volatile__ ( +#ifndef __APPLE__ + "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]\n\t" + "add x4, x4, :lo12:%[L_kyber_aarch64_rej_uniform_neon_mask]\n\t" +#else + "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGE\n\t" + "add x4, x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x5, %[L_kyber_aarch64_q]\n\t" + "add x5, x5, :lo12:%[L_kyber_aarch64_q]\n\t" +#else + "adrp x5, %[L_kyber_aarch64_q]@PAGE\n\t" + "add x5, x5, %[L_kyber_aarch64_q]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]\n\t" + "add x6, x6, :lo12:%[L_kyber_aarch64_rej_uniform_neon_bits]\n\t" +#else + "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGE\n\t" + "add x6, x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGEOFF\n\t" +#endif /* __APPLE__ */ +#ifndef __APPLE__ + "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indeces]\n\t" + "add x7, x7, :lo12:%[L_kyber_aarch64_rej_uniform_neon_indeces]\n\t" +#else + "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indeces]@PAGE\n\t" + "add x7, x7, %[L_kyber_aarch64_rej_uniform_neon_indeces]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "eor v1.16b, v1.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v12.16b\n\t" + "eor v13.16b, v13.16b, v13.16b\n\t" + "eor x12, x12, x12\n\t" + "eor v10.16b, v10.16b, v10.16b\n\t" + "eor v11.16b, v11.16b, v11.16b\n\t" + "mov x13, #0xd01\n\t" + "ldr q0, [x4]\n\t" + "ldr q3, [x5]\n\t" + "ldr q2, [x6]\n\t" + "subs wzr, %w[len], #0\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "subs wzr, %w[len], #16\n\t" + "blt L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t" + "\n" + "L_kyber_aarch64_rej_uniform_neon_loop_16_%=: \n\t" + "ld3 {v4.8b, v5.8b, v6.8b}, [%x[r]], #24\n\t" + "zip1 v4.16b, v4.16b, v1.16b\n\t" + "zip1 v5.16b, v5.16b, v1.16b\n\t" + "zip1 v6.16b, v6.16b, v1.16b\n\t" + "shl v7.8h, v5.8h, #8\n\t" + "ushr v8.8h, v5.8h, #4\n\t" + "shl v6.8h, v6.8h, #4\n\t" + "orr v4.16b, v4.16b, v7.16b\n\t" + "orr v5.16b, v8.16b, v6.16b\n\t" + "and v7.16b, v4.16b, v0.16b\n\t" + "and v8.16b, v5.16b, v0.16b\n\t" + "zip1 v4.8h, v7.8h, v8.8h\n\t" + "zip2 v5.8h, v7.8h, v8.8h\n\t" + "cmgt v7.8h, v3.8h, v4.8h\n\t" + "cmgt v8.8h, v3.8h, v5.8h\n\t" + "ushr v12.8h, v7.8h, #15\n\t" + "ushr v13.8h, v8.8h, #15\n\t" + "addv h12, v12.8h\n\t" + "addv h13, v13.8h\n\t" + "mov x10, v12.d[0]\n\t" + "mov x11, v13.d[0]\n\t" + "and v10.16b, v7.16b, v2.16b\n\t" + "and v11.16b, v8.16b, v2.16b\n\t" + "addv h10, v10.8h\n\t" + "addv h11, v11.8h\n\t" + "mov w8, v10.s[0]\n\t" + "mov w9, v11.s[0]\n\t" + "lsl w8, w8, #4\n\t" + "lsl w9, w9, #4\n\t" + "ldr q10, [x7, x8]\n\t" + "ldr q11, [x7, x9]\n\t" + "tbl v7.16b, {v4.16b}, v10.16b\n\t" + "tbl v8.16b, {v5.16b}, v11.16b\n\t" + "str q7, [%x[p]]\n\t" + "add %x[p], %x[p], x10, lsl 1\n\t" + "add x12, x12, x10\n\t" + "str q8, [%x[p]]\n\t" + "add %x[p], %x[p], x11, lsl 1\n\t" + "add x12, x12, x11\n\t" + "subs %w[rLen], %w[rLen], #24\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "sub w10, %w[len], w12\n\t" + "subs x10, x10, #16\n\t" + "blt L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t" + "b L_kyber_aarch64_rej_uniform_neon_loop_16_%=\n\t" + "\n" + "L_kyber_aarch64_rej_uniform_neon_loop_4_%=: \n\t" + "subs w10, %w[len], w12\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "subs x10, x10, #4\n\t" + "blt L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t" + "ldr x4, [%x[r]], #6\n\t" + "lsr x5, x4, #12\n\t" + "lsr x6, x4, #24\n\t" + "lsr x7, x4, #36\n\t" + "and x4, x4, #0xfff\n\t" + "and x5, x5, #0xfff\n\t" + "and x6, x6, #0xfff\n\t" + "and x7, x7, #0xfff\n\t" + "strh w4, [%x[p]]\n\t" + "subs xzr, x4, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "strh w5, [%x[p]]\n\t" + "subs xzr, x5, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "strh w6, [%x[p]]\n\t" + "subs xzr, x6, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "strh w7, [%x[p]]\n\t" + "subs xzr, x7, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "subs %w[rLen], %w[rLen], #6\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "b L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t" + "\n" + "L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=: \n\t" + "ldr x4, [%x[r]], #6\n\t" + "lsr x5, x4, #12\n\t" + "lsr x6, x4, #24\n\t" + "lsr x7, x4, #36\n\t" + "and x4, x4, #0xfff\n\t" + "and x5, x5, #0xfff\n\t" + "and x6, x6, #0xfff\n\t" + "and x7, x7, #0xfff\n\t" + "strh w4, [%x[p]]\n\t" + "subs xzr, x4, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "subs wzr, %w[len], w12\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "strh w5, [%x[p]]\n\t" + "subs xzr, x5, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "subs wzr, %w[len], w12\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "strh w6, [%x[p]]\n\t" + "subs xzr, x6, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "subs wzr, %w[len], w12\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "strh w7, [%x[p]]\n\t" + "subs xzr, x7, x13\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc %x[p], %x[p], lt\n\t" + "cinc x12, x12, lt\n\t" + "subs wzr, %w[len], w12\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "subs %w[rLen], %w[rLen], #6\n\t" + "beq L_kyber_aarch64_rej_uniform_neon_done_%=\n\t" + "b L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t" + "\n" + "L_kyber_aarch64_rej_uniform_neon_done_%=: \n\t" + "mov x0, x12\n\t" + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "cc" + ); + return (uint32_t)(size_t)p; +} + +#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 +void kyber_sha3_blocksx3_neon(word64* state) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x27, %[L_sha3_aarch64_r]\n\t" + "add x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "ld4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "ld4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "ld4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "ld4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "ld4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "ld4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "ld1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "ld4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "ld4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "ld4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "ld4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "ld4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "ld4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "ld1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "ldp x1, x2, [%x[state]]\n\t" + "ldp x3, x4, [%x[state], #16]\n\t" + "ldp x5, x6, [%x[state], #32]\n\t" + "ldp x7, x8, [%x[state], #48]\n\t" + "ldp x9, x10, [%x[state], #64]\n\t" + "ldp x11, x12, [%x[state], #80]\n\t" + "ldp x13, x14, [%x[state], #96]\n\t" + "ldp x15, x16, [%x[state], #112]\n\t" + "ldp x17, x19, [%x[state], #128]\n\t" + "ldp x20, x21, [%x[state], #144]\n\t" + "ldp x22, x23, [%x[state], #160]\n\t" + "ldp x24, x25, [%x[state], #176]\n\t" + "ldr x26, [%x[state], #192]\n\t" + "mov x28, #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t" + "stp x27, x28, [x29, #48]\n\t" + /* Col Mix */ + "eor3 v31.16b, v0.16b, v5.16b, v10.16b\n\t" + "eor %x[state], x5, x10\n\t" + "eor3 v27.16b, v1.16b, v6.16b, v11.16b\n\t" + "eor x30, x1, x6\n\t" + "eor3 v28.16b, v2.16b, v7.16b, v12.16b\n\t" + "eor x28, x3, x8\n\t" + "eor3 v29.16b, v3.16b, v8.16b, v13.16b\n\t" + "eor %x[state], %x[state], x15\n\t" + "eor3 v30.16b, v4.16b, v9.16b, v14.16b\n\t" + "eor x30, x30, x11\n\t" + "eor3 v31.16b, v31.16b, v15.16b, v20.16b\n\t" + "eor x28, x28, x13\n\t" + "eor3 v27.16b, v27.16b, v16.16b, v21.16b\n\t" + "eor %x[state], %x[state], x21\n\t" + "eor3 v28.16b, v28.16b, v17.16b, v22.16b\n\t" + "eor x30, x30, x16\n\t" + "eor3 v29.16b, v29.16b, v18.16b, v23.16b\n\t" + "eor x28, x28, x19\n\t" + "eor3 v30.16b, v30.16b, v19.16b, v24.16b\n\t" + "eor %x[state], %x[state], x26\n\t" + "rax1 v25.2d, v30.2d, v27.2d\n\t" + "eor x30, x30, x22\n\t" + "rax1 v26.2d, v31.2d, v28.2d\n\t" + "eor x28, x28, x24\n\t" + "rax1 v27.2d, v27.2d, v29.2d\n\t" + "str %x[state], [x29, #32]\n\t" + "rax1 v28.2d, v28.2d, v30.2d\n\t" + "str x28, [x29, #24]\n\t" + "rax1 v29.2d, v29.2d, v31.2d\n\t" + "eor x27, x2, x7\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "xar v30.2d, v1.2d, v26.2d, #63\n\t" + "eor x28, x4, x9\n\t" + "xar v1.2d, v6.2d, v26.2d, #20\n\t" + "eor x27, x27, x12\n\t" + "xar v6.2d, v9.2d, v29.2d, #44\n\t" + "eor x28, x28, x14\n\t" + "xar v9.2d, v22.2d, v27.2d, #3\n\t" + "eor x27, x27, x17\n\t" + "xar v22.2d, v14.2d, v29.2d, #25\n\t" + "eor x28, x28, x20\n\t" + "xar v14.2d, v20.2d, v25.2d, #46\n\t" + "eor x27, x27, x23\n\t" + "xar v20.2d, v2.2d, v27.2d, #2\n\t" + "eor x28, x28, x25\n\t" + "xar v2.2d, v12.2d, v27.2d, #21\n\t" + "eor %x[state], %x[state], x27, ror 63\n\t" + "xar v12.2d, v13.2d, v28.2d, #39\n\t" + "eor x27, x27, x28, ror 63\n\t" + "xar v13.2d, v19.2d, v29.2d, #56\n\t" + "eor x1, x1, %x[state]\n\t" + "xar v19.2d, v23.2d, v28.2d, #8\n\t" + "eor x6, x6, %x[state]\n\t" + "xar v23.2d, v15.2d, v25.2d, #23\n\t" + "eor x11, x11, %x[state]\n\t" + "xar v15.2d, v4.2d, v29.2d, #37\n\t" + "eor x16, x16, %x[state]\n\t" + "xar v4.2d, v24.2d, v29.2d, #50\n\t" + "eor x22, x22, %x[state]\n\t" + "xar v24.2d, v21.2d, v26.2d, #62\n\t" + "eor x3, x3, x27\n\t" + "xar v21.2d, v8.2d, v28.2d, #9\n\t" + "eor x8, x8, x27\n\t" + "xar v8.2d, v16.2d, v26.2d, #19\n\t" + "eor x13, x13, x27\n\t" + "xar v16.2d, v5.2d, v25.2d, #28\n\t" + "eor x19, x19, x27\n\t" + "xar v5.2d, v3.2d, v28.2d, #36\n\t" + "eor x24, x24, x27\n\t" + "xar v3.2d, v18.2d, v28.2d, #43\n\t" + "ldr %x[state], [x29, #32]\n\t" + "xar v18.2d, v17.2d, v27.2d, #49\n\t" + "ldr x27, [x29, #24]\n\t" + "xar v17.2d, v11.2d, v26.2d, #54\n\t" + "eor x28, x28, x30, ror 63\n\t" + "xar v11.2d, v7.2d, v27.2d, #58\n\t" + "eor x30, x30, x27, ror 63\n\t" + "xar v7.2d, v10.2d, v25.2d, #61\n\t" + "eor x27, x27, %x[state], ror 63\n\t" + /* Row Mix */ + "mov v25.16b, v0.16b\n\t" + "eor x5, x5, x28\n\t" + "mov v26.16b, v1.16b\n\t" + "eor x10, x10, x28\n\t" + "bcax v0.16b, v25.16b, v2.16b, v26.16b\n\t" + "eor x15, x15, x28\n\t" + "bcax v1.16b, v26.16b, v3.16b, v2.16b\n\t" + "eor x21, x21, x28\n\t" + "bcax v2.16b, v2.16b, v4.16b, v3.16b\n\t" + "eor x26, x26, x28\n\t" + "bcax v3.16b, v3.16b, v25.16b, v4.16b\n\t" + "eor x2, x2, x30\n\t" + "bcax v4.16b, v4.16b, v26.16b, v25.16b\n\t" + "eor x7, x7, x30\n\t" + "mov v25.16b, v5.16b\n\t" + "eor x12, x12, x30\n\t" + "mov v26.16b, v6.16b\n\t" + "eor x17, x17, x30\n\t" + "bcax v5.16b, v25.16b, v7.16b, v26.16b\n\t" + "eor x23, x23, x30\n\t" + "bcax v6.16b, v26.16b, v8.16b, v7.16b\n\t" + "eor x4, x4, x27\n\t" + "bcax v7.16b, v7.16b, v9.16b, v8.16b\n\t" + "eor x9, x9, x27\n\t" + "bcax v8.16b, v8.16b, v25.16b, v9.16b\n\t" + "eor x14, x14, x27\n\t" + "bcax v9.16b, v9.16b, v26.16b, v25.16b\n\t" + "eor x20, x20, x27\n\t" + "mov v26.16b, v11.16b\n\t" + "eor x25, x25, x27\n\t" + /* Swap Rotate Base */ + "bcax v10.16b, v30.16b, v12.16b, v26.16b\n\t" + "ror %x[state], x2, #63\n\t" + "bcax v11.16b, v26.16b, v13.16b, v12.16b\n\t" + "ror x2, x7, #20\n\t" + "bcax v12.16b, v12.16b, v14.16b, v13.16b\n\t" + "ror x7, x10, #44\n\t" + "bcax v13.16b, v13.16b, v30.16b, v14.16b\n\t" + "ror x10, x24, #3\n\t" + "bcax v14.16b, v14.16b, v26.16b, v30.16b\n\t" + "ror x24, x15, #25\n\t" + "mov v25.16b, v15.16b\n\t" + "ror x15, x22, #46\n\t" + "mov v26.16b, v16.16b\n\t" + "ror x22, x3, #2\n\t" + "bcax v15.16b, v25.16b, v17.16b, v26.16b\n\t" + "ror x3, x13, #21\n\t" + "bcax v16.16b, v26.16b, v18.16b, v17.16b\n\t" + "ror x13, x14, #39\n\t" + "bcax v17.16b, v17.16b, v19.16b, v18.16b\n\t" + "ror x14, x21, #56\n\t" + "bcax v18.16b, v18.16b, v25.16b, v19.16b\n\t" + "ror x21, x25, #8\n\t" + "bcax v19.16b, v19.16b, v26.16b, v25.16b\n\t" + "ror x25, x16, #23\n\t" + "mov v25.16b, v20.16b\n\t" + "ror x16, x5, #37\n\t" + "mov v26.16b, v21.16b\n\t" + "ror x5, x26, #50\n\t" + "bcax v20.16b, v25.16b, v22.16b, v26.16b\n\t" + "ror x26, x23, #62\n\t" + "bcax v21.16b, v26.16b, v23.16b, v22.16b\n\t" + "ror x23, x9, #9\n\t" + "bcax v22.16b, v22.16b, v24.16b, v23.16b\n\t" + "ror x9, x17, #19\n\t" + "bcax v23.16b, v23.16b, v25.16b, v24.16b\n\t" + "ror x17, x6, #28\n\t" + "bcax v24.16b, v24.16b, v26.16b, v25.16b\n\t" + "ror x6, x4, #36\n\t" + "ror x4, x20, #43\n\t" + "ror x20, x19, #49\n\t" + "ror x19, x12, #54\n\t" + "ror x12, x8, #58\n\t" + "ror x8, x11, #61\n\t" + /* Row Mix Base */ + "bic x11, x3, x2\n\t" + "bic x27, x4, x3\n\t" + "bic x28, x1, x5\n\t" + "bic x30, x2, x1\n\t" + "eor x1, x1, x11\n\t" + "eor x2, x2, x27\n\t" + "bic x11, x5, x4\n\t" + "eor x4, x4, x28\n\t" + "eor x3, x3, x11\n\t" + "eor x5, x5, x30\n\t" + "bic x11, x8, x7\n\t" + "bic x27, x9, x8\n\t" + "bic x28, x6, x10\n\t" + "bic x30, x7, x6\n\t" + "eor x6, x6, x11\n\t" + "eor x7, x7, x27\n\t" + "bic x11, x10, x9\n\t" + "eor x9, x9, x28\n\t" + "eor x8, x8, x11\n\t" + "eor x10, x10, x30\n\t" + "bic x11, x13, x12\n\t" + "bic x27, x14, x13\n\t" + "bic x28, %x[state], x15\n\t" + "bic x30, x12, %x[state]\n\t" + "eor x11, %x[state], x11\n\t" + "eor x12, x12, x27\n\t" + "bic %x[state], x15, x14\n\t" + "eor x14, x14, x28\n\t" + "eor x13, x13, %x[state]\n\t" + "eor x15, x15, x30\n\t" + "bic %x[state], x19, x17\n\t" + "bic x27, x20, x19\n\t" + "bic x28, x16, x21\n\t" + "bic x30, x17, x16\n\t" + "eor x16, x16, %x[state]\n\t" + "eor x17, x17, x27\n\t" + "bic %x[state], x21, x20\n\t" + "eor x20, x20, x28\n\t" + "eor x19, x19, %x[state]\n\t" + "eor x21, x21, x30\n\t" + "bic %x[state], x24, x23\n\t" + "bic x27, x25, x24\n\t" + "bic x28, x22, x26\n\t" + "bic x30, x23, x22\n\t" + "eor x22, x22, %x[state]\n\t" + "eor x23, x23, x27\n\t" + "bic %x[state], x26, x25\n\t" + "eor x25, x25, x28\n\t" + "eor x24, x24, %x[state]\n\t" + "eor x26, x26, x30\n\t" + /* Done tranforming */ + "ldp x27, x28, [x29, #48]\n\t" + "ldr %x[state], [x27], #8\n\t" + "subs x28, x28, #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x1, x1, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_transform_blocksx3_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x1, x2, [%x[state]]\n\t" + "stp x3, x4, [%x[state], #16]\n\t" + "stp x5, x6, [%x[state], #32]\n\t" + "stp x7, x8, [%x[state], #48]\n\t" + "stp x9, x10, [%x[state], #64]\n\t" + "stp x11, x12, [%x[state], #80]\n\t" + "stp x13, x14, [%x[state], #96]\n\t" + "stp x15, x16, [%x[state], #112]\n\t" + "stp x17, x19, [%x[state], #128]\n\t" + "stp x20, x21, [%x[state], #144]\n\t" + "stp x22, x23, [%x[state], #160]\n\t" + "stp x24, x25, [%x[state], #176]\n\t" + "str x26, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x28, %[L_sha3_aarch64_r]\n\t" + "add x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "add %x[state], %x[state], #32\n\t" + "ld1 {v4.d}[0], [%x[state]]\n\t" + "ldp x2, x3, [%x[seed]], #16\n\t" + "add %x[state], %x[state], #0xc8\n\t" + "ld1 {v4.d}[1], [%x[state]]\n\t" + "ldp x4, x5, [%x[seed]], #16\n\t" + "ldr x6, [%x[state], #200]\n\t" + "eor v5.16b, v5.16b, v5.16b\n\t" + "eor x7, x7, x7\n\t" + "eor v6.16b, v6.16b, v6.16b\n\t" + "eor x8, x8, x8\n\t" + "eor v7.16b, v7.16b, v7.16b\n\t" + "eor x9, x9, x9\n\t" + "eor v8.16b, v8.16b, v8.16b\n\t" + "eor x10, x10, x10\n\t" + "eor v9.16b, v9.16b, v9.16b\n\t" + "eor x11, x11, x11\n\t" + "eor v10.16b, v10.16b, v10.16b\n\t" + "eor x12, x12, x12\n\t" + "eor v11.16b, v11.16b, v11.16b\n\t" + "eor x13, x13, x13\n\t" + "eor v12.16b, v12.16b, v12.16b\n\t" + "eor x14, x14, x14\n\t" + "eor v13.16b, v13.16b, v13.16b\n\t" + "eor x15, x15, x15\n\t" + "eor v14.16b, v14.16b, v14.16b\n\t" + "eor x16, x16, x16\n\t" + "eor v15.16b, v15.16b, v15.16b\n\t" + "eor x17, x17, x17\n\t" + "eor v16.16b, v16.16b, v16.16b\n\t" + "eor x19, x19, x19\n\t" + "eor v17.16b, v17.16b, v17.16b\n\t" + "eor x20, x20, x20\n\t" + "eor v18.16b, v18.16b, v18.16b\n\t" + "eor x21, x21, x21\n\t" + "eor v19.16b, v19.16b, v19.16b\n\t" + "eor x22, x22, x22\n\t" + "movz x23, #0x8000, lsl 48\n\t" + "eor v21.16b, v21.16b, v21.16b\n\t" + "eor x24, x24, x24\n\t" + "eor v22.16b, v22.16b, v22.16b\n\t" + "eor x25, x25, x25\n\t" + "eor v23.16b, v23.16b, v23.16b\n\t" + "eor x26, x26, x26\n\t" + "eor v24.16b, v24.16b, v24.16b\n\t" + "eor x27, x27, x27\n\t" + "dup v0.2d, x2\n\t" + "dup v1.2d, x3\n\t" + "dup v2.2d, x4\n\t" + "dup v3.2d, x5\n\t" + "dup v20.2d, x23\n\t" + "mov %x[seed], #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t" + "stp x28, %x[seed], [x29, #48]\n\t" + /* Col Mix */ + "eor3 v31.16b, v0.16b, v5.16b, v10.16b\n\t" + "eor %x[state], x6, x11\n\t" + "eor3 v27.16b, v1.16b, v6.16b, v11.16b\n\t" + "eor x30, x2, x7\n\t" + "eor3 v28.16b, v2.16b, v7.16b, v12.16b\n\t" + "eor x28, x4, x9\n\t" + "eor3 v29.16b, v3.16b, v8.16b, v13.16b\n\t" + "eor %x[state], %x[state], x16\n\t" + "eor3 v30.16b, v4.16b, v9.16b, v14.16b\n\t" + "eor x30, x30, x12\n\t" + "eor3 v31.16b, v31.16b, v15.16b, v20.16b\n\t" + "eor x28, x28, x14\n\t" + "eor3 v27.16b, v27.16b, v16.16b, v21.16b\n\t" + "eor %x[state], %x[state], x22\n\t" + "eor3 v28.16b, v28.16b, v17.16b, v22.16b\n\t" + "eor x30, x30, x17\n\t" + "eor3 v29.16b, v29.16b, v18.16b, v23.16b\n\t" + "eor x28, x28, x20\n\t" + "eor3 v30.16b, v30.16b, v19.16b, v24.16b\n\t" + "eor %x[state], %x[state], x27\n\t" + "rax1 v25.2d, v30.2d, v27.2d\n\t" + "eor x30, x30, x23\n\t" + "rax1 v26.2d, v31.2d, v28.2d\n\t" + "eor x28, x28, x25\n\t" + "rax1 v27.2d, v27.2d, v29.2d\n\t" + "str %x[state], [x29, #32]\n\t" + "rax1 v28.2d, v28.2d, v30.2d\n\t" + "str x28, [x29, #24]\n\t" + "rax1 v29.2d, v29.2d, v31.2d\n\t" + "eor %x[seed], x3, x8\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "xar v30.2d, v1.2d, v26.2d, #63\n\t" + "eor x28, x5, x10\n\t" + "xar v1.2d, v6.2d, v26.2d, #20\n\t" + "eor %x[seed], %x[seed], x13\n\t" + "xar v6.2d, v9.2d, v29.2d, #44\n\t" + "eor x28, x28, x15\n\t" + "xar v9.2d, v22.2d, v27.2d, #3\n\t" + "eor %x[seed], %x[seed], x19\n\t" + "xar v22.2d, v14.2d, v29.2d, #25\n\t" + "eor x28, x28, x21\n\t" + "xar v14.2d, v20.2d, v25.2d, #46\n\t" + "eor %x[seed], %x[seed], x24\n\t" + "xar v20.2d, v2.2d, v27.2d, #2\n\t" + "eor x28, x28, x26\n\t" + "xar v2.2d, v12.2d, v27.2d, #21\n\t" + "eor %x[state], %x[state], %x[seed], ror 63\n\t" + "xar v12.2d, v13.2d, v28.2d, #39\n\t" + "eor %x[seed], %x[seed], x28, ror 63\n\t" + "xar v13.2d, v19.2d, v29.2d, #56\n\t" + "eor x2, x2, %x[state]\n\t" + "xar v19.2d, v23.2d, v28.2d, #8\n\t" + "eor x7, x7, %x[state]\n\t" + "xar v23.2d, v15.2d, v25.2d, #23\n\t" + "eor x12, x12, %x[state]\n\t" + "xar v15.2d, v4.2d, v29.2d, #37\n\t" + "eor x17, x17, %x[state]\n\t" + "xar v4.2d, v24.2d, v29.2d, #50\n\t" + "eor x23, x23, %x[state]\n\t" + "xar v24.2d, v21.2d, v26.2d, #62\n\t" + "eor x4, x4, %x[seed]\n\t" + "xar v21.2d, v8.2d, v28.2d, #9\n\t" + "eor x9, x9, %x[seed]\n\t" + "xar v8.2d, v16.2d, v26.2d, #19\n\t" + "eor x14, x14, %x[seed]\n\t" + "xar v16.2d, v5.2d, v25.2d, #28\n\t" + "eor x20, x20, %x[seed]\n\t" + "xar v5.2d, v3.2d, v28.2d, #36\n\t" + "eor x25, x25, %x[seed]\n\t" + "xar v3.2d, v18.2d, v28.2d, #43\n\t" + "ldr %x[state], [x29, #32]\n\t" + "xar v18.2d, v17.2d, v27.2d, #49\n\t" + "ldr %x[seed], [x29, #24]\n\t" + "xar v17.2d, v11.2d, v26.2d, #54\n\t" + "eor x28, x28, x30, ror 63\n\t" + "xar v11.2d, v7.2d, v27.2d, #58\n\t" + "eor x30, x30, %x[seed], ror 63\n\t" + "xar v7.2d, v10.2d, v25.2d, #61\n\t" + "eor %x[seed], %x[seed], %x[state], ror 63\n\t" + /* Row Mix */ + "mov v25.16b, v0.16b\n\t" + "eor x6, x6, x28\n\t" + "mov v26.16b, v1.16b\n\t" + "eor x11, x11, x28\n\t" + "bcax v0.16b, v25.16b, v2.16b, v26.16b\n\t" + "eor x16, x16, x28\n\t" + "bcax v1.16b, v26.16b, v3.16b, v2.16b\n\t" + "eor x22, x22, x28\n\t" + "bcax v2.16b, v2.16b, v4.16b, v3.16b\n\t" + "eor x27, x27, x28\n\t" + "bcax v3.16b, v3.16b, v25.16b, v4.16b\n\t" + "eor x3, x3, x30\n\t" + "bcax v4.16b, v4.16b, v26.16b, v25.16b\n\t" + "eor x8, x8, x30\n\t" + "mov v25.16b, v5.16b\n\t" + "eor x13, x13, x30\n\t" + "mov v26.16b, v6.16b\n\t" + "eor x19, x19, x30\n\t" + "bcax v5.16b, v25.16b, v7.16b, v26.16b\n\t" + "eor x24, x24, x30\n\t" + "bcax v6.16b, v26.16b, v8.16b, v7.16b\n\t" + "eor x5, x5, %x[seed]\n\t" + "bcax v7.16b, v7.16b, v9.16b, v8.16b\n\t" + "eor x10, x10, %x[seed]\n\t" + "bcax v8.16b, v8.16b, v25.16b, v9.16b\n\t" + "eor x15, x15, %x[seed]\n\t" + "bcax v9.16b, v9.16b, v26.16b, v25.16b\n\t" + "eor x21, x21, %x[seed]\n\t" + "mov v26.16b, v11.16b\n\t" + "eor x26, x26, %x[seed]\n\t" + /* Swap Rotate Base */ + "bcax v10.16b, v30.16b, v12.16b, v26.16b\n\t" + "ror %x[state], x3, #63\n\t" + "bcax v11.16b, v26.16b, v13.16b, v12.16b\n\t" + "ror x3, x8, #20\n\t" + "bcax v12.16b, v12.16b, v14.16b, v13.16b\n\t" + "ror x8, x11, #44\n\t" + "bcax v13.16b, v13.16b, v30.16b, v14.16b\n\t" + "ror x11, x25, #3\n\t" + "bcax v14.16b, v14.16b, v26.16b, v30.16b\n\t" + "ror x25, x16, #25\n\t" + "mov v25.16b, v15.16b\n\t" + "ror x16, x23, #46\n\t" + "mov v26.16b, v16.16b\n\t" + "ror x23, x4, #2\n\t" + "bcax v15.16b, v25.16b, v17.16b, v26.16b\n\t" + "ror x4, x14, #21\n\t" + "bcax v16.16b, v26.16b, v18.16b, v17.16b\n\t" + "ror x14, x15, #39\n\t" + "bcax v17.16b, v17.16b, v19.16b, v18.16b\n\t" + "ror x15, x22, #56\n\t" + "bcax v18.16b, v18.16b, v25.16b, v19.16b\n\t" + "ror x22, x26, #8\n\t" + "bcax v19.16b, v19.16b, v26.16b, v25.16b\n\t" + "ror x26, x17, #23\n\t" + "mov v25.16b, v20.16b\n\t" + "ror x17, x6, #37\n\t" + "mov v26.16b, v21.16b\n\t" + "ror x6, x27, #50\n\t" + "bcax v20.16b, v25.16b, v22.16b, v26.16b\n\t" + "ror x27, x24, #62\n\t" + "bcax v21.16b, v26.16b, v23.16b, v22.16b\n\t" + "ror x24, x10, #9\n\t" + "bcax v22.16b, v22.16b, v24.16b, v23.16b\n\t" + "ror x10, x19, #19\n\t" + "bcax v23.16b, v23.16b, v25.16b, v24.16b\n\t" + "ror x19, x7, #28\n\t" + "bcax v24.16b, v24.16b, v26.16b, v25.16b\n\t" + "ror x7, x5, #36\n\t" + "ror x5, x21, #43\n\t" + "ror x21, x20, #49\n\t" + "ror x20, x13, #54\n\t" + "ror x13, x9, #58\n\t" + "ror x9, x12, #61\n\t" + /* Row Mix Base */ + "bic x12, x4, x3\n\t" + "bic %x[seed], x5, x4\n\t" + "bic x28, x2, x6\n\t" + "bic x30, x3, x2\n\t" + "eor x2, x2, x12\n\t" + "eor x3, x3, %x[seed]\n\t" + "bic x12, x6, x5\n\t" + "eor x5, x5, x28\n\t" + "eor x4, x4, x12\n\t" + "eor x6, x6, x30\n\t" + "bic x12, x9, x8\n\t" + "bic %x[seed], x10, x9\n\t" + "bic x28, x7, x11\n\t" + "bic x30, x8, x7\n\t" + "eor x7, x7, x12\n\t" + "eor x8, x8, %x[seed]\n\t" + "bic x12, x11, x10\n\t" + "eor x10, x10, x28\n\t" + "eor x9, x9, x12\n\t" + "eor x11, x11, x30\n\t" + "bic x12, x14, x13\n\t" + "bic %x[seed], x15, x14\n\t" + "bic x28, %x[state], x16\n\t" + "bic x30, x13, %x[state]\n\t" + "eor x12, %x[state], x12\n\t" + "eor x13, x13, %x[seed]\n\t" + "bic %x[state], x16, x15\n\t" + "eor x15, x15, x28\n\t" + "eor x14, x14, %x[state]\n\t" + "eor x16, x16, x30\n\t" + "bic %x[state], x20, x19\n\t" + "bic %x[seed], x21, x20\n\t" + "bic x28, x17, x22\n\t" + "bic x30, x19, x17\n\t" + "eor x17, x17, %x[state]\n\t" + "eor x19, x19, %x[seed]\n\t" + "bic %x[state], x22, x21\n\t" + "eor x21, x21, x28\n\t" + "eor x20, x20, %x[state]\n\t" + "eor x22, x22, x30\n\t" + "bic %x[state], x25, x24\n\t" + "bic %x[seed], x26, x25\n\t" + "bic x28, x23, x27\n\t" + "bic x30, x24, x23\n\t" + "eor x23, x23, %x[state]\n\t" + "eor x24, x24, %x[seed]\n\t" + "bic %x[state], x27, x26\n\t" + "eor x26, x26, x28\n\t" + "eor x25, x25, %x[state]\n\t" + "eor x27, x27, x30\n\t" + /* Done tranforming */ + "ldp x28, %x[seed], [x29, #48]\n\t" + "ldr %x[state], [x28], #8\n\t" + "subs %x[seed], %x[seed], #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x2, x3, [%x[state]]\n\t" + "stp x4, x5, [%x[state], #16]\n\t" + "stp x6, x7, [%x[state], #32]\n\t" + "stp x8, x9, [%x[state], #48]\n\t" + "stp x10, x11, [%x[state], #64]\n\t" + "stp x12, x13, [%x[state], #80]\n\t" + "stp x14, x15, [%x[state], #96]\n\t" + "stp x16, x17, [%x[state], #112]\n\t" + "stp x19, x20, [%x[state], #128]\n\t" + "stp x21, x22, [%x[state], #144]\n\t" + "stp x23, x24, [%x[state], #160]\n\t" + "stp x25, x26, [%x[state], #176]\n\t" + "str x27, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state), [seed] "+r" (seed) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x28, %[L_sha3_aarch64_r]\n\t" + "add x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "add %x[state], %x[state], #32\n\t" + "ld1 {v4.d}[0], [%x[state]]\n\t" + "ldp x2, x3, [%x[seed]], #16\n\t" + "add %x[state], %x[state], #0xc8\n\t" + "ld1 {v4.d}[1], [%x[state]]\n\t" + "ldp x4, x5, [%x[seed]], #16\n\t" + "ldr x6, [%x[state], #200]\n\t" + "eor v5.16b, v5.16b, v5.16b\n\t" + "eor x7, x7, x7\n\t" + "eor v6.16b, v6.16b, v6.16b\n\t" + "eor x8, x8, x8\n\t" + "eor v7.16b, v7.16b, v7.16b\n\t" + "eor x9, x9, x9\n\t" + "eor v8.16b, v8.16b, v8.16b\n\t" + "eor x10, x10, x10\n\t" + "eor v9.16b, v9.16b, v9.16b\n\t" + "eor x11, x11, x11\n\t" + "eor v10.16b, v10.16b, v10.16b\n\t" + "eor x12, x12, x12\n\t" + "eor v11.16b, v11.16b, v11.16b\n\t" + "eor x13, x13, x13\n\t" + "eor v12.16b, v12.16b, v12.16b\n\t" + "eor x14, x14, x14\n\t" + "eor v13.16b, v13.16b, v13.16b\n\t" + "eor x15, x15, x15\n\t" + "eor v14.16b, v14.16b, v14.16b\n\t" + "eor x16, x16, x16\n\t" + "eor v15.16b, v15.16b, v15.16b\n\t" + "eor x17, x17, x17\n\t" + "movz x19, #0x8000, lsl 48\n\t" + "eor v17.16b, v17.16b, v17.16b\n\t" + "eor x20, x20, x20\n\t" + "eor v18.16b, v18.16b, v18.16b\n\t" + "eor x21, x21, x21\n\t" + "eor v19.16b, v19.16b, v19.16b\n\t" + "eor x22, x22, x22\n\t" + "eor v20.16b, v20.16b, v20.16b\n\t" + "eor x23, x23, x23\n\t" + "eor v21.16b, v21.16b, v21.16b\n\t" + "eor x24, x24, x24\n\t" + "eor v22.16b, v22.16b, v22.16b\n\t" + "eor x25, x25, x25\n\t" + "eor v23.16b, v23.16b, v23.16b\n\t" + "eor x26, x26, x26\n\t" + "eor v24.16b, v24.16b, v24.16b\n\t" + "eor x27, x27, x27\n\t" + "dup v0.2d, x2\n\t" + "dup v1.2d, x3\n\t" + "dup v2.2d, x4\n\t" + "dup v3.2d, x5\n\t" + "dup v16.2d, x19\n\t" + "mov %x[seed], #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t" + "stp x28, %x[seed], [x29, #48]\n\t" + /* Col Mix */ + "eor3 v31.16b, v0.16b, v5.16b, v10.16b\n\t" + "eor %x[state], x6, x11\n\t" + "eor3 v27.16b, v1.16b, v6.16b, v11.16b\n\t" + "eor x30, x2, x7\n\t" + "eor3 v28.16b, v2.16b, v7.16b, v12.16b\n\t" + "eor x28, x4, x9\n\t" + "eor3 v29.16b, v3.16b, v8.16b, v13.16b\n\t" + "eor %x[state], %x[state], x16\n\t" + "eor3 v30.16b, v4.16b, v9.16b, v14.16b\n\t" + "eor x30, x30, x12\n\t" + "eor3 v31.16b, v31.16b, v15.16b, v20.16b\n\t" + "eor x28, x28, x14\n\t" + "eor3 v27.16b, v27.16b, v16.16b, v21.16b\n\t" + "eor %x[state], %x[state], x22\n\t" + "eor3 v28.16b, v28.16b, v17.16b, v22.16b\n\t" + "eor x30, x30, x17\n\t" + "eor3 v29.16b, v29.16b, v18.16b, v23.16b\n\t" + "eor x28, x28, x20\n\t" + "eor3 v30.16b, v30.16b, v19.16b, v24.16b\n\t" + "eor %x[state], %x[state], x27\n\t" + "rax1 v25.2d, v30.2d, v27.2d\n\t" + "eor x30, x30, x23\n\t" + "rax1 v26.2d, v31.2d, v28.2d\n\t" + "eor x28, x28, x25\n\t" + "rax1 v27.2d, v27.2d, v29.2d\n\t" + "str %x[state], [x29, #32]\n\t" + "rax1 v28.2d, v28.2d, v30.2d\n\t" + "str x28, [x29, #24]\n\t" + "rax1 v29.2d, v29.2d, v31.2d\n\t" + "eor %x[seed], x3, x8\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "xar v30.2d, v1.2d, v26.2d, #63\n\t" + "eor x28, x5, x10\n\t" + "xar v1.2d, v6.2d, v26.2d, #20\n\t" + "eor %x[seed], %x[seed], x13\n\t" + "xar v6.2d, v9.2d, v29.2d, #44\n\t" + "eor x28, x28, x15\n\t" + "xar v9.2d, v22.2d, v27.2d, #3\n\t" + "eor %x[seed], %x[seed], x19\n\t" + "xar v22.2d, v14.2d, v29.2d, #25\n\t" + "eor x28, x28, x21\n\t" + "xar v14.2d, v20.2d, v25.2d, #46\n\t" + "eor %x[seed], %x[seed], x24\n\t" + "xar v20.2d, v2.2d, v27.2d, #2\n\t" + "eor x28, x28, x26\n\t" + "xar v2.2d, v12.2d, v27.2d, #21\n\t" + "eor %x[state], %x[state], %x[seed], ror 63\n\t" + "xar v12.2d, v13.2d, v28.2d, #39\n\t" + "eor %x[seed], %x[seed], x28, ror 63\n\t" + "xar v13.2d, v19.2d, v29.2d, #56\n\t" + "eor x2, x2, %x[state]\n\t" + "xar v19.2d, v23.2d, v28.2d, #8\n\t" + "eor x7, x7, %x[state]\n\t" + "xar v23.2d, v15.2d, v25.2d, #23\n\t" + "eor x12, x12, %x[state]\n\t" + "xar v15.2d, v4.2d, v29.2d, #37\n\t" + "eor x17, x17, %x[state]\n\t" + "xar v4.2d, v24.2d, v29.2d, #50\n\t" + "eor x23, x23, %x[state]\n\t" + "xar v24.2d, v21.2d, v26.2d, #62\n\t" + "eor x4, x4, %x[seed]\n\t" + "xar v21.2d, v8.2d, v28.2d, #9\n\t" + "eor x9, x9, %x[seed]\n\t" + "xar v8.2d, v16.2d, v26.2d, #19\n\t" + "eor x14, x14, %x[seed]\n\t" + "xar v16.2d, v5.2d, v25.2d, #28\n\t" + "eor x20, x20, %x[seed]\n\t" + "xar v5.2d, v3.2d, v28.2d, #36\n\t" + "eor x25, x25, %x[seed]\n\t" + "xar v3.2d, v18.2d, v28.2d, #43\n\t" + "ldr %x[state], [x29, #32]\n\t" + "xar v18.2d, v17.2d, v27.2d, #49\n\t" + "ldr %x[seed], [x29, #24]\n\t" + "xar v17.2d, v11.2d, v26.2d, #54\n\t" + "eor x28, x28, x30, ror 63\n\t" + "xar v11.2d, v7.2d, v27.2d, #58\n\t" + "eor x30, x30, %x[seed], ror 63\n\t" + "xar v7.2d, v10.2d, v25.2d, #61\n\t" + "eor %x[seed], %x[seed], %x[state], ror 63\n\t" + /* Row Mix */ + "mov v25.16b, v0.16b\n\t" + "eor x6, x6, x28\n\t" + "mov v26.16b, v1.16b\n\t" + "eor x11, x11, x28\n\t" + "bcax v0.16b, v25.16b, v2.16b, v26.16b\n\t" + "eor x16, x16, x28\n\t" + "bcax v1.16b, v26.16b, v3.16b, v2.16b\n\t" + "eor x22, x22, x28\n\t" + "bcax v2.16b, v2.16b, v4.16b, v3.16b\n\t" + "eor x27, x27, x28\n\t" + "bcax v3.16b, v3.16b, v25.16b, v4.16b\n\t" + "eor x3, x3, x30\n\t" + "bcax v4.16b, v4.16b, v26.16b, v25.16b\n\t" + "eor x8, x8, x30\n\t" + "mov v25.16b, v5.16b\n\t" + "eor x13, x13, x30\n\t" + "mov v26.16b, v6.16b\n\t" + "eor x19, x19, x30\n\t" + "bcax v5.16b, v25.16b, v7.16b, v26.16b\n\t" + "eor x24, x24, x30\n\t" + "bcax v6.16b, v26.16b, v8.16b, v7.16b\n\t" + "eor x5, x5, %x[seed]\n\t" + "bcax v7.16b, v7.16b, v9.16b, v8.16b\n\t" + "eor x10, x10, %x[seed]\n\t" + "bcax v8.16b, v8.16b, v25.16b, v9.16b\n\t" + "eor x15, x15, %x[seed]\n\t" + "bcax v9.16b, v9.16b, v26.16b, v25.16b\n\t" + "eor x21, x21, %x[seed]\n\t" + "mov v26.16b, v11.16b\n\t" + "eor x26, x26, %x[seed]\n\t" + /* Swap Rotate Base */ + "bcax v10.16b, v30.16b, v12.16b, v26.16b\n\t" + "ror %x[state], x3, #63\n\t" + "bcax v11.16b, v26.16b, v13.16b, v12.16b\n\t" + "ror x3, x8, #20\n\t" + "bcax v12.16b, v12.16b, v14.16b, v13.16b\n\t" + "ror x8, x11, #44\n\t" + "bcax v13.16b, v13.16b, v30.16b, v14.16b\n\t" + "ror x11, x25, #3\n\t" + "bcax v14.16b, v14.16b, v26.16b, v30.16b\n\t" + "ror x25, x16, #25\n\t" + "mov v25.16b, v15.16b\n\t" + "ror x16, x23, #46\n\t" + "mov v26.16b, v16.16b\n\t" + "ror x23, x4, #2\n\t" + "bcax v15.16b, v25.16b, v17.16b, v26.16b\n\t" + "ror x4, x14, #21\n\t" + "bcax v16.16b, v26.16b, v18.16b, v17.16b\n\t" + "ror x14, x15, #39\n\t" + "bcax v17.16b, v17.16b, v19.16b, v18.16b\n\t" + "ror x15, x22, #56\n\t" + "bcax v18.16b, v18.16b, v25.16b, v19.16b\n\t" + "ror x22, x26, #8\n\t" + "bcax v19.16b, v19.16b, v26.16b, v25.16b\n\t" + "ror x26, x17, #23\n\t" + "mov v25.16b, v20.16b\n\t" + "ror x17, x6, #37\n\t" + "mov v26.16b, v21.16b\n\t" + "ror x6, x27, #50\n\t" + "bcax v20.16b, v25.16b, v22.16b, v26.16b\n\t" + "ror x27, x24, #62\n\t" + "bcax v21.16b, v26.16b, v23.16b, v22.16b\n\t" + "ror x24, x10, #9\n\t" + "bcax v22.16b, v22.16b, v24.16b, v23.16b\n\t" + "ror x10, x19, #19\n\t" + "bcax v23.16b, v23.16b, v25.16b, v24.16b\n\t" + "ror x19, x7, #28\n\t" + "bcax v24.16b, v24.16b, v26.16b, v25.16b\n\t" + "ror x7, x5, #36\n\t" + "ror x5, x21, #43\n\t" + "ror x21, x20, #49\n\t" + "ror x20, x13, #54\n\t" + "ror x13, x9, #58\n\t" + "ror x9, x12, #61\n\t" + /* Row Mix Base */ + "bic x12, x4, x3\n\t" + "bic %x[seed], x5, x4\n\t" + "bic x28, x2, x6\n\t" + "bic x30, x3, x2\n\t" + "eor x2, x2, x12\n\t" + "eor x3, x3, %x[seed]\n\t" + "bic x12, x6, x5\n\t" + "eor x5, x5, x28\n\t" + "eor x4, x4, x12\n\t" + "eor x6, x6, x30\n\t" + "bic x12, x9, x8\n\t" + "bic %x[seed], x10, x9\n\t" + "bic x28, x7, x11\n\t" + "bic x30, x8, x7\n\t" + "eor x7, x7, x12\n\t" + "eor x8, x8, %x[seed]\n\t" + "bic x12, x11, x10\n\t" + "eor x10, x10, x28\n\t" + "eor x9, x9, x12\n\t" + "eor x11, x11, x30\n\t" + "bic x12, x14, x13\n\t" + "bic %x[seed], x15, x14\n\t" + "bic x28, %x[state], x16\n\t" + "bic x30, x13, %x[state]\n\t" + "eor x12, %x[state], x12\n\t" + "eor x13, x13, %x[seed]\n\t" + "bic %x[state], x16, x15\n\t" + "eor x15, x15, x28\n\t" + "eor x14, x14, %x[state]\n\t" + "eor x16, x16, x30\n\t" + "bic %x[state], x20, x19\n\t" + "bic %x[seed], x21, x20\n\t" + "bic x28, x17, x22\n\t" + "bic x30, x19, x17\n\t" + "eor x17, x17, %x[state]\n\t" + "eor x19, x19, %x[seed]\n\t" + "bic %x[state], x22, x21\n\t" + "eor x21, x21, x28\n\t" + "eor x20, x20, %x[state]\n\t" + "eor x22, x22, x30\n\t" + "bic %x[state], x25, x24\n\t" + "bic %x[seed], x26, x25\n\t" + "bic x28, x23, x27\n\t" + "bic x30, x24, x23\n\t" + "eor x23, x23, %x[state]\n\t" + "eor x24, x24, %x[seed]\n\t" + "bic %x[state], x27, x26\n\t" + "eor x26, x26, x28\n\t" + "eor x25, x25, %x[state]\n\t" + "eor x27, x27, x30\n\t" + /* Done tranforming */ + "ldp x28, %x[seed], [x29, #48]\n\t" + "ldr %x[state], [x28], #8\n\t" + "subs %x[seed], %x[seed], #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x2, x3, [%x[state]]\n\t" + "stp x4, x5, [%x[state], #16]\n\t" + "stp x6, x7, [%x[state], #32]\n\t" + "stp x8, x9, [%x[state], #48]\n\t" + "stp x10, x11, [%x[state], #64]\n\t" + "stp x12, x13, [%x[state], #80]\n\t" + "stp x14, x15, [%x[state], #96]\n\t" + "stp x16, x17, [%x[state], #112]\n\t" + "stp x19, x20, [%x[state], #128]\n\t" + "stp x21, x22, [%x[state], #144]\n\t" + "stp x23, x24, [%x[state], #160]\n\t" + "stp x25, x26, [%x[state], #176]\n\t" + "str x27, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state), [seed] "+r" (seed) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +#else +void kyber_sha3_blocksx3_neon(word64* state) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x27, %[L_sha3_aarch64_r]\n\t" + "add x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "ld4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "ld4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "ld4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "ld4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "ld4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "ld4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "ld1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "ld4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "ld4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "ld4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "ld4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "ld4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "ld4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "ld1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "ldp x1, x2, [%x[state]]\n\t" + "ldp x3, x4, [%x[state], #16]\n\t" + "ldp x5, x6, [%x[state], #32]\n\t" + "ldp x7, x8, [%x[state], #48]\n\t" + "ldp x9, x10, [%x[state], #64]\n\t" + "ldp x11, x12, [%x[state], #80]\n\t" + "ldp x13, x14, [%x[state], #96]\n\t" + "ldp x15, x16, [%x[state], #112]\n\t" + "ldp x17, x19, [%x[state], #128]\n\t" + "ldp x20, x21, [%x[state], #144]\n\t" + "ldp x22, x23, [%x[state], #160]\n\t" + "ldp x24, x25, [%x[state], #176]\n\t" + "ldr x26, [%x[state], #192]\n\t" + "mov x28, #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t" + "stp x27, x28, [x29, #48]\n\t" + /* Col Mix NEON */ + "eor v30.16b, v4.16b, v9.16b\n\t" + "eor %x[state], x5, x10\n\t" + "eor v27.16b, v1.16b, v6.16b\n\t" + "eor x30, x1, x6\n\t" + "eor v30.16b, v30.16b, v14.16b\n\t" + "eor x28, x3, x8\n\t" + "eor v27.16b, v27.16b, v11.16b\n\t" + "eor %x[state], %x[state], x15\n\t" + "eor v30.16b, v30.16b, v19.16b\n\t" + "eor x30, x30, x11\n\t" + "eor v27.16b, v27.16b, v16.16b\n\t" + "eor x28, x28, x13\n\t" + "eor v30.16b, v30.16b, v24.16b\n\t" + "eor %x[state], %x[state], x21\n\t" + "eor v27.16b, v27.16b, v21.16b\n\t" + "eor x30, x30, x16\n\t" + "ushr v25.2d, v27.2d, #63\n\t" + "eor x28, x28, x19\n\t" + "sli v25.2d, v27.2d, #1\n\t" + "eor %x[state], %x[state], x26\n\t" + "eor v25.16b, v25.16b, v30.16b\n\t" + "eor x30, x30, x22\n\t" + "eor v31.16b, v0.16b, v5.16b\n\t" + "eor x28, x28, x24\n\t" + "eor v28.16b, v2.16b, v7.16b\n\t" + "str %x[state], [x29, #32]\n\t" + "eor v31.16b, v31.16b, v10.16b\n\t" + "str x28, [x29, #24]\n\t" + "eor v28.16b, v28.16b, v12.16b\n\t" + "eor x27, x2, x7\n\t" + "eor v31.16b, v31.16b, v15.16b\n\t" + "eor x28, x4, x9\n\t" + "eor v28.16b, v28.16b, v17.16b\n\t" + "eor x27, x27, x12\n\t" + "eor v31.16b, v31.16b, v20.16b\n\t" + "eor x28, x28, x14\n\t" + "eor v28.16b, v28.16b, v22.16b\n\t" + "eor x27, x27, x17\n\t" + "ushr v29.2d, v30.2d, #63\n\t" + "eor x28, x28, x20\n\t" + "ushr v26.2d, v28.2d, #63\n\t" + "eor x27, x27, x23\n\t" + "sli v29.2d, v30.2d, #1\n\t" + "eor x28, x28, x25\n\t" + "sli v26.2d, v28.2d, #1\n\t" + "eor %x[state], %x[state], x27, ror 63\n\t" + "eor v28.16b, v28.16b, v29.16b\n\t" + "eor x27, x27, x28, ror 63\n\t" + "eor v29.16b, v3.16b, v8.16b\n\t" + "eor x1, x1, %x[state]\n\t" + "eor v26.16b, v26.16b, v31.16b\n\t" + "eor x6, x6, %x[state]\n\t" + "eor v29.16b, v29.16b, v13.16b\n\t" + "eor x11, x11, %x[state]\n\t" + "eor v29.16b, v29.16b, v18.16b\n\t" + "eor x16, x16, %x[state]\n\t" + "eor v29.16b, v29.16b, v23.16b\n\t" + "eor x22, x22, %x[state]\n\t" + "ushr v30.2d, v29.2d, #63\n\t" + "eor x3, x3, x27\n\t" + "sli v30.2d, v29.2d, #1\n\t" + "eor x8, x8, x27\n\t" + "eor v27.16b, v27.16b, v30.16b\n\t" + "eor x13, x13, x27\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x19, x19, x27\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x24, x24, x27\n\t" + "eor v29.16b, v29.16b, v30.16b\n\t" + "ldr %x[state], [x29, #32]\n\t" + /* Swap Rotate NEON */ + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor v31.16b, v1.16b, v26.16b\n\t" + "ldr x27, [x29, #24]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x28, x28, x30, ror 63\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x30, x30, x27, ror 63\n\t" + "ushr v1.2d, v6.2d, #20\n\t" + "eor x27, x27, %x[state], ror 63\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x5, x5, x28\n\t" + "sli v1.2d, v6.2d, #44\n\t" + "eor x10, x10, x28\n\t" + "eor v31.16b, v9.16b, v29.16b\n\t" + "eor x15, x15, x28\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor x21, x21, x28\n\t" + "ushr v6.2d, v31.2d, #44\n\t" + "eor x26, x26, x28\n\t" + "ushr v9.2d, v22.2d, #3\n\t" + "eor x2, x2, x30\n\t" + "sli v6.2d, v31.2d, #20\n\t" + "eor x7, x7, x30\n\t" + "sli v9.2d, v22.2d, #61\n\t" + "eor x12, x12, x30\n\t" + "eor v31.16b, v14.16b, v29.16b\n\t" + "eor x17, x17, x30\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor x23, x23, x30\n\t" + "ushr v22.2d, v31.2d, #25\n\t" + "eor x4, x4, x27\n\t" + "ushr v14.2d, v20.2d, #46\n\t" + "eor x9, x9, x27\n\t" + "sli v22.2d, v31.2d, #39\n\t" + "eor x14, x14, x27\n\t" + "sli v14.2d, v20.2d, #18\n\t" + "eor x20, x20, x27\n\t" + "eor v31.16b, v2.16b, v27.16b\n\t" + "eor x25, x25, x27\n\t" + /* Swap Rotate Base */ + "eor v12.16b, v12.16b, v27.16b\n\t" + "ror %x[state], x2, #63\n\t" + "ushr v20.2d, v31.2d, #2\n\t" + "ror x2, x7, #20\n\t" + "ushr v2.2d, v12.2d, #21\n\t" + "ror x7, x10, #44\n\t" + "sli v20.2d, v31.2d, #62\n\t" + "ror x10, x24, #3\n\t" + "sli v2.2d, v12.2d, #43\n\t" + "ror x24, x15, #25\n\t" + "eor v31.16b, v13.16b, v28.16b\n\t" + "ror x15, x22, #46\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "ror x22, x3, #2\n\t" + "ushr v12.2d, v31.2d, #39\n\t" + "ror x3, x13, #21\n\t" + "ushr v13.2d, v19.2d, #56\n\t" + "ror x13, x14, #39\n\t" + "sli v12.2d, v31.2d, #25\n\t" + "ror x14, x21, #56\n\t" + "sli v13.2d, v19.2d, #8\n\t" + "ror x21, x25, #8\n\t" + "eor v31.16b, v23.16b, v28.16b\n\t" + "ror x25, x16, #23\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "ror x16, x5, #37\n\t" + "ushr v19.2d, v31.2d, #8\n\t" + "ror x5, x26, #50\n\t" + "ushr v23.2d, v15.2d, #23\n\t" + "ror x26, x23, #62\n\t" + "sli v19.2d, v31.2d, #56\n\t" + "ror x23, x9, #9\n\t" + "sli v23.2d, v15.2d, #41\n\t" + "ror x9, x17, #19\n\t" + "eor v31.16b, v4.16b, v29.16b\n\t" + "ror x17, x6, #28\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + "ror x6, x4, #36\n\t" + "ushr v15.2d, v31.2d, #37\n\t" + "ror x4, x20, #43\n\t" + "ushr v4.2d, v24.2d, #50\n\t" + "ror x20, x19, #49\n\t" + "sli v15.2d, v31.2d, #27\n\t" + "ror x19, x12, #54\n\t" + "sli v4.2d, v24.2d, #14\n\t" + "ror x12, x8, #58\n\t" + "eor v31.16b, v21.16b, v26.16b\n\t" + "ror x8, x11, #61\n\t" + /* Row Mix Base */ + "eor v8.16b, v8.16b, v28.16b\n\t" + "bic x11, x3, x2\n\t" + "ushr v24.2d, v31.2d, #62\n\t" + "bic x27, x4, x3\n\t" + "ushr v21.2d, v8.2d, #9\n\t" + "bic x28, x1, x5\n\t" + "sli v24.2d, v31.2d, #2\n\t" + "bic x30, x2, x1\n\t" + "sli v21.2d, v8.2d, #55\n\t" + "eor x1, x1, x11\n\t" + "eor v31.16b, v16.16b, v26.16b\n\t" + "eor x2, x2, x27\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "bic x11, x5, x4\n\t" + "ushr v8.2d, v31.2d, #19\n\t" + "eor x4, x4, x28\n\t" + "ushr v16.2d, v5.2d, #28\n\t" + "eor x3, x3, x11\n\t" + "sli v8.2d, v31.2d, #45\n\t" + "eor x5, x5, x30\n\t" + "sli v16.2d, v5.2d, #36\n\t" + "bic x11, x8, x7\n\t" + "eor v31.16b, v3.16b, v28.16b\n\t" + "bic x27, x9, x8\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "bic x28, x6, x10\n\t" + "ushr v5.2d, v31.2d, #36\n\t" + "bic x30, x7, x6\n\t" + "ushr v3.2d, v18.2d, #43\n\t" + "eor x6, x6, x11\n\t" + "sli v5.2d, v31.2d, #28\n\t" + "eor x7, x7, x27\n\t" + "sli v3.2d, v18.2d, #21\n\t" + "bic x11, x10, x9\n\t" + "eor v31.16b, v17.16b, v27.16b\n\t" + "eor x9, x9, x28\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor x8, x8, x11\n\t" + "ushr v18.2d, v31.2d, #49\n\t" + "eor x10, x10, x30\n\t" + "ushr v17.2d, v11.2d, #54\n\t" + "bic x11, x13, x12\n\t" + "sli v18.2d, v31.2d, #15\n\t" + "bic x27, x14, x13\n\t" + "sli v17.2d, v11.2d, #10\n\t" + "bic x28, %x[state], x15\n\t" + "eor v31.16b, v7.16b, v27.16b\n\t" + "bic x30, x12, %x[state]\n\t" + "eor v10.16b, v10.16b, v25.16b\n\t" + "eor x11, %x[state], x11\n\t" + "ushr v11.2d, v31.2d, #58\n\t" + "eor x12, x12, x27\n\t" + "ushr v7.2d, v10.2d, #61\n\t" + "bic %x[state], x15, x14\n\t" + "sli v11.2d, v31.2d, #6\n\t" + "eor x14, x14, x28\n\t" + "sli v7.2d, v10.2d, #3\n\t" + "eor x13, x13, %x[state]\n\t" + /* Row Mix NEON */ + "bic v25.16b, v2.16b, v1.16b\n\t" + "eor x15, x15, x30\n\t" + "bic v26.16b, v3.16b, v2.16b\n\t" + "bic %x[state], x19, x17\n\t" + "bic v27.16b, v4.16b, v3.16b\n\t" + "bic x27, x20, x19\n\t" + "bic v28.16b, v0.16b, v4.16b\n\t" + "bic x28, x16, x21\n\t" + "bic v29.16b, v1.16b, v0.16b\n\t" + "bic x30, x17, x16\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor x16, x16, %x[state]\n\t" + "eor v1.16b, v1.16b, v26.16b\n\t" + "eor x17, x17, x27\n\t" + "eor v2.16b, v2.16b, v27.16b\n\t" + "bic %x[state], x21, x20\n\t" + "eor v3.16b, v3.16b, v28.16b\n\t" + "eor x20, x20, x28\n\t" + "eor v4.16b, v4.16b, v29.16b\n\t" + "eor x19, x19, %x[state]\n\t" + "bic v25.16b, v7.16b, v6.16b\n\t" + "eor x21, x21, x30\n\t" + "bic v26.16b, v8.16b, v7.16b\n\t" + "bic %x[state], x24, x23\n\t" + "bic v27.16b, v9.16b, v8.16b\n\t" + "bic x27, x25, x24\n\t" + "bic v28.16b, v5.16b, v9.16b\n\t" + "bic x28, x22, x26\n\t" + "bic v29.16b, v6.16b, v5.16b\n\t" + "bic x30, x23, x22\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "eor x22, x22, %x[state]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x23, x23, x27\n\t" + "eor v7.16b, v7.16b, v27.16b\n\t" + "bic %x[state], x26, x25\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor x25, x25, x28\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor x24, x24, %x[state]\n\t" + "bic v25.16b, v12.16b, v11.16b\n\t" + "eor x26, x26, x30\n\t" + "bic v26.16b, v13.16b, v12.16b\n\t" + "bic v27.16b, v14.16b, v13.16b\n\t" + "bic v28.16b, v30.16b, v14.16b\n\t" + "bic v29.16b, v11.16b, v30.16b\n\t" + "eor v10.16b, v30.16b, v25.16b\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor v12.16b, v12.16b, v27.16b\n\t" + "eor v13.16b, v13.16b, v28.16b\n\t" + "eor v14.16b, v14.16b, v29.16b\n\t" + "bic v25.16b, v17.16b, v16.16b\n\t" + "bic v26.16b, v18.16b, v17.16b\n\t" + "bic v27.16b, v19.16b, v18.16b\n\t" + "bic v28.16b, v15.16b, v19.16b\n\t" + "bic v29.16b, v16.16b, v15.16b\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "eor v16.16b, v16.16b, v26.16b\n\t" + "eor v17.16b, v17.16b, v27.16b\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "bic v25.16b, v22.16b, v21.16b\n\t" + "bic v26.16b, v23.16b, v22.16b\n\t" + "bic v27.16b, v24.16b, v23.16b\n\t" + "bic v28.16b, v20.16b, v24.16b\n\t" + "bic v29.16b, v21.16b, v20.16b\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor v21.16b, v21.16b, v26.16b\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor v23.16b, v23.16b, v28.16b\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + /* Done tranforming */ + "ldp x27, x28, [x29, #48]\n\t" + "ldr %x[state], [x27], #8\n\t" + "subs x28, x28, #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x1, x1, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_transform_blocksx3_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x1, x2, [%x[state]]\n\t" + "stp x3, x4, [%x[state], #16]\n\t" + "stp x5, x6, [%x[state], #32]\n\t" + "stp x7, x8, [%x[state], #48]\n\t" + "stp x9, x10, [%x[state], #64]\n\t" + "stp x11, x12, [%x[state], #80]\n\t" + "stp x13, x14, [%x[state], #96]\n\t" + "stp x15, x16, [%x[state], #112]\n\t" + "stp x17, x19, [%x[state], #128]\n\t" + "stp x20, x21, [%x[state], #144]\n\t" + "stp x22, x23, [%x[state], #160]\n\t" + "stp x24, x25, [%x[state], #176]\n\t" + "str x26, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x28, %[L_sha3_aarch64_r]\n\t" + "add x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "add %x[state], %x[state], #32\n\t" + "ld1 {v4.d}[0], [%x[state]]\n\t" + "ldp x2, x3, [%x[seed]], #16\n\t" + "add %x[state], %x[state], #0xc8\n\t" + "ld1 {v4.d}[1], [%x[state]]\n\t" + "ldp x4, x5, [%x[seed]], #16\n\t" + "ldr x6, [%x[state], #200]\n\t" + "eor v5.16b, v5.16b, v5.16b\n\t" + "eor x7, x7, x7\n\t" + "eor v6.16b, v6.16b, v6.16b\n\t" + "eor x8, x8, x8\n\t" + "eor v7.16b, v7.16b, v7.16b\n\t" + "eor x9, x9, x9\n\t" + "eor v8.16b, v8.16b, v8.16b\n\t" + "eor x10, x10, x10\n\t" + "eor v9.16b, v9.16b, v9.16b\n\t" + "eor x11, x11, x11\n\t" + "eor v10.16b, v10.16b, v10.16b\n\t" + "eor x12, x12, x12\n\t" + "eor v11.16b, v11.16b, v11.16b\n\t" + "eor x13, x13, x13\n\t" + "eor v12.16b, v12.16b, v12.16b\n\t" + "eor x14, x14, x14\n\t" + "eor v13.16b, v13.16b, v13.16b\n\t" + "eor x15, x15, x15\n\t" + "eor v14.16b, v14.16b, v14.16b\n\t" + "eor x16, x16, x16\n\t" + "eor v15.16b, v15.16b, v15.16b\n\t" + "eor x17, x17, x17\n\t" + "eor v16.16b, v16.16b, v16.16b\n\t" + "eor x19, x19, x19\n\t" + "eor v17.16b, v17.16b, v17.16b\n\t" + "eor x20, x20, x20\n\t" + "eor v18.16b, v18.16b, v18.16b\n\t" + "eor x21, x21, x21\n\t" + "eor v19.16b, v19.16b, v19.16b\n\t" + "eor x22, x22, x22\n\t" + "movz x23, #0x8000, lsl 48\n\t" + "eor v21.16b, v21.16b, v21.16b\n\t" + "eor x24, x24, x24\n\t" + "eor v22.16b, v22.16b, v22.16b\n\t" + "eor x25, x25, x25\n\t" + "eor v23.16b, v23.16b, v23.16b\n\t" + "eor x26, x26, x26\n\t" + "eor v24.16b, v24.16b, v24.16b\n\t" + "eor x27, x27, x27\n\t" + "dup v0.2d, x2\n\t" + "dup v1.2d, x3\n\t" + "dup v2.2d, x4\n\t" + "dup v3.2d, x5\n\t" + "dup v20.2d, x23\n\t" + "mov %x[seed], #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t" + "stp x28, %x[seed], [x29, #48]\n\t" + /* Col Mix NEON */ + "eor v30.16b, v4.16b, v9.16b\n\t" + "eor %x[state], x6, x11\n\t" + "eor v27.16b, v1.16b, v6.16b\n\t" + "eor x30, x2, x7\n\t" + "eor v30.16b, v30.16b, v14.16b\n\t" + "eor x28, x4, x9\n\t" + "eor v27.16b, v27.16b, v11.16b\n\t" + "eor %x[state], %x[state], x16\n\t" + "eor v30.16b, v30.16b, v19.16b\n\t" + "eor x30, x30, x12\n\t" + "eor v27.16b, v27.16b, v16.16b\n\t" + "eor x28, x28, x14\n\t" + "eor v30.16b, v30.16b, v24.16b\n\t" + "eor %x[state], %x[state], x22\n\t" + "eor v27.16b, v27.16b, v21.16b\n\t" + "eor x30, x30, x17\n\t" + "ushr v25.2d, v27.2d, #63\n\t" + "eor x28, x28, x20\n\t" + "sli v25.2d, v27.2d, #1\n\t" + "eor %x[state], %x[state], x27\n\t" + "eor v25.16b, v25.16b, v30.16b\n\t" + "eor x30, x30, x23\n\t" + "eor v31.16b, v0.16b, v5.16b\n\t" + "eor x28, x28, x25\n\t" + "eor v28.16b, v2.16b, v7.16b\n\t" + "str %x[state], [x29, #32]\n\t" + "eor v31.16b, v31.16b, v10.16b\n\t" + "str x28, [x29, #24]\n\t" + "eor v28.16b, v28.16b, v12.16b\n\t" + "eor %x[seed], x3, x8\n\t" + "eor v31.16b, v31.16b, v15.16b\n\t" + "eor x28, x5, x10\n\t" + "eor v28.16b, v28.16b, v17.16b\n\t" + "eor %x[seed], %x[seed], x13\n\t" + "eor v31.16b, v31.16b, v20.16b\n\t" + "eor x28, x28, x15\n\t" + "eor v28.16b, v28.16b, v22.16b\n\t" + "eor %x[seed], %x[seed], x19\n\t" + "ushr v29.2d, v30.2d, #63\n\t" + "eor x28, x28, x21\n\t" + "ushr v26.2d, v28.2d, #63\n\t" + "eor %x[seed], %x[seed], x24\n\t" + "sli v29.2d, v30.2d, #1\n\t" + "eor x28, x28, x26\n\t" + "sli v26.2d, v28.2d, #1\n\t" + "eor %x[state], %x[state], %x[seed], ror 63\n\t" + "eor v28.16b, v28.16b, v29.16b\n\t" + "eor %x[seed], %x[seed], x28, ror 63\n\t" + "eor v29.16b, v3.16b, v8.16b\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v26.16b, v26.16b, v31.16b\n\t" + "eor x7, x7, %x[state]\n\t" + "eor v29.16b, v29.16b, v13.16b\n\t" + "eor x12, x12, %x[state]\n\t" + "eor v29.16b, v29.16b, v18.16b\n\t" + "eor x17, x17, %x[state]\n\t" + "eor v29.16b, v29.16b, v23.16b\n\t" + "eor x23, x23, %x[state]\n\t" + "ushr v30.2d, v29.2d, #63\n\t" + "eor x4, x4, %x[seed]\n\t" + "sli v30.2d, v29.2d, #1\n\t" + "eor x9, x9, %x[seed]\n\t" + "eor v27.16b, v27.16b, v30.16b\n\t" + "eor x14, x14, %x[seed]\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x20, x20, %x[seed]\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x25, x25, %x[seed]\n\t" + "eor v29.16b, v29.16b, v30.16b\n\t" + "ldr %x[state], [x29, #32]\n\t" + /* Swap Rotate NEON */ + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor v31.16b, v1.16b, v26.16b\n\t" + "ldr %x[seed], [x29, #24]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x28, x28, x30, ror 63\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x30, x30, %x[seed], ror 63\n\t" + "ushr v1.2d, v6.2d, #20\n\t" + "eor %x[seed], %x[seed], %x[state], ror 63\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x6, x6, x28\n\t" + "sli v1.2d, v6.2d, #44\n\t" + "eor x11, x11, x28\n\t" + "eor v31.16b, v9.16b, v29.16b\n\t" + "eor x16, x16, x28\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor x22, x22, x28\n\t" + "ushr v6.2d, v31.2d, #44\n\t" + "eor x27, x27, x28\n\t" + "ushr v9.2d, v22.2d, #3\n\t" + "eor x3, x3, x30\n\t" + "sli v6.2d, v31.2d, #20\n\t" + "eor x8, x8, x30\n\t" + "sli v9.2d, v22.2d, #61\n\t" + "eor x13, x13, x30\n\t" + "eor v31.16b, v14.16b, v29.16b\n\t" + "eor x19, x19, x30\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor x24, x24, x30\n\t" + "ushr v22.2d, v31.2d, #25\n\t" + "eor x5, x5, %x[seed]\n\t" + "ushr v14.2d, v20.2d, #46\n\t" + "eor x10, x10, %x[seed]\n\t" + "sli v22.2d, v31.2d, #39\n\t" + "eor x15, x15, %x[seed]\n\t" + "sli v14.2d, v20.2d, #18\n\t" + "eor x21, x21, %x[seed]\n\t" + "eor v31.16b, v2.16b, v27.16b\n\t" + "eor x26, x26, %x[seed]\n\t" + /* Swap Rotate Base */ + "eor v12.16b, v12.16b, v27.16b\n\t" + "ror %x[state], x3, #63\n\t" + "ushr v20.2d, v31.2d, #2\n\t" + "ror x3, x8, #20\n\t" + "ushr v2.2d, v12.2d, #21\n\t" + "ror x8, x11, #44\n\t" + "sli v20.2d, v31.2d, #62\n\t" + "ror x11, x25, #3\n\t" + "sli v2.2d, v12.2d, #43\n\t" + "ror x25, x16, #25\n\t" + "eor v31.16b, v13.16b, v28.16b\n\t" + "ror x16, x23, #46\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "ror x23, x4, #2\n\t" + "ushr v12.2d, v31.2d, #39\n\t" + "ror x4, x14, #21\n\t" + "ushr v13.2d, v19.2d, #56\n\t" + "ror x14, x15, #39\n\t" + "sli v12.2d, v31.2d, #25\n\t" + "ror x15, x22, #56\n\t" + "sli v13.2d, v19.2d, #8\n\t" + "ror x22, x26, #8\n\t" + "eor v31.16b, v23.16b, v28.16b\n\t" + "ror x26, x17, #23\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "ror x17, x6, #37\n\t" + "ushr v19.2d, v31.2d, #8\n\t" + "ror x6, x27, #50\n\t" + "ushr v23.2d, v15.2d, #23\n\t" + "ror x27, x24, #62\n\t" + "sli v19.2d, v31.2d, #56\n\t" + "ror x24, x10, #9\n\t" + "sli v23.2d, v15.2d, #41\n\t" + "ror x10, x19, #19\n\t" + "eor v31.16b, v4.16b, v29.16b\n\t" + "ror x19, x7, #28\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + "ror x7, x5, #36\n\t" + "ushr v15.2d, v31.2d, #37\n\t" + "ror x5, x21, #43\n\t" + "ushr v4.2d, v24.2d, #50\n\t" + "ror x21, x20, #49\n\t" + "sli v15.2d, v31.2d, #27\n\t" + "ror x20, x13, #54\n\t" + "sli v4.2d, v24.2d, #14\n\t" + "ror x13, x9, #58\n\t" + "eor v31.16b, v21.16b, v26.16b\n\t" + "ror x9, x12, #61\n\t" + /* Row Mix Base */ + "eor v8.16b, v8.16b, v28.16b\n\t" + "bic x12, x4, x3\n\t" + "ushr v24.2d, v31.2d, #62\n\t" + "bic %x[seed], x5, x4\n\t" + "ushr v21.2d, v8.2d, #9\n\t" + "bic x28, x2, x6\n\t" + "sli v24.2d, v31.2d, #2\n\t" + "bic x30, x3, x2\n\t" + "sli v21.2d, v8.2d, #55\n\t" + "eor x2, x2, x12\n\t" + "eor v31.16b, v16.16b, v26.16b\n\t" + "eor x3, x3, %x[seed]\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "bic x12, x6, x5\n\t" + "ushr v8.2d, v31.2d, #19\n\t" + "eor x5, x5, x28\n\t" + "ushr v16.2d, v5.2d, #28\n\t" + "eor x4, x4, x12\n\t" + "sli v8.2d, v31.2d, #45\n\t" + "eor x6, x6, x30\n\t" + "sli v16.2d, v5.2d, #36\n\t" + "bic x12, x9, x8\n\t" + "eor v31.16b, v3.16b, v28.16b\n\t" + "bic %x[seed], x10, x9\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "bic x28, x7, x11\n\t" + "ushr v5.2d, v31.2d, #36\n\t" + "bic x30, x8, x7\n\t" + "ushr v3.2d, v18.2d, #43\n\t" + "eor x7, x7, x12\n\t" + "sli v5.2d, v31.2d, #28\n\t" + "eor x8, x8, %x[seed]\n\t" + "sli v3.2d, v18.2d, #21\n\t" + "bic x12, x11, x10\n\t" + "eor v31.16b, v17.16b, v27.16b\n\t" + "eor x10, x10, x28\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor x9, x9, x12\n\t" + "ushr v18.2d, v31.2d, #49\n\t" + "eor x11, x11, x30\n\t" + "ushr v17.2d, v11.2d, #54\n\t" + "bic x12, x14, x13\n\t" + "sli v18.2d, v31.2d, #15\n\t" + "bic %x[seed], x15, x14\n\t" + "sli v17.2d, v11.2d, #10\n\t" + "bic x28, %x[state], x16\n\t" + "eor v31.16b, v7.16b, v27.16b\n\t" + "bic x30, x13, %x[state]\n\t" + "eor v10.16b, v10.16b, v25.16b\n\t" + "eor x12, %x[state], x12\n\t" + "ushr v11.2d, v31.2d, #58\n\t" + "eor x13, x13, %x[seed]\n\t" + "ushr v7.2d, v10.2d, #61\n\t" + "bic %x[state], x16, x15\n\t" + "sli v11.2d, v31.2d, #6\n\t" + "eor x15, x15, x28\n\t" + "sli v7.2d, v10.2d, #3\n\t" + "eor x14, x14, %x[state]\n\t" + /* Row Mix NEON */ + "bic v25.16b, v2.16b, v1.16b\n\t" + "eor x16, x16, x30\n\t" + "bic v26.16b, v3.16b, v2.16b\n\t" + "bic %x[state], x20, x19\n\t" + "bic v27.16b, v4.16b, v3.16b\n\t" + "bic %x[seed], x21, x20\n\t" + "bic v28.16b, v0.16b, v4.16b\n\t" + "bic x28, x17, x22\n\t" + "bic v29.16b, v1.16b, v0.16b\n\t" + "bic x30, x19, x17\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor x17, x17, %x[state]\n\t" + "eor v1.16b, v1.16b, v26.16b\n\t" + "eor x19, x19, %x[seed]\n\t" + "eor v2.16b, v2.16b, v27.16b\n\t" + "bic %x[state], x22, x21\n\t" + "eor v3.16b, v3.16b, v28.16b\n\t" + "eor x21, x21, x28\n\t" + "eor v4.16b, v4.16b, v29.16b\n\t" + "eor x20, x20, %x[state]\n\t" + "bic v25.16b, v7.16b, v6.16b\n\t" + "eor x22, x22, x30\n\t" + "bic v26.16b, v8.16b, v7.16b\n\t" + "bic %x[state], x25, x24\n\t" + "bic v27.16b, v9.16b, v8.16b\n\t" + "bic %x[seed], x26, x25\n\t" + "bic v28.16b, v5.16b, v9.16b\n\t" + "bic x28, x23, x27\n\t" + "bic v29.16b, v6.16b, v5.16b\n\t" + "bic x30, x24, x23\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "eor x23, x23, %x[state]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x24, x24, %x[seed]\n\t" + "eor v7.16b, v7.16b, v27.16b\n\t" + "bic %x[state], x27, x26\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor x26, x26, x28\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor x25, x25, %x[state]\n\t" + "bic v25.16b, v12.16b, v11.16b\n\t" + "eor x27, x27, x30\n\t" + "bic v26.16b, v13.16b, v12.16b\n\t" + "bic v27.16b, v14.16b, v13.16b\n\t" + "bic v28.16b, v30.16b, v14.16b\n\t" + "bic v29.16b, v11.16b, v30.16b\n\t" + "eor v10.16b, v30.16b, v25.16b\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor v12.16b, v12.16b, v27.16b\n\t" + "eor v13.16b, v13.16b, v28.16b\n\t" + "eor v14.16b, v14.16b, v29.16b\n\t" + "bic v25.16b, v17.16b, v16.16b\n\t" + "bic v26.16b, v18.16b, v17.16b\n\t" + "bic v27.16b, v19.16b, v18.16b\n\t" + "bic v28.16b, v15.16b, v19.16b\n\t" + "bic v29.16b, v16.16b, v15.16b\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "eor v16.16b, v16.16b, v26.16b\n\t" + "eor v17.16b, v17.16b, v27.16b\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "bic v25.16b, v22.16b, v21.16b\n\t" + "bic v26.16b, v23.16b, v22.16b\n\t" + "bic v27.16b, v24.16b, v23.16b\n\t" + "bic v28.16b, v20.16b, v24.16b\n\t" + "bic v29.16b, v21.16b, v20.16b\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor v21.16b, v21.16b, v26.16b\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor v23.16b, v23.16b, v28.16b\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + /* Done tranforming */ + "ldp x28, %x[seed], [x29, #48]\n\t" + "ldr %x[state], [x28], #8\n\t" + "subs %x[seed], %x[seed], #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x2, x3, [%x[state]]\n\t" + "stp x4, x5, [%x[state], #16]\n\t" + "stp x6, x7, [%x[state], #32]\n\t" + "stp x8, x9, [%x[state], #48]\n\t" + "stp x10, x11, [%x[state], #64]\n\t" + "stp x12, x13, [%x[state], #80]\n\t" + "stp x14, x15, [%x[state], #96]\n\t" + "stp x16, x17, [%x[state], #112]\n\t" + "stp x19, x20, [%x[state], #128]\n\t" + "stp x21, x22, [%x[state], #144]\n\t" + "stp x23, x24, [%x[state], #160]\n\t" + "stp x25, x26, [%x[state], #176]\n\t" + "str x27, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state), [seed] "+r" (seed) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x28, %[L_sha3_aarch64_r]\n\t" + "add x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t" +#else + "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t" + "add x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "str %x[state], [x29, #40]\n\t" + "add %x[state], %x[state], #32\n\t" + "ld1 {v4.d}[0], [%x[state]]\n\t" + "ldp x2, x3, [%x[seed]], #16\n\t" + "add %x[state], %x[state], #0xc8\n\t" + "ld1 {v4.d}[1], [%x[state]]\n\t" + "ldp x4, x5, [%x[seed]], #16\n\t" + "ldr x6, [%x[state], #200]\n\t" + "eor v5.16b, v5.16b, v5.16b\n\t" + "eor x7, x7, x7\n\t" + "eor v6.16b, v6.16b, v6.16b\n\t" + "eor x8, x8, x8\n\t" + "eor v7.16b, v7.16b, v7.16b\n\t" + "eor x9, x9, x9\n\t" + "eor v8.16b, v8.16b, v8.16b\n\t" + "eor x10, x10, x10\n\t" + "eor v9.16b, v9.16b, v9.16b\n\t" + "eor x11, x11, x11\n\t" + "eor v10.16b, v10.16b, v10.16b\n\t" + "eor x12, x12, x12\n\t" + "eor v11.16b, v11.16b, v11.16b\n\t" + "eor x13, x13, x13\n\t" + "eor v12.16b, v12.16b, v12.16b\n\t" + "eor x14, x14, x14\n\t" + "eor v13.16b, v13.16b, v13.16b\n\t" + "eor x15, x15, x15\n\t" + "eor v14.16b, v14.16b, v14.16b\n\t" + "eor x16, x16, x16\n\t" + "eor v15.16b, v15.16b, v15.16b\n\t" + "eor x17, x17, x17\n\t" + "movz x19, #0x8000, lsl 48\n\t" + "eor v17.16b, v17.16b, v17.16b\n\t" + "eor x20, x20, x20\n\t" + "eor v18.16b, v18.16b, v18.16b\n\t" + "eor x21, x21, x21\n\t" + "eor v19.16b, v19.16b, v19.16b\n\t" + "eor x22, x22, x22\n\t" + "eor v20.16b, v20.16b, v20.16b\n\t" + "eor x23, x23, x23\n\t" + "eor v21.16b, v21.16b, v21.16b\n\t" + "eor x24, x24, x24\n\t" + "eor v22.16b, v22.16b, v22.16b\n\t" + "eor x25, x25, x25\n\t" + "eor v23.16b, v23.16b, v23.16b\n\t" + "eor x26, x26, x26\n\t" + "eor v24.16b, v24.16b, v24.16b\n\t" + "eor x27, x27, x27\n\t" + "dup v0.2d, x2\n\t" + "dup v1.2d, x3\n\t" + "dup v2.2d, x4\n\t" + "dup v3.2d, x5\n\t" + "dup v16.2d, x19\n\t" + "mov %x[seed], #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t" + "stp x28, %x[seed], [x29, #48]\n\t" + /* Col Mix NEON */ + "eor v30.16b, v4.16b, v9.16b\n\t" + "eor %x[state], x6, x11\n\t" + "eor v27.16b, v1.16b, v6.16b\n\t" + "eor x30, x2, x7\n\t" + "eor v30.16b, v30.16b, v14.16b\n\t" + "eor x28, x4, x9\n\t" + "eor v27.16b, v27.16b, v11.16b\n\t" + "eor %x[state], %x[state], x16\n\t" + "eor v30.16b, v30.16b, v19.16b\n\t" + "eor x30, x30, x12\n\t" + "eor v27.16b, v27.16b, v16.16b\n\t" + "eor x28, x28, x14\n\t" + "eor v30.16b, v30.16b, v24.16b\n\t" + "eor %x[state], %x[state], x22\n\t" + "eor v27.16b, v27.16b, v21.16b\n\t" + "eor x30, x30, x17\n\t" + "ushr v25.2d, v27.2d, #63\n\t" + "eor x28, x28, x20\n\t" + "sli v25.2d, v27.2d, #1\n\t" + "eor %x[state], %x[state], x27\n\t" + "eor v25.16b, v25.16b, v30.16b\n\t" + "eor x30, x30, x23\n\t" + "eor v31.16b, v0.16b, v5.16b\n\t" + "eor x28, x28, x25\n\t" + "eor v28.16b, v2.16b, v7.16b\n\t" + "str %x[state], [x29, #32]\n\t" + "eor v31.16b, v31.16b, v10.16b\n\t" + "str x28, [x29, #24]\n\t" + "eor v28.16b, v28.16b, v12.16b\n\t" + "eor %x[seed], x3, x8\n\t" + "eor v31.16b, v31.16b, v15.16b\n\t" + "eor x28, x5, x10\n\t" + "eor v28.16b, v28.16b, v17.16b\n\t" + "eor %x[seed], %x[seed], x13\n\t" + "eor v31.16b, v31.16b, v20.16b\n\t" + "eor x28, x28, x15\n\t" + "eor v28.16b, v28.16b, v22.16b\n\t" + "eor %x[seed], %x[seed], x19\n\t" + "ushr v29.2d, v30.2d, #63\n\t" + "eor x28, x28, x21\n\t" + "ushr v26.2d, v28.2d, #63\n\t" + "eor %x[seed], %x[seed], x24\n\t" + "sli v29.2d, v30.2d, #1\n\t" + "eor x28, x28, x26\n\t" + "sli v26.2d, v28.2d, #1\n\t" + "eor %x[state], %x[state], %x[seed], ror 63\n\t" + "eor v28.16b, v28.16b, v29.16b\n\t" + "eor %x[seed], %x[seed], x28, ror 63\n\t" + "eor v29.16b, v3.16b, v8.16b\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v26.16b, v26.16b, v31.16b\n\t" + "eor x7, x7, %x[state]\n\t" + "eor v29.16b, v29.16b, v13.16b\n\t" + "eor x12, x12, %x[state]\n\t" + "eor v29.16b, v29.16b, v18.16b\n\t" + "eor x17, x17, %x[state]\n\t" + "eor v29.16b, v29.16b, v23.16b\n\t" + "eor x23, x23, %x[state]\n\t" + "ushr v30.2d, v29.2d, #63\n\t" + "eor x4, x4, %x[seed]\n\t" + "sli v30.2d, v29.2d, #1\n\t" + "eor x9, x9, %x[seed]\n\t" + "eor v27.16b, v27.16b, v30.16b\n\t" + "eor x14, x14, %x[seed]\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x20, x20, %x[seed]\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x25, x25, %x[seed]\n\t" + "eor v29.16b, v29.16b, v30.16b\n\t" + "ldr %x[state], [x29, #32]\n\t" + /* Swap Rotate NEON */ + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor v31.16b, v1.16b, v26.16b\n\t" + "ldr %x[seed], [x29, #24]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x28, x28, x30, ror 63\n\t" + "ushr v30.2d, v31.2d, #63\n\t" + "eor x30, x30, %x[seed], ror 63\n\t" + "ushr v1.2d, v6.2d, #20\n\t" + "eor %x[seed], %x[seed], %x[state], ror 63\n\t" + "sli v30.2d, v31.2d, #1\n\t" + "eor x6, x6, x28\n\t" + "sli v1.2d, v6.2d, #44\n\t" + "eor x11, x11, x28\n\t" + "eor v31.16b, v9.16b, v29.16b\n\t" + "eor x16, x16, x28\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor x22, x22, x28\n\t" + "ushr v6.2d, v31.2d, #44\n\t" + "eor x27, x27, x28\n\t" + "ushr v9.2d, v22.2d, #3\n\t" + "eor x3, x3, x30\n\t" + "sli v6.2d, v31.2d, #20\n\t" + "eor x8, x8, x30\n\t" + "sli v9.2d, v22.2d, #61\n\t" + "eor x13, x13, x30\n\t" + "eor v31.16b, v14.16b, v29.16b\n\t" + "eor x19, x19, x30\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor x24, x24, x30\n\t" + "ushr v22.2d, v31.2d, #25\n\t" + "eor x5, x5, %x[seed]\n\t" + "ushr v14.2d, v20.2d, #46\n\t" + "eor x10, x10, %x[seed]\n\t" + "sli v22.2d, v31.2d, #39\n\t" + "eor x15, x15, %x[seed]\n\t" + "sli v14.2d, v20.2d, #18\n\t" + "eor x21, x21, %x[seed]\n\t" + "eor v31.16b, v2.16b, v27.16b\n\t" + "eor x26, x26, %x[seed]\n\t" + /* Swap Rotate Base */ + "eor v12.16b, v12.16b, v27.16b\n\t" + "ror %x[state], x3, #63\n\t" + "ushr v20.2d, v31.2d, #2\n\t" + "ror x3, x8, #20\n\t" + "ushr v2.2d, v12.2d, #21\n\t" + "ror x8, x11, #44\n\t" + "sli v20.2d, v31.2d, #62\n\t" + "ror x11, x25, #3\n\t" + "sli v2.2d, v12.2d, #43\n\t" + "ror x25, x16, #25\n\t" + "eor v31.16b, v13.16b, v28.16b\n\t" + "ror x16, x23, #46\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "ror x23, x4, #2\n\t" + "ushr v12.2d, v31.2d, #39\n\t" + "ror x4, x14, #21\n\t" + "ushr v13.2d, v19.2d, #56\n\t" + "ror x14, x15, #39\n\t" + "sli v12.2d, v31.2d, #25\n\t" + "ror x15, x22, #56\n\t" + "sli v13.2d, v19.2d, #8\n\t" + "ror x22, x26, #8\n\t" + "eor v31.16b, v23.16b, v28.16b\n\t" + "ror x26, x17, #23\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "ror x17, x6, #37\n\t" + "ushr v19.2d, v31.2d, #8\n\t" + "ror x6, x27, #50\n\t" + "ushr v23.2d, v15.2d, #23\n\t" + "ror x27, x24, #62\n\t" + "sli v19.2d, v31.2d, #56\n\t" + "ror x24, x10, #9\n\t" + "sli v23.2d, v15.2d, #41\n\t" + "ror x10, x19, #19\n\t" + "eor v31.16b, v4.16b, v29.16b\n\t" + "ror x19, x7, #28\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + "ror x7, x5, #36\n\t" + "ushr v15.2d, v31.2d, #37\n\t" + "ror x5, x21, #43\n\t" + "ushr v4.2d, v24.2d, #50\n\t" + "ror x21, x20, #49\n\t" + "sli v15.2d, v31.2d, #27\n\t" + "ror x20, x13, #54\n\t" + "sli v4.2d, v24.2d, #14\n\t" + "ror x13, x9, #58\n\t" + "eor v31.16b, v21.16b, v26.16b\n\t" + "ror x9, x12, #61\n\t" + /* Row Mix Base */ + "eor v8.16b, v8.16b, v28.16b\n\t" + "bic x12, x4, x3\n\t" + "ushr v24.2d, v31.2d, #62\n\t" + "bic %x[seed], x5, x4\n\t" + "ushr v21.2d, v8.2d, #9\n\t" + "bic x28, x2, x6\n\t" + "sli v24.2d, v31.2d, #2\n\t" + "bic x30, x3, x2\n\t" + "sli v21.2d, v8.2d, #55\n\t" + "eor x2, x2, x12\n\t" + "eor v31.16b, v16.16b, v26.16b\n\t" + "eor x3, x3, %x[seed]\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "bic x12, x6, x5\n\t" + "ushr v8.2d, v31.2d, #19\n\t" + "eor x5, x5, x28\n\t" + "ushr v16.2d, v5.2d, #28\n\t" + "eor x4, x4, x12\n\t" + "sli v8.2d, v31.2d, #45\n\t" + "eor x6, x6, x30\n\t" + "sli v16.2d, v5.2d, #36\n\t" + "bic x12, x9, x8\n\t" + "eor v31.16b, v3.16b, v28.16b\n\t" + "bic %x[seed], x10, x9\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "bic x28, x7, x11\n\t" + "ushr v5.2d, v31.2d, #36\n\t" + "bic x30, x8, x7\n\t" + "ushr v3.2d, v18.2d, #43\n\t" + "eor x7, x7, x12\n\t" + "sli v5.2d, v31.2d, #28\n\t" + "eor x8, x8, %x[seed]\n\t" + "sli v3.2d, v18.2d, #21\n\t" + "bic x12, x11, x10\n\t" + "eor v31.16b, v17.16b, v27.16b\n\t" + "eor x10, x10, x28\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor x9, x9, x12\n\t" + "ushr v18.2d, v31.2d, #49\n\t" + "eor x11, x11, x30\n\t" + "ushr v17.2d, v11.2d, #54\n\t" + "bic x12, x14, x13\n\t" + "sli v18.2d, v31.2d, #15\n\t" + "bic %x[seed], x15, x14\n\t" + "sli v17.2d, v11.2d, #10\n\t" + "bic x28, %x[state], x16\n\t" + "eor v31.16b, v7.16b, v27.16b\n\t" + "bic x30, x13, %x[state]\n\t" + "eor v10.16b, v10.16b, v25.16b\n\t" + "eor x12, %x[state], x12\n\t" + "ushr v11.2d, v31.2d, #58\n\t" + "eor x13, x13, %x[seed]\n\t" + "ushr v7.2d, v10.2d, #61\n\t" + "bic %x[state], x16, x15\n\t" + "sli v11.2d, v31.2d, #6\n\t" + "eor x15, x15, x28\n\t" + "sli v7.2d, v10.2d, #3\n\t" + "eor x14, x14, %x[state]\n\t" + /* Row Mix NEON */ + "bic v25.16b, v2.16b, v1.16b\n\t" + "eor x16, x16, x30\n\t" + "bic v26.16b, v3.16b, v2.16b\n\t" + "bic %x[state], x20, x19\n\t" + "bic v27.16b, v4.16b, v3.16b\n\t" + "bic %x[seed], x21, x20\n\t" + "bic v28.16b, v0.16b, v4.16b\n\t" + "bic x28, x17, x22\n\t" + "bic v29.16b, v1.16b, v0.16b\n\t" + "bic x30, x19, x17\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "eor x17, x17, %x[state]\n\t" + "eor v1.16b, v1.16b, v26.16b\n\t" + "eor x19, x19, %x[seed]\n\t" + "eor v2.16b, v2.16b, v27.16b\n\t" + "bic %x[state], x22, x21\n\t" + "eor v3.16b, v3.16b, v28.16b\n\t" + "eor x21, x21, x28\n\t" + "eor v4.16b, v4.16b, v29.16b\n\t" + "eor x20, x20, %x[state]\n\t" + "bic v25.16b, v7.16b, v6.16b\n\t" + "eor x22, x22, x30\n\t" + "bic v26.16b, v8.16b, v7.16b\n\t" + "bic %x[state], x25, x24\n\t" + "bic v27.16b, v9.16b, v8.16b\n\t" + "bic %x[seed], x26, x25\n\t" + "bic v28.16b, v5.16b, v9.16b\n\t" + "bic x28, x23, x27\n\t" + "bic v29.16b, v6.16b, v5.16b\n\t" + "bic x30, x24, x23\n\t" + "eor v5.16b, v5.16b, v25.16b\n\t" + "eor x23, x23, %x[state]\n\t" + "eor v6.16b, v6.16b, v26.16b\n\t" + "eor x24, x24, %x[seed]\n\t" + "eor v7.16b, v7.16b, v27.16b\n\t" + "bic %x[state], x27, x26\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor x26, x26, x28\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor x25, x25, %x[state]\n\t" + "bic v25.16b, v12.16b, v11.16b\n\t" + "eor x27, x27, x30\n\t" + "bic v26.16b, v13.16b, v12.16b\n\t" + "bic v27.16b, v14.16b, v13.16b\n\t" + "bic v28.16b, v30.16b, v14.16b\n\t" + "bic v29.16b, v11.16b, v30.16b\n\t" + "eor v10.16b, v30.16b, v25.16b\n\t" + "eor v11.16b, v11.16b, v26.16b\n\t" + "eor v12.16b, v12.16b, v27.16b\n\t" + "eor v13.16b, v13.16b, v28.16b\n\t" + "eor v14.16b, v14.16b, v29.16b\n\t" + "bic v25.16b, v17.16b, v16.16b\n\t" + "bic v26.16b, v18.16b, v17.16b\n\t" + "bic v27.16b, v19.16b, v18.16b\n\t" + "bic v28.16b, v15.16b, v19.16b\n\t" + "bic v29.16b, v16.16b, v15.16b\n\t" + "eor v15.16b, v15.16b, v25.16b\n\t" + "eor v16.16b, v16.16b, v26.16b\n\t" + "eor v17.16b, v17.16b, v27.16b\n\t" + "eor v18.16b, v18.16b, v28.16b\n\t" + "eor v19.16b, v19.16b, v29.16b\n\t" + "bic v25.16b, v22.16b, v21.16b\n\t" + "bic v26.16b, v23.16b, v22.16b\n\t" + "bic v27.16b, v24.16b, v23.16b\n\t" + "bic v28.16b, v20.16b, v24.16b\n\t" + "bic v29.16b, v21.16b, v20.16b\n\t" + "eor v20.16b, v20.16b, v25.16b\n\t" + "eor v21.16b, v21.16b, v26.16b\n\t" + "eor v22.16b, v22.16b, v27.16b\n\t" + "eor v23.16b, v23.16b, v28.16b\n\t" + "eor v24.16b, v24.16b, v29.16b\n\t" + /* Done tranforming */ + "ldp x28, %x[seed], [x29, #48]\n\t" + "ldr %x[state], [x28], #8\n\t" + "subs %x[seed], %x[seed], #1\n\t" + "mov v30.d[0], %x[state]\n\t" + "mov v30.d[1], %x[state]\n\t" + "eor x2, x2, %x[state]\n\t" + "eor v0.16b, v0.16b, v30.16b\n\t" + "bne L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t" + "st1 {v24.d}[0], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "st4 {v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t" + "st4 {v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t" + "st4 {v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t" + "st4 {v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t" + "st4 {v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t" + "st4 {v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t" + "st1 {v24.d}[1], [%x[state]]\n\t" + "add %x[state], %x[state], #8\n\t" + "stp x2, x3, [%x[state]]\n\t" + "stp x4, x5, [%x[state], #16]\n\t" + "stp x6, x7, [%x[state], #32]\n\t" + "stp x8, x9, [%x[state], #48]\n\t" + "stp x10, x11, [%x[state], #64]\n\t" + "stp x12, x13, [%x[state], #80]\n\t" + "stp x14, x15, [%x[state], #96]\n\t" + "stp x16, x17, [%x[state], #112]\n\t" + "stp x19, x20, [%x[state], #128]\n\t" + "stp x21, x22, [%x[state], #144]\n\t" + "stp x23, x24, [%x[state], #160]\n\t" + "stp x25, x26, [%x[state], #176]\n\t" + "str x27, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state), [seed] "+r" (seed) + : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) + : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc" + ); +} + +#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */ +#endif /* WOLFSSL_WC_KYBER */ +#endif /* __aarch64__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S index 1652f41b4..112e2d0d8 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S @@ -47,29 +47,29 @@ .p2align 3 #endif /* __APPLE__ */ L_SHA3_transform_crypto_r: - .xword 0x1 - .xword 0x8082 + .xword 0x0000000000000001 + .xword 0x0000000000008082 .xword 0x800000000000808a .xword 0x8000000080008000 - .xword 0x808b - .xword 0x80000001 + .xword 0x000000000000808b + .xword 0x0000000080000001 .xword 0x8000000080008081 .xword 0x8000000000008009 - .xword 0x8a - .xword 0x88 - .xword 0x80008009 - .xword 0x8000000a - .xword 0x8000808b + .xword 0x000000000000008a + .xword 0x0000000000000088 + .xword 0x0000000080008009 + .xword 0x000000008000000a + .xword 0x000000008000808b .xword 0x800000000000008b .xword 0x8000000000008089 .xword 0x8000000000008003 .xword 0x8000000000008002 .xword 0x8000000000000080 - .xword 0x800a + .xword 0x000000000000800a .xword 0x800000008000000a .xword 0x8000000080008081 .xword 0x8000000000008080 - .xword 0x80000001 + .xword 0x0000000080000001 .xword 0x8000000080008008 #ifndef __APPLE__ .text @@ -206,6 +206,251 @@ L_sha3_crypto_begin: #ifndef __APPLE__ .size BlockSha3,.-BlockSha3 #endif /* __APPLE__ */ +#else +#ifndef __APPLE__ + .text + .type L_SHA3_transform_base_r, %object + .section .rodata + .size L_SHA3_transform_base_r, 192 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_SHA3_transform_base_r: + .xword 0x0000000000000001 + .xword 0x0000000000008082 + .xword 0x800000000000808a + .xword 0x8000000080008000 + .xword 0x000000000000808b + .xword 0x0000000080000001 + .xword 0x8000000080008081 + .xword 0x8000000000008009 + .xword 0x000000000000008a + .xword 0x0000000000000088 + .xword 0x0000000080008009 + .xword 0x000000008000000a + .xword 0x000000008000808b + .xword 0x800000000000008b + .xword 0x8000000000008089 + .xword 0x8000000000008003 + .xword 0x8000000000008002 + .xword 0x8000000000000080 + .xword 0x000000000000800a + .xword 0x800000008000000a + .xword 0x8000000080008081 + .xword 0x8000000000008080 + .xword 0x0000000080000001 + .xword 0x8000000080008008 +#ifndef __APPLE__ +.text +.globl BlockSha3 +.type BlockSha3,@function +.align 2 +BlockSha3: +#else +.section __TEXT,__text +.globl _BlockSha3 +.p2align 2 +_BlockSha3: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-160]! + add x29, sp, #0 + stp x17, x19, [x29, #72] + stp x20, x21, [x29, #88] + stp x22, x23, [x29, #104] + stp x24, x25, [x29, #120] + stp x26, x27, [x29, #136] + str x28, [x29, #152] +#ifndef __APPLE__ + adrp x27, L_SHA3_transform_base_r + add x27, x27, :lo12:L_SHA3_transform_base_r +#else + adrp x27, L_SHA3_transform_base_r@PAGE + add x27, x27, :lo12:L_SHA3_transform_base_r@PAGEOFF +#endif /* __APPLE__ */ + ldp x1, x2, [x0] + ldp x3, x4, [x0, #16] + ldp x5, x6, [x0, #32] + ldp x7, x8, [x0, #48] + ldp x9, x10, [x0, #64] + ldp x11, x12, [x0, #80] + ldp x13, x14, [x0, #96] + ldp x15, x16, [x0, #112] + ldp x17, x19, [x0, #128] + ldp x20, x21, [x0, #144] + ldp x22, x23, [x0, #160] + ldp x24, x25, [x0, #176] + ldr x26, [x0, #192] + str x0, [x29, #40] + mov x28, #24 + # Start of 24 rounds +L_SHA3_transform_base_begin: + stp x27, x28, [x29, #48] + eor x0, x5, x10 + eor x30, x1, x6 + eor x28, x3, x8 + eor x0, x0, x15 + eor x30, x30, x11 + eor x28, x28, x13 + eor x0, x0, x21 + eor x30, x30, x16 + eor x28, x28, x19 + eor x0, x0, x26 + eor x30, x30, x22 + eor x28, x28, x24 + str x0, [x29, #32] + str x28, [x29, #24] + eor x27, x2, x7 + eor x28, x4, x9 + eor x27, x27, x12 + eor x28, x28, x14 + eor x27, x27, x17 + eor x28, x28, x20 + eor x27, x27, x23 + eor x28, x28, x25 + eor x0, x0, x27, ror 63 + eor x27, x27, x28, ror 63 + eor x1, x1, x0 + eor x6, x6, x0 + eor x11, x11, x0 + eor x16, x16, x0 + eor x22, x22, x0 + eor x3, x3, x27 + eor x8, x8, x27 + eor x13, x13, x27 + eor x19, x19, x27 + eor x24, x24, x27 + ldr x0, [x29, #32] + ldr x27, [x29, #24] + eor x28, x28, x30, ror 63 + eor x30, x30, x27, ror 63 + eor x27, x27, x0, ror 63 + eor x5, x5, x28 + eor x10, x10, x28 + eor x15, x15, x28 + eor x21, x21, x28 + eor x26, x26, x28 + eor x2, x2, x30 + eor x7, x7, x30 + eor x12, x12, x30 + eor x17, x17, x30 + eor x23, x23, x30 + eor x4, x4, x27 + eor x9, x9, x27 + eor x14, x14, x27 + eor x20, x20, x27 + eor x25, x25, x27 + # Swap Rotate + ror x0, x2, #63 + ror x2, x7, #20 + ror x7, x10, #44 + ror x10, x24, #3 + ror x24, x15, #25 + ror x15, x22, #46 + ror x22, x3, #2 + ror x3, x13, #21 + ror x13, x14, #39 + ror x14, x21, #56 + ror x21, x25, #8 + ror x25, x16, #23 + ror x16, x5, #37 + ror x5, x26, #50 + ror x26, x23, #62 + ror x23, x9, #9 + ror x9, x17, #19 + ror x17, x6, #28 + ror x6, x4, #36 + ror x4, x20, #43 + ror x20, x19, #49 + ror x19, x12, #54 + ror x12, x8, #58 + ror x8, x11, #61 + # Row Mix + bic x11, x3, x2 + bic x27, x4, x3 + bic x28, x1, x5 + bic x30, x2, x1 + eor x1, x1, x11 + eor x2, x2, x27 + bic x11, x5, x4 + eor x4, x4, x28 + eor x3, x3, x11 + eor x5, x5, x30 + bic x11, x8, x7 + bic x27, x9, x8 + bic x28, x6, x10 + bic x30, x7, x6 + eor x6, x6, x11 + eor x7, x7, x27 + bic x11, x10, x9 + eor x9, x9, x28 + eor x8, x8, x11 + eor x10, x10, x30 + bic x11, x13, x12 + bic x27, x14, x13 + bic x28, x0, x15 + bic x30, x12, x0 + eor x11, x0, x11 + eor x12, x12, x27 + bic x0, x15, x14 + eor x14, x14, x28 + eor x13, x13, x0 + eor x15, x15, x30 + bic x0, x19, x17 + bic x27, x20, x19 + bic x28, x16, x21 + bic x30, x17, x16 + eor x16, x16, x0 + eor x17, x17, x27 + bic x0, x21, x20 + eor x20, x20, x28 + eor x19, x19, x0 + eor x21, x21, x30 + bic x0, x24, x23 + bic x27, x25, x24 + bic x28, x22, x26 + bic x30, x23, x22 + eor x22, x22, x0 + eor x23, x23, x27 + bic x0, x26, x25 + eor x25, x25, x28 + eor x24, x24, x0 + eor x26, x26, x30 + # Done tranforming + ldp x27, x28, [x29, #48] + ldr x0, [x27], #8 + subs x28, x28, #1 + eor x1, x1, x0 + bne L_SHA3_transform_base_begin + ldr x0, [x29, #40] + stp x1, x2, [x0] + stp x3, x4, [x0, #16] + stp x5, x6, [x0, #32] + stp x7, x8, [x0, #48] + stp x9, x10, [x0, #64] + stp x11, x12, [x0, #80] + stp x13, x14, [x0, #96] + stp x15, x16, [x0, #112] + stp x17, x19, [x0, #128] + stp x20, x21, [x0, #144] + stp x22, x23, [x0, #160] + stp x24, x25, [x0, #176] + str x26, [x0, #192] + ldp x17, x19, [x29, #72] + ldp x20, x21, [x29, #88] + ldp x22, x23, [x29, #104] + ldp x24, x25, [x29, #120] + ldp x26, x27, [x29, #136] + ldr x28, [x29, #152] + ldp x29, x30, [sp], #0xa0 + ret +#ifndef __APPLE__ + .size BlockSha3,.-BlockSha3 +#endif /* __APPLE__ */ #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */ #endif /* WOLFSSL_SHA3 */ #endif /* __aarch64__ */ diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c index bb4114d42..e52d02de1 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c @@ -181,6 +181,222 @@ void BlockSha3(unsigned long* state) ); } +#else +static const uint64_t L_SHA3_transform_base_r[] = { + 0x1UL, + 0x8082UL, + 0x800000000000808aUL, + 0x8000000080008000UL, + 0x808bUL, + 0x80000001UL, + 0x8000000080008081UL, + 0x8000000000008009UL, + 0x8aUL, + 0x88UL, + 0x80008009UL, + 0x8000000aUL, + 0x8000808bUL, + 0x800000000000008bUL, + 0x8000000000008089UL, + 0x8000000000008003UL, + 0x8000000000008002UL, + 0x8000000000000080UL, + 0x800aUL, + 0x800000008000000aUL, + 0x8000000080008081UL, + 0x8000000000008080UL, + 0x80000001UL, + 0x8000000080008008UL, +}; + +void BlockSha3(unsigned long* state) +{ + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-64]!\n\t" + "add x29, sp, #0\n\t" +#ifndef __APPLE__ + "adrp x27, %[L_SHA3_transform_base_r]\n\t" + "add x27, x27, :lo12:%[L_SHA3_transform_base_r]\n\t" +#else + "adrp x27, %[L_SHA3_transform_base_r]@PAGE\n\t" + "add x27, x27, %[L_SHA3_transform_base_r]@PAGEOFF\n\t" +#endif /* __APPLE__ */ + "ldp x1, x2, [%x[state]]\n\t" + "ldp x3, x4, [%x[state], #16]\n\t" + "ldp x5, x6, [%x[state], #32]\n\t" + "ldp x7, x8, [%x[state], #48]\n\t" + "ldp x9, x10, [%x[state], #64]\n\t" + "ldp x11, x12, [%x[state], #80]\n\t" + "ldp x13, x14, [%x[state], #96]\n\t" + "ldp x15, x16, [%x[state], #112]\n\t" + "ldp x17, x19, [%x[state], #128]\n\t" + "ldp x20, x21, [%x[state], #144]\n\t" + "ldp x22, x23, [%x[state], #160]\n\t" + "ldp x24, x25, [%x[state], #176]\n\t" + "ldr x26, [%x[state], #192]\n\t" + "str %x[state], [x29, #40]\n\t" + "mov x28, #24\n\t" + /* Start of 24 rounds */ + "\n" + "L_SHA3_transform_base_begin_%=: \n\t" + "stp x27, x28, [x29, #48]\n\t" + "eor %x[state], x5, x10\n\t" + "eor x30, x1, x6\n\t" + "eor x28, x3, x8\n\t" + "eor %x[state], %x[state], x15\n\t" + "eor x30, x30, x11\n\t" + "eor x28, x28, x13\n\t" + "eor %x[state], %x[state], x21\n\t" + "eor x30, x30, x16\n\t" + "eor x28, x28, x19\n\t" + "eor %x[state], %x[state], x26\n\t" + "eor x30, x30, x22\n\t" + "eor x28, x28, x24\n\t" + "str %x[state], [x29, #32]\n\t" + "str x28, [x29, #24]\n\t" + "eor x27, x2, x7\n\t" + "eor x28, x4, x9\n\t" + "eor x27, x27, x12\n\t" + "eor x28, x28, x14\n\t" + "eor x27, x27, x17\n\t" + "eor x28, x28, x20\n\t" + "eor x27, x27, x23\n\t" + "eor x28, x28, x25\n\t" + "eor %x[state], %x[state], x27, ror 63\n\t" + "eor x27, x27, x28, ror 63\n\t" + "eor x1, x1, %x[state]\n\t" + "eor x6, x6, %x[state]\n\t" + "eor x11, x11, %x[state]\n\t" + "eor x16, x16, %x[state]\n\t" + "eor x22, x22, %x[state]\n\t" + "eor x3, x3, x27\n\t" + "eor x8, x8, x27\n\t" + "eor x13, x13, x27\n\t" + "eor x19, x19, x27\n\t" + "eor x24, x24, x27\n\t" + "ldr %x[state], [x29, #32]\n\t" + "ldr x27, [x29, #24]\n\t" + "eor x28, x28, x30, ror 63\n\t" + "eor x30, x30, x27, ror 63\n\t" + "eor x27, x27, %x[state], ror 63\n\t" + "eor x5, x5, x28\n\t" + "eor x10, x10, x28\n\t" + "eor x15, x15, x28\n\t" + "eor x21, x21, x28\n\t" + "eor x26, x26, x28\n\t" + "eor x2, x2, x30\n\t" + "eor x7, x7, x30\n\t" + "eor x12, x12, x30\n\t" + "eor x17, x17, x30\n\t" + "eor x23, x23, x30\n\t" + "eor x4, x4, x27\n\t" + "eor x9, x9, x27\n\t" + "eor x14, x14, x27\n\t" + "eor x20, x20, x27\n\t" + "eor x25, x25, x27\n\t" + /* Swap Rotate */ + "ror %x[state], x2, #63\n\t" + "ror x2, x7, #20\n\t" + "ror x7, x10, #44\n\t" + "ror x10, x24, #3\n\t" + "ror x24, x15, #25\n\t" + "ror x15, x22, #46\n\t" + "ror x22, x3, #2\n\t" + "ror x3, x13, #21\n\t" + "ror x13, x14, #39\n\t" + "ror x14, x21, #56\n\t" + "ror x21, x25, #8\n\t" + "ror x25, x16, #23\n\t" + "ror x16, x5, #37\n\t" + "ror x5, x26, #50\n\t" + "ror x26, x23, #62\n\t" + "ror x23, x9, #9\n\t" + "ror x9, x17, #19\n\t" + "ror x17, x6, #28\n\t" + "ror x6, x4, #36\n\t" + "ror x4, x20, #43\n\t" + "ror x20, x19, #49\n\t" + "ror x19, x12, #54\n\t" + "ror x12, x8, #58\n\t" + "ror x8, x11, #61\n\t" + /* Row Mix */ + "bic x11, x3, x2\n\t" + "bic x27, x4, x3\n\t" + "bic x28, x1, x5\n\t" + "bic x30, x2, x1\n\t" + "eor x1, x1, x11\n\t" + "eor x2, x2, x27\n\t" + "bic x11, x5, x4\n\t" + "eor x4, x4, x28\n\t" + "eor x3, x3, x11\n\t" + "eor x5, x5, x30\n\t" + "bic x11, x8, x7\n\t" + "bic x27, x9, x8\n\t" + "bic x28, x6, x10\n\t" + "bic x30, x7, x6\n\t" + "eor x6, x6, x11\n\t" + "eor x7, x7, x27\n\t" + "bic x11, x10, x9\n\t" + "eor x9, x9, x28\n\t" + "eor x8, x8, x11\n\t" + "eor x10, x10, x30\n\t" + "bic x11, x13, x12\n\t" + "bic x27, x14, x13\n\t" + "bic x28, %x[state], x15\n\t" + "bic x30, x12, %x[state]\n\t" + "eor x11, %x[state], x11\n\t" + "eor x12, x12, x27\n\t" + "bic %x[state], x15, x14\n\t" + "eor x14, x14, x28\n\t" + "eor x13, x13, %x[state]\n\t" + "eor x15, x15, x30\n\t" + "bic %x[state], x19, x17\n\t" + "bic x27, x20, x19\n\t" + "bic x28, x16, x21\n\t" + "bic x30, x17, x16\n\t" + "eor x16, x16, %x[state]\n\t" + "eor x17, x17, x27\n\t" + "bic %x[state], x21, x20\n\t" + "eor x20, x20, x28\n\t" + "eor x19, x19, %x[state]\n\t" + "eor x21, x21, x30\n\t" + "bic %x[state], x24, x23\n\t" + "bic x27, x25, x24\n\t" + "bic x28, x22, x26\n\t" + "bic x30, x23, x22\n\t" + "eor x22, x22, %x[state]\n\t" + "eor x23, x23, x27\n\t" + "bic %x[state], x26, x25\n\t" + "eor x25, x25, x28\n\t" + "eor x24, x24, %x[state]\n\t" + "eor x26, x26, x30\n\t" + /* Done tranforming */ + "ldp x27, x28, [x29, #48]\n\t" + "ldr %x[state], [x27], #8\n\t" + "subs x28, x28, #1\n\t" + "eor x1, x1, %x[state]\n\t" + "bne L_SHA3_transform_base_begin_%=\n\t" + "ldr %x[state], [x29, #40]\n\t" + "stp x1, x2, [%x[state]]\n\t" + "stp x3, x4, [%x[state], #16]\n\t" + "stp x5, x6, [%x[state], #32]\n\t" + "stp x7, x8, [%x[state], #48]\n\t" + "stp x9, x10, [%x[state], #64]\n\t" + "stp x11, x12, [%x[state], #80]\n\t" + "stp x13, x14, [%x[state], #96]\n\t" + "stp x15, x16, [%x[state], #112]\n\t" + "stp x17, x19, [%x[state], #128]\n\t" + "stp x20, x21, [%x[state], #144]\n\t" + "stp x22, x23, [%x[state], #160]\n\t" + "stp x24, x25, [%x[state], #176]\n\t" + "str x26, [%x[state], #192]\n\t" + "ldp x29, x30, [sp], #0x40\n\t" + : [state] "+r" (state) + : [L_SHA3_transform_base_r] "S" (L_SHA3_transform_base_r) + : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc" + ); +} + #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */ #endif /* WOLFSSL_SHA3 */ #endif /* __aarch64__ */ diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S index 5ff72c37b..139b3e42f 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S @@ -65,7 +65,7 @@ L_SHA512_transform_neon_len_k: .xword 0xc19bf174cf692694 .xword 0xe49b69c19ef14ad2 .xword 0xefbe4786384f25e3 - .xword 0xfc19dc68b8cd5b5 + .xword 0x0fc19dc68b8cd5b5 .xword 0x240ca1cc77ac9c65 .xword 0x2de92c6f592b0275 .xword 0x4a7484aa6ea6e483 @@ -77,7 +77,7 @@ L_SHA512_transform_neon_len_k: .xword 0xbf597fc7beef0ee4 .xword 0xc6e00bf33da88fc2 .xword 0xd5a79147930aa725 - .xword 0x6ca6351e003826f + .xword 0x06ca6351e003826f .xword 0x142929670a0e6e70 .xword 0x27b70a8546d22ffc .xword 0x2e1b21385c26c926 @@ -115,8 +115,8 @@ L_SHA512_transform_neon_len_k: .xword 0xd186b8c721c0c207 .xword 0xeada7dd6cde0eb1e .xword 0xf57d4f7fee6ed178 - .xword 0x6f067aa72176fba - .xword 0xa637dc5a2c898a6 + .xword 0x06f067aa72176fba + .xword 0x0a637dc5a2c898a6 .xword 0x113f9804bef90dae .xword 0x1b710b35131c471b .xword 0x28db77f523047d84 @@ -156,8 +156,7 @@ _Transform_Sha512_Len_neon: #endif /* __APPLE__ */ stp x29, x30, [sp, #-128]! add x29, sp, #0 - str x17, [x29, #16] - str x19, [x29, #24] + stp x17, x19, [x29, #16] stp x20, x21, [x29, #32] stp x22, x23, [x29, #48] stp x24, x25, [x29, #64] @@ -1082,8 +1081,7 @@ L_sha512_len_neon_start: stp x6, x7, [x0, #16] stp x8, x9, [x0, #32] stp x10, x11, [x0, #48] - ldr x17, [x29, #16] - ldr x19, [x29, #24] + ldp x17, x19, [x29, #16] ldp x20, x21, [x29, #32] ldp x22, x23, [x29, #48] ldp x24, x25, [x29, #64] @@ -1128,7 +1126,7 @@ L_SHA512_transform_crypto_len_k: .xword 0xc19bf174cf692694 .xword 0xe49b69c19ef14ad2 .xword 0xefbe4786384f25e3 - .xword 0xfc19dc68b8cd5b5 + .xword 0x0fc19dc68b8cd5b5 .xword 0x240ca1cc77ac9c65 .xword 0x2de92c6f592b0275 .xword 0x4a7484aa6ea6e483 @@ -1140,7 +1138,7 @@ L_SHA512_transform_crypto_len_k: .xword 0xbf597fc7beef0ee4 .xword 0xc6e00bf33da88fc2 .xword 0xd5a79147930aa725 - .xword 0x6ca6351e003826f + .xword 0x06ca6351e003826f .xword 0x142929670a0e6e70 .xword 0x27b70a8546d22ffc .xword 0x2e1b21385c26c926 @@ -1178,8 +1176,8 @@ L_SHA512_transform_crypto_len_k: .xword 0xd186b8c721c0c207 .xword 0xeada7dd6cde0eb1e .xword 0xf57d4f7fee6ed178 - .xword 0x6f067aa72176fba - .xword 0xa637dc5a2c898a6 + .xword 0x06f067aa72176fba + .xword 0x0a637dc5a2c898a6 .xword 0x113f9804bef90dae .xword 0x1b710b35131c471b .xword 0x28db77f523047d84 diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 2bba29bce..1a3596a61 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -62,8 +62,7 @@ } #endif -#if (!defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \ - !defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) && !defined(WOLFSSL_RISCV_ASM) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) #ifdef USE_INTEL_SPEEDUP #include diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c index 8e56bcc0e..aa03a42b6 100644 --- a/wolfcrypt/src/wc_kyber.c +++ b/wolfcrypt/src/wc_kyber.c @@ -51,10 +51,11 @@ /* Use SHA3-512 to generate 64-bytes of hash. */ #define KYBER_HASH_G kyber_hash512 /* Use SHAKE-256 as a key derivation function (KDF). */ -#ifdef USE_INTEL_SPEEDUP -#define KYBER_KDF kyber_kdf +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) + #define KYBER_KDF kyber_kdf #else -#define KYBER_KDF wc_Shake256Hash + #define KYBER_KDF wc_Shake256Hash #endif /******************************************************************************/ diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index cf8a5b03e..4321f1a05 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -167,6 +167,7 @@ const sword16 zetas_inv[KYBER_N / 2] = { }; +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) /* Number-Theoretic Transform. * * @param [in, out] r Polynomial to transform. @@ -1045,6 +1046,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, } #endif } +#endif /* Pointwise multiply elements of a and b, into r, and multiply by 2^-16. * @@ -1078,6 +1080,110 @@ void kyber_init(void) /******************************************************************************/ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +/* Generate a public-private key pair from randomly generated data. + * + * @param [in, out] priv Private key vector of polynomials. + * @param [out] pub Public key vector of polynomials. + * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in] a Random values in an array of vectors of polynomials. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, + int kp) +{ + int i; + + /* Transform private key. All of result used in public key calculation */ + for (i = 0; i < kp; ++i) { + kyber_ntt(priv + i * KYBER_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < kp; ++i) { + /* Multiply a by private into public polynomial. */ + kyber_pointwise_acc_mont(pub + i * KYBER_N, a + i * kp * KYBER_N, priv, + kp); + /* Convert public polynomial to Montgomery form. */ + kyber_to_mont(pub + i * KYBER_N); + /* Transform error values polynomial. */ + kyber_ntt(e + i * KYBER_N); + /* Add errors to public key and reduce. */ + kyber_add_reduce(pub + i * KYBER_N, e + i * KYBER_N); + } +} + +/* Encapsuluate message. + * + * @param [in] pub Public key vector of polynomials. + * @param [out] bp Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] at Array of vector of polynomials. + * @param [in] sp Vector of polynomials. + * @param [in] ep Error Vector of polynomials. + * @param [in] epp Error polynomial. + * @param [in] m Message polynomial. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v, + const sword16* at, sword16* sp, const sword16* ep, const sword16* epp, + const sword16* m, int kp) +{ + int i; + + /* Transform sp. All of result used in calculation of bp and v. */ + for (i = 0; i < kp; ++i) { + kyber_ntt(sp + i * KYBER_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < kp; ++i) { + /* Multiply at by sp into bp polynomial. */ + kyber_pointwise_acc_mont(bp + i * KYBER_N, at + i * kp * KYBER_N, sp, + kp); + /* Inverse transform bp polynomial. */ + kyber_invntt(bp + i * KYBER_N); + /* Add errors to bp and reduce. */ + kyber_add_reduce(bp + i * KYBER_N, ep + i * KYBER_N); + } + + /* Multiply public key by sp into v polynomial. */ + kyber_pointwise_acc_mont(v, pub, sp, kp); + /* Inverse transform v. */ + kyber_invntt(v); + /* Add errors and message to v and reduce. */ + kyber_add3_reduce(v, epp, m); +} + +/* Decapsulate message. + * + * @param [in] priv Private key vector of polynomials. + * @param [out] mp Message polynomial. + * @param [in] bp Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, + const sword16* v, int kp) +{ + int i; + + /* Transform bp. All of result used in calculation of mp. */ + for (i = 0; i < kp; ++i) { + kyber_ntt(bp + i * KYBER_N); + } + + /* Multiply private key by bp into mp polynomial. */ + kyber_pointwise_acc_mont(mp, priv, bp, kp); + /* Inverse transform mp. */ + kyber_invntt(mp); + /* Subtract errors (mp) out of v and reduce into mp. */ + kyber_rsub_reduce(mp, v); +} + +#else + /* Generate a public-private key pair from randomly generated data. * * @param [in, out] priv Private key vector of polynomials. @@ -1269,6 +1375,8 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, } } +#endif + /******************************************************************************/ #ifdef USE_INTEL_SPEEDUP @@ -1578,8 +1686,237 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) return 0; } #endif /* KYBER1024 */ +#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) +#ifdef WOLFSSL_KYBER512 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) +{ + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + if (!transposed) { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1; + state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0; + } + else { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0; + state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1; + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2, + p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (1 << 8) + 1; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = 0x8000000000000000UL; + BlockSha3(state); + p = (byte*)state; + ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); + while (ctr0 < KYBER_N) { + BlockSha3(state); + ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER768 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 3; k++) { + for (i = 0; i < 3; i++) { + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + ((k << 8) + i); + } + else { + state[i*25 + 4] = 0x1f0000 + ((i << 8) + k); + } + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p +=25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, + KYBER_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, + KYBER_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, + KYBER_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER1024 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 5; k++) { + for (i = 0; i < 3; i++) { + byte bi = ((k * 3) + i) / 4; + byte bj = ((k * 3) + i) % 4; + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj; + } + else { + state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi; + } + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, + KYBER_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, + KYBER_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, + KYBER_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + } + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (3 << 8) + 3; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = 0x8000000000000000UL; + BlockSha3(state); + p = (byte*)state; + ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); + while (ctr0 < KYBER_N) { + BlockSha3(state); + ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif #endif /* USE_INTEL_SPEEDUP */ +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Absorb the seed data for squeezing out pseudo-random data. * * @param [in, out] shake128 SHAKE-128 object. @@ -1610,6 +1947,7 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks) { return wc_Shake128_SqueezeBlocks(shake128, out, blocks); } +#endif /* New/Initialize SHA-3 object. * @@ -1690,6 +2028,7 @@ void kyber_prf_free(wc_Shake* prf) wc_Shake256_Free(prf); } +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Create pseudo-random data from the key using SHAKE-256. * * @param [in, out] shake256 SHAKE-256 object. @@ -1739,6 +2078,7 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, return ret; #endif } +#endif #ifdef USE_INTEL_SPEEDUP /* Create pseudo-random key from the seed using SHAKE-256. @@ -1777,6 +2117,36 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) } #endif +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) +/* Create pseudo-random key from the seed using SHAKE-256. + * + * @param [in] seed Data to derive from. + * @param [in] seedLen Length of data to derive from in bytes. + * @param [out] out Buffer to write to. + * @param [in] outLen Number of bytes to derive. + * @return 0 on success always. + */ +int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) +{ + word64 state[25]; + int i; + int len64 = seedLen / 8; + + for (i = 0; i < len64; i++) { + state[i] = ((word64*)seed)[i]; + } + state[len64] = 0x1f; + XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); + state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + + BlockSha3(state); + XMEMCPY(out, state, outLen); + + return 0; +} +#endif + +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Rejection sampling on uniform random bytes to generate uniform random * integers mod q. * @@ -1792,6 +2162,7 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, unsigned int i; unsigned int j; +#if defined(WOLFSSL_KYBER_SMALL) || !defined(WC_64BIT_CPU) /* Keep sampling until maximum number of integers reached or buffer used up. */ for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) { @@ -1812,10 +2183,90 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, /* Move over used bytes. */ r += 3; } +#else + unsigned int minJ; + + minJ = len / 4 * 6; + if (minJ > rLen) + minJ = rLen; + i = 0; + for (j = 0; j < minJ; j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + sword16 v0 = (*(word64*)r) & 0xfff; + sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; + sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; + sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + + p[i] = v0 & (0 - (v0 < KYBER_Q)); + i += v0 < KYBER_Q; + p[i] = v1 & (0 - (v1 < KYBER_Q)); + i += v1 < KYBER_Q; + p[i] = v2 & (0 - (v2 < KYBER_Q)); + i += v2 < KYBER_Q; + p[i] = v3 & (0 - (v3 < KYBER_Q)); + i += v3 < KYBER_Q; + + /* Move over used bytes. */ + r += 6; + } + if (j < rLen) { + for (; (i + 4 < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + sword16 v0 = (*(word64*)r) & 0xfff; + sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; + sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; + sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + + p[i] = v0; + i += v0 < KYBER_Q; + p[i] = v1; + i += v1 < KYBER_Q; + p[i] = v2; + i += v2 < KYBER_Q; + p[i] = v3; + i += v3 < KYBER_Q; + + /* Move over used bytes. */ + r += 6; + } + for (; (i < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + sword16 v0 = (*(word64*)r) & 0xfff; + sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; + sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; + sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + + /* Reject first 12-bit integer if greater than or equal to q. */ + if (v0 < KYBER_Q) { + p[i++] = v0; + } + /* Check second if we don't have enough integers yet. + * Reject second 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v1 < KYBER_Q)) { + p[i++] = v1; + } + /* Check second if we don't have enough integers yet. + * Reject third 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v2 < KYBER_Q)) { + p[i++] = v2; + } + /* Check second if we don't have enough integers yet. + * Reject fourth 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v3 < KYBER_Q)) { + p[i++] = v3; + } + + /* Move over used bytes. */ + r += 6; + } + } +#endif return i; } +#endif +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1851,6 +2302,12 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, } #endif +#if !defined(WOLFSSL_KYBER_SMALL) && defined(WC_64BIT_CPU) + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + rand[GEN_MATRIX_SIZE+0] = 0xff; + rand[GEN_MATRIX_SIZE+1] = 0xff; +#endif + /* Generate each vector of polynomials. */ for (i = 0; (ret == 0) && (i < kp); i++, a += kp * KYBER_N) { int j; @@ -1871,35 +2328,17 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS); } if (ret == 0) { - #if (GEN_MATRIX_SIZE % 3) != 0 - unsigned int randLen; - #endif unsigned int ctr; /* Sample random bytes to create a polynomial. */ ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand, GEN_MATRIX_SIZE); /* Create more blocks if too many rejected. */ - #if (GEN_MATRIX_SIZE % 3) != 0 - randLen = GEN_MATRIX_SIZE; - while (ctr < KYBER_N) { - int off = randLen % 3; - int k; - for (k = 0; k < off; k++) { - rand[k] = rand[randLen - off + k]; - } - kyber_xof_squeezeblocks(prf, rand + off, 1); - randLen = off + XOF_BLOCK_SIZE; - ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr, - KYBER_N - ctr, rand, randLen); - } - #else while (ctr < KYBER_N) { kyber_xof_squeezeblocks(prf, rand, 1); ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr, KYBER_N - ctr, rand, XOF_BLOCK_SIZE); } - #endif } } } @@ -1911,6 +2350,7 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, return ret; } +#endif /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * @@ -1932,6 +2372,9 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, #ifdef WOLFSSL_KYBER512 if (kp == KYBER512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_gen_matrix_k2_avx2(a, seed, transposed); @@ -1941,11 +2384,15 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, { ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed); } +#endif } else #endif #ifdef WOLFSSL_KYBER768 if (kp == KYBER768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_gen_matrix_k3_avx2(a, seed, transposed); @@ -1955,11 +2402,15 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, { ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed); } +#endif } else #endif #ifdef WOLFSSL_KYBER1024 if (kp == KYBER1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_gen_matrix_k4_avx2(a, seed, transposed); @@ -1969,6 +2420,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, { ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed); } +#endif } else #endif @@ -1976,6 +2428,8 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = BAD_STATE_E; } + (void)prf; + return ret; } @@ -2240,6 +2694,8 @@ static void kyber_cbd_eta3(sword16* p, const byte* r) } #endif +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + /* Get noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2306,6 +2762,8 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p, return ret; } +#endif + #ifdef USE_INTEL_SPEEDUP #define PRF_RAND_SZ (2 * SHA3_256_BYTES) @@ -2488,6 +2946,206 @@ static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1, #endif #endif /* USE_INTEL_SPEEDUP */ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +#define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + kyber_shake256_blocksx3_seed_neon(state, seed); +} + +#ifdef WOLFSSL_KYBER512 +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void kyber_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[3 * 25]; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + kyber_shake256_blocksx3_seed_neon(state, seed); + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES); + kyber_sha3_blocksx3_neon(state); + rand += SHA3_256_BYTES; + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void kyber_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[25]; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = 0x8000000000000000UL; + BlockSha3(state); + XMEMCPY(rand , state, SHA3_256_BYTES); + BlockSha3(state); + XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta3_aarch64(rand, seed, 0); + kyber_cbd_eta3(vec1 , rand + 0 * ETA3_RAND_SIZE); + kyber_cbd_eta3(vec1 + KYBER_N, rand + 1 * ETA3_RAND_SIZE); + if (poly == NULL) { + kyber_cbd_eta3(vec2 , rand + 2 * ETA3_RAND_SIZE); + kyber_get_noise_eta3_aarch64(rand, seed, 3); + kyber_cbd_eta3(vec2 + KYBER_N, rand ); + } + else { + kyber_get_noise_x3_eta2_aarch64(rand, seed, 2); + kyber_cbd_eta2(vec2 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(poly , rand + 2 * 25 * 8); + } + + return ret; +} +#endif + +#ifdef WOLFSSL_KYBER768 +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void kyber_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + /* Transposed value same as not. */ + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = 0x8000000000000000UL; + BlockSha3(state); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta2_aarch64(rand, seed, 0); + kyber_cbd_eta2(vec1 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 3); + kyber_cbd_eta2(vec2 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 2 * 25 * 8); + if (poly != NULL) { + kyber_get_noise_eta2_aarch64(rand, seed, 6); + kyber_cbd_eta2(poly , rand + 0 * 25 * 8); + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER1024 +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k4_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta2_aarch64(rand, seed, 0); + kyber_cbd_eta2(vec1 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 3); + kyber_cbd_eta2(vec1 + 3 * KYBER_N, rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 , rand + 1 * 25 * 8); + kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 6); + kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + 3 * KYBER_N, rand + 1 * 25 * 8); + if (poly != NULL) { + kyber_cbd_eta2(poly, rand + 2 * 25 * 8); + } + + return ret; +} +#endif +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2531,6 +3189,8 @@ static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1, return ret; } +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2549,6 +3209,9 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, #ifdef WOLFSSL_KYBER512 if (kp == KYBER512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed); @@ -2563,11 +3226,15 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif #ifdef WOLFSSL_KYBER768 if (kp == KYBER768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed); @@ -2578,11 +3245,15 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif #ifdef WOLFSSL_KYBER1024 if (kp == KYBER1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags)) { ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed); @@ -2593,6 +3264,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif @@ -2600,11 +3272,14 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = BAD_STATE_E; } + (void)prf; + return ret; } /******************************************************************************/ +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) /* Compare two byte arrays of equal size. * * @param [in] a First array to compare. @@ -2624,6 +3299,7 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz) } return 0 - ((-(word32)r) >> 31); } +#endif /* Compare two byte arrays of equal size. * @@ -2635,6 +3311,9 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz) */ int kyber_cmp(const byte* a, const byte* b, int sz) { +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + return kyber_cmp_neon(a, b, sz); +#else int fail; #ifdef USE_INTEL_SPEEDUP @@ -2648,10 +3327,13 @@ int kyber_cmp(const byte* a, const byte* b, int sz) } return fail; +#endif } /******************************************************************************/ +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + /* Conditional subtraction of q to each coefficient of a polynomial. * * @param [in, out] p Polynomial. @@ -2667,6 +3349,12 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) } } +#else + +#define kyber_csubq_c kyber_csubq_neon + +#endif + /******************************************************************************/ #if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE) @@ -3511,6 +4199,7 @@ void kyber_decompress_5(sword16* p, const unsigned char* b) /******************************************************************************/ +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) /* Convert bit from byte to 0 or (KYBER_Q + 1) / 2. * * Constant time implementation. @@ -3622,7 +4311,7 @@ static void kyber_to_msg_c(byte* msg, sword16* p) /* Reduce each coefficient to mod q. */ kyber_csubq_c(p); - /* All values are now positive. */ + /* All values are now in range. */ for (i = 0; i < KYBER_N / 8; i++) { #ifdef WOLFSSL_KYBER_SMALL @@ -3663,6 +4352,27 @@ void kyber_to_msg(byte* msg, sword16* p) kyber_to_msg_c(msg, p); } } +#else +/* Convert message to polynomial. + * + * @param [out] p Polynomial. + * @param [in] msg Message as a byte array. + */ +void kyber_from_msg(sword16* p, const byte* msg) +{ + kyber_from_msg_neon(p, msg); +} + +/* Convert polynomial to message. + * + * @param [out] msg Message as a byte array. + * @param [in] p Polynomial. + */ +void kyber_to_msg(byte* msg, sword16* p) +{ + kyber_to_msg_neon(msg, p); +} +#endif /******************************************************************************/ diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 012005150..f65c41d32 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -220,8 +220,7 @@ WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); WOLFSSL_LOCAL void sha3_block_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif -#if (defined(WOLFSSL_ARMASM) && (defined(__arm__) || \ - defined(WOLFSSL_ARMASM_CRYPTO_SHA3))) || defined(WOLFSSL_RISCV_ASM) +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 34b3d64ed..2b8ac8da2 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -163,7 +163,8 @@ WOLFSSL_LOCAL int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2, sword16* poly, byte* seed); -#ifdef USE_INTEL_SPEEDUP +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) WOLFSSL_LOCAL int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen); #endif @@ -288,6 +289,27 @@ void kyber_decompress_5_avx2(sword16* p, const byte* r); WOLFSSL_LOCAL int kyber_cmp_avx2(const byte* a, const byte* b, int sz); +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +WOLFSSL_LOCAL void kyber_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_add_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void kyber_add3_reduce(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_rsub_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void kyber_to_mont(sword16* p); +WOLFSSL_LOCAL void kyber_sha3_blocksx3_neon(word64* state); +WOLFSSL_LOCAL void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); +WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz); +WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p); +WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg); +WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); #endif #ifdef __cplusplus From 2a354905cbc3559518b91678f648b17b462a3ef5 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 25 Sep 2024 19:42:21 -0700 Subject: [PATCH 061/325] Add wolfSSL esp-tls and Certificate Bundle Support, improve esp32_mp RSA --- wolfcrypt/src/include.am | 6 + wolfcrypt/src/port/Espressif/README.md | 2 +- wolfcrypt/src/port/Espressif/esp32_mp.c | 336 +- .../port/Espressif/esp_crt_bundle/README.md | 287 ++ .../Espressif/esp_crt_bundle/cacrt_all.pem | 3602 +++++++++++++++++ .../esp_crt_bundle/cacrt_deprecated.pem | 198 + .../Espressif/esp_crt_bundle/cacrt_local.pem | 33 + .../Espressif/esp_crt_bundle/esp_crt_bundle.c | 1564 +++++++ .../esp_crt_bundle/gen_crt_bundle.py | 360 ++ .../src/port/Espressif/esp_sdk_time_lib.c | 55 +- wolfssl/wolfcrypt/include.am | 3 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 8 + .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 233 ++ wolfssl/wolfcrypt/settings.h | 65 + 14 files changed, 6667 insertions(+), 85 deletions(-) create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c create mode 100644 wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py create mode 100644 wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 675415f84..d4d7ffd6b 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -123,6 +123,12 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \ wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \ wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \ + wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \ wolfcrypt/src/port/Espressif/README.md \ wolfcrypt/src/port/arm/cryptoCell.c \ wolfcrypt/src/port/arm/cryptoCellHash.c \ diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index b2f9d60f5..a95d86ff2 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -12,7 +12,7 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric ## ESP32 Acceleration -More details about ESP32 HW Accelerationcan be found in: +More details about ESP32 HW Acceleration can be found in: * [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf) * [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf) diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 5c3759273..952a12c1c 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -35,7 +35,6 @@ * * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V" * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464 - * https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/release-5.x/5.0/gcc.html */ #ifdef HAVE_CONFIG_H @@ -69,9 +68,70 @@ #include #endif -#define ESP_HW_RSAMAX_BIT 4096 -#define ESP_HW_MULTI_RSAMAX_BITS 2048 #define ESP_HW_RSAMIN_BIT 512 +#define ESP_HW_RSAMAX_BIT 4096 +#if defined(CONFIG_IDF_TARGET_ESP32) + /* See 24.3.2 Large Number Modular Exponentiation: + * esp32_technical_reference_manual_en.pdf + * The RSA Accelerator supports specific operand lengths of N + * {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits + * + * 24.3.4 Large Number Multiplication + * The length of Z is twice that of X and Y . Therefore, the RSA Accelerator + * supports large-number multiplication with only four operand lengths of + * N in {512, 1024, 1536, 2048} */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + /* See 18.3.1 Large Number Modular Exponentiation + * esp32-s2_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 128 = 4096 */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* See 20.3.1 Large Number Modular Exponentiation + * esp32-s3_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 128 = 4096 */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* See 20.3.1 Large Number Modular Exponentiation + * esp32-c3_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 96 = 3072 */ + #define ESP_HW_MOD_RSAMAX_BITS 3072 + /* The length of result Z is twice that of operand X and operand Y. + * Therefore, the RSA accelerator only supports large-number multiplication + * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}. + * 32 * (96/2) = 32 * (48/2) = 1536 */ + #define ESP_HW_MULTI_RSAMAX_BITS 1536 +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* See 22.3.1 Large-number Modular Exponentiation + * esp32-c6_technical_reference_manual_en.pdf + * The RSA accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 96 = 3072 */ + #define ESP_HW_MOD_RSAMAX_BITS 3072 + /* The length of result Z is twice that of operand X and operand Y. + * Therefore, the RSA accelerator only supports large-number multiplication + * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}. + * 32 * (96/2) = 32 * (48/2) = 1536 */ + #define ESP_HW_MULTI_RSAMAX_BITS 1536 +#else + /* No HW on ESP8266, but then we'll not even use this lib. + * Other ESP32 devices not implemented: */ + #define ESP_HW_MOD_RSAMAX_BITS 0 + #define ESP_HW_MULTI_RSAMAX_BITS 0 +#endif /* (s+(4-1))/ 4 */ #define BYTE_TO_WORDS(s) (((s+3)>>2)) @@ -81,6 +141,7 @@ #define BITS_IN_ONE_WORD 32 +/* Some minimum operand sizes, fall back to SW if too small: */ #ifndef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 #endif @@ -93,8 +154,18 @@ #define ESP_RSA_EXPT_YBITS 8 #endif +/* RSA math calculation timeout */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x5000000 +#endif #define ESP_TIMEOUT(cnt) (cnt >= ESP_RSA_TIMEOUT_CNT) +/* Hardware Ready Timeout */ +#ifndef ESP_RSA_WAIT_TIMEOUT_CNT + #define ESP_RSA_WAIT_TIMEOUT_CNT 0x20 +#endif +#define ESP_WAIT_TIMEOUT(cnt) (cnt >= ESP_RSA_WAIT_TIMEOUT_CNT) + #if defined(CONFIG_IDF_TARGET_ESP32C3) #include #include @@ -142,33 +213,42 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED; #ifdef WOLFSSL_HW_METRICS static unsigned long esp_mp_max_used = 0; - static unsigned long esp_mp_mulmod_small_x_ct = 0; - static unsigned long esp_mp_mulmod_small_y_ct = 0; - - static unsigned long esp_mp_max_timeout = 0; + static unsigned long esp_mp_max_timeout = 0; /* Calc duration */ + static unsigned long esp_mp_max_wait_timeout; /* HW wait duration */ + /* HW Multiplication Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL static unsigned long esp_mp_mul_usage_ct = 0; static unsigned long esp_mp_mul_error_ct = 0; + static unsigned long esp_mp_mul_tiny_ct = 0; + static unsigned long esp_mp_mul_max_exceeded_ct = 0; #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* HW Modular Multiplication Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + static unsigned long esp_mp_mulmod_small_x_ct = 0; + static unsigned long esp_mp_mulmod_small_y_ct = 0; + static unsigned long esp_mp_mulmod_max_exceeded_ct = 0; static unsigned long esp_mp_mulmod_usage_ct = 0; static unsigned long esp_mp_mulmod_fallback_ct = 0; static unsigned long esp_mp_mulmod_even_mod_ct = 0; static unsigned long esp_mp_mulmod_error_ct = 0; - #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + #endif + /* HW Modular Exponentiation Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD static unsigned long esp_mp_exptmod_usage_ct = 0; static unsigned long esp_mp_exptmod_error_ct = 0; + static unsigned long esp_mp_exptmod_max_exceeded_ct = 0; static unsigned long esp_mp_exptmod_fallback_ct = 0; #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ -#endif +#endif /* WOLFSSL_HW_METRICS */ /* mutex */ #ifdef SINGLE_THREADED - int single_thread_locked = 0; + /* Although freeRTOS is multithreaded, if we know we'll only be in + * a single thread for wolfSSL, we can avoid the complexity of mutexes. */ + static int single_thread_locked = 0; #else static wolfSSL_Mutex mp_mutex; static int espmp_CryptHwMutexInit = 0; @@ -185,7 +265,7 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED; * check if the HW is ready before accessing it * * See 24.3.1 Initialization of ESP32 Technical Reference Manual -* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf +* esp32_technical_reference_manual_en.pdf * * The RSA Accelerator is activated by enabling the corresponding peripheral * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG @@ -238,14 +318,23 @@ static int esp_mp_hw_wait_clean(void) /* no HW timeout if we don't know the platform. assumes no HW */ #endif - #if defined(WOLFSSL_HW_METRICS) - { - esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout : - esp_mp_max_timeout; +#if defined(WOLFSSL_HW_METRICS) + /* The wait timeout is separate from the overall max calc timeout. */ + if (timeout > esp_mp_max_wait_timeout) { + esp_mp_max_wait_timeout = timeout; } - #endif + /* Also see if the overall timeout has been increased. */ + if (timeout > esp_mp_max_timeout) { + esp_mp_max_timeout = timeout; + } +#endif if (ESP_TIMEOUT(timeout)) { + /* This is highly unusual and will likely only occur in multi-threaded + * application. wolfSSL ctx is not thread safe. */ + #ifndef SINGLE_THREADED + ESP_LOGI(TAG, "Consider #define SINGLE_THREADED. See docs"); + #endif ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out."); ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */ } @@ -293,7 +382,7 @@ static int esp_mp_hw_islocked(void) * Returns 0 (ESP_OK) if the HW lock was initialized and mutex lock. * * See Chapter 24: -* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf +* esp32_technical_reference_manual_en.pdf * * The RSA Accelerator is activated by enabling the corresponding peripheral * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG @@ -332,8 +421,7 @@ static int esp_mp_hw_lock(void) if (ret == ESP_OK) { /* lock hardware; there should be exactly one instance * of esp_CryptHwMutexLock(&mp_mutex ...) in code */ - /* TODO - do we really want to wait? - * probably not */ + ret = esp_CryptHwMutexLock(&mp_mutex, ESP_MP_HW_LOCK_MAX_DELAY); if (ret != ESP_OK) { ESP_LOGE(TAG, "mp engine lock failed."); @@ -529,7 +617,9 @@ static int esp_mp_hw_unlock(void) ESP_LOGV(TAG, "exit esp_mp_hw_unlock"); } else { +#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGW(TAG, "Warning: esp_mp_hw_unlock called when not locked."); +#endif } return ret; @@ -736,6 +826,12 @@ static int wait_until_done(word32 reg) #endif +#if defined(WOLFSSL_HW_METRICS) + if (timeout > esp_mp_max_timeout) { + esp_mp_max_timeout = timeout; + } +#endif + if (ESP_TIMEOUT(timeout)) { ESP_LOGE(TAG, "rsa operation timed out."); ret = WC_HW_E; /* MP_HW_ERROR; */ @@ -1084,12 +1180,17 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, mph->hwWords_sz = words2hwords(mph->maxWords_sz); if ((mph->hwWords_sz << 5) > ESP_HW_RSAMAX_BIT) { + #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) || \ + defined(WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) ESP_LOGW(TAG, "Warning: hwWords_sz = %d (%d bits)" " exceeds HW maximum bits (%d), " " falling back to SW.", mph->hwWords_sz, mph->hwWords_sz << 5, ESP_HW_RSAMAX_BIT); + #endif + /* The fallback error code is expected to be handled by + * caller to perform software instead. */ ret = MP_HW_FALLBACK; } /* hwWords_sz check */ } /* X and Y size ok */ @@ -1285,17 +1386,34 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) Zs = Xs + Ys; /* RSA Accelerator only supports Large Number Multiplication - * with operand length N = 32 * x, - * where x in {1, 2, 3, . . . , 64} */ - if (Xs > 64 || Ys > 64) { - return MP_HW_FALLBACK; /* TODO add count metric on size fallback */ + * with certain operand lengths N = (32 * x); See above. */ + if (Xs > ESP_HW_MULTI_RSAMAX_BITS) { +#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul X %d bits exceeds max bit length (%d)", + Xs, ESP_HW_MULTI_RSAMAX_BITS); +#endif + esp_mp_mul_max_exceeded_ct++; + return MP_HW_FALLBACK; + } + if (Ys > ESP_HW_MULTI_RSAMAX_BITS) { +#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul Y %d bits exceeds max bit length (%d)", + Ys, ESP_HW_MULTI_RSAMAX_BITS); +#endif + esp_mp_mul_max_exceeded_ct++; + return MP_HW_FALLBACK; } - if (Zs <= sizeof(mp_digit)*8) { + /* sizeof(mp_digit) is typically 4 bytes. + * If the total Zs fits into a 4 * 8 = 32 bit word, just do regular math: */ + if (Zs <= sizeof(mp_digit) * 8) { Z->dp[0] = X->dp[0] * Y->dp[0]; Z->used = 1; #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH) Z->sign = res_sign; /* See above mp_isneg() for negative detection */ +#endif +#if defined(WOLFSSL_HW_METRICS) + esp_mp_mul_tiny_ct++; #endif return MP_OKAY; } @@ -1306,13 +1424,21 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) hwWords_sz = words2hwords(maxWords_sz); resultWords_sz = bits2words(Xs + Ys); - /* sanity check */ + + /* Final parameter sanity check */ if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(2048) (a)"); - ret = MP_HW_FALLBACK; /* Error: value is not able to be used. */ + #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul exceeds max bit length (%d)", + ESP_HW_MULTI_RSAMAX_BITS); + #endif + #if defined(WOLFSSL_HW_METRICS) + esp_mp_mul_max_exceeded_ct++; + #endif + return MP_HW_FALLBACK; /* Fallback to use SW */ } } + /* If no initial exit, proceed to hardware multiplication calculations: */ #if defined(CONFIG_IDF_TARGET_ESP32) /* assumed to be regular ESP32 Xtensa here */ @@ -1440,11 +1566,17 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) /* Make sure we are within capabilities of hardware. */ if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "exceeds max bit length(%d)", + ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { - ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "result exceeds max bit length(%d) * 2", + ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1517,21 +1649,30 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) #elif defined(CONFIG_IDF_TARGET_ESP32C6) /* Unlike the ESP32 that is limited to only four operand lengths, * the ESP32-C6 The RSA Accelerator supports large-number modular - * multiplication with operands of 128 different lengths. + * multiplication with operands of 96 different lengths. (1 .. 96 words) * * X & Y must be represented by the same number of bits. Must be - * enough to represent the larger one. */ + * enough to represent the larger one. + * + * Multiplication is limited to 48 different lengths (1 .. 48 words) */ /* Figure out how many words we need to * represent each operand & the result. */ /* Make sure we are within capabilities of hardware. */ + if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "RSA mul result hwWords_sz %d exceeds max bit length %d", + hwWords_sz, ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { - ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "RSA max result hwWords_sz %d exceeds max bit length %d", + hwWords_sz, ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1627,11 +1768,15 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) /* Make sure we are within capabilities of hardware. */ if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1934,10 +2079,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } #endif ret = MP_HW_FALLBACK; - /* TODO add debug metrics */ #ifdef WOLFSSL_DEBUG_ESP_RSA_MULM_BITS { - ESP_LOGV(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!"); + ESP_LOGW(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!"); } #endif } @@ -2101,9 +2245,11 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + #endif + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2190,9 +2336,16 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "mulmod OperandBits = %d " + "result exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + if (mulmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2282,9 +2435,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2346,7 +2502,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ESP_LOGV(TAG, "Lock not called due to no-lock MP_HW_FALLBACK"); } else { - ESP_LOGW(TAG, "Lock unexpectedly not called"); + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + ESP_LOGW(TAG, "Lock unexpectedly not called for mp_mulmod"); + #endif } } @@ -2505,8 +2663,8 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) * * Z = X^Y mod M * - * ESP32, Section 24.3.2 https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf - * ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf + * ESP32, Section 24.3.2 esp32_technical_reference_manual_en.pdf + * ESP32S3, Section 20.3.1, esp32-s3_technical_reference_manual_en.pdf * * The operation is based on Montgomery multiplication. Aside from the * arguments X, Y , and M, two additional ones are needed -r and M' @@ -2623,6 +2781,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #ifdef DEBUG_WOLFSSL esp_mp_exptmod_depth_counter--; #endif + return MP_HW_FALLBACK; /* If we can't lock HW, fall back to SW */ } } /* the only thing we expect is success or busy */ @@ -2700,6 +2859,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } #elif defined(CONFIG_IDF_TARGET_ESP32C3) + OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_HW_METRICS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + esp_mp_mulmod_max_exceeded_ct++; + #endif + if (exptmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + ESP_LOGV(TAG, "Return esp_mp_exptmod fallback"); + + /* HW not capable for this size, return error to fall back to SW: */ + return MP_HW_FALLBACK; + } + else { + WordsForOperand = bits2words(OperandBits); + } + /* Steps to perform large number modular exponentiation. * Calculates Z = (X ^ Y) modulo M. * The number of bits in the operands (X, Y) is N. N can be 32x, @@ -2725,17 +2903,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ret = esp_mp_hw_wait_clean(); } - if (ret == MP_OKAY) { - OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ - } - else { - WordsForOperand = bits2words(OperandBits); - } - } - if (ret == MP_OKAY) { /* 2. Disable completion interrupt signal; we don't use. ** 0 => no interrupt; 1 => interrupt on completion. */ @@ -2786,6 +2953,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* end if CONFIG_IDF_TARGET_ESP32C3 */ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_HW_METRICS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + esp_mp_mulmod_max_exceeded_ct++; + #endif + if (exptmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + ESP_LOGV(TAG, "Return esp_mp_exptmod fallback"); + + /* HW not capable for this size, return error to fall back to SW: */ + return MP_HW_FALLBACK; + } + else { + WordsForOperand = bits2words(OperandBits); + } + /* Steps to perform large number modular exponentiation. * Calculates Z = (X ^ Y) modulo M. * The number of bits in the operands (X, Y) is N. N can be 32x, @@ -2811,17 +2997,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ret = esp_mp_hw_wait_clean(); } - if (ret == MP_OKAY) { - OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ - } - else { - WordsForOperand = bits2words(OperandBits); - } - } - if (ret == MP_OKAY) { /* 2. Disable completion interrupt signal; we don't use. ** 0 => no interrupt; 1 => interrupt on completion. */ @@ -2864,6 +3039,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } /* 8. clear and release HW */ + ESP_LOGI(TAG, "Unlock esp_mp_exptmod"); if (exptmod_lock_called) { ret = esp_mp_hw_unlock(); } @@ -2900,9 +3076,12 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) if (ret == MP_OKAY) { OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + ret = MP_HW_FALLBACK; /* Error: value is not able to be used. */ } else { WordsForOperand = bits2words(OperandBits); @@ -2978,6 +3157,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #ifdef WOLFSSL_HW_METRICS esp_mp_max_used = (Z->used > esp_mp_max_used) ? Z->used : esp_mp_max_used; #endif + ESP_LOGV(TAG, "Return esp_mp_exptmod %d", ret); return ret; } /* esp_mp_exptmod */ @@ -2988,6 +3168,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #endif /* !NO_RSA || HAVE_ECC */ +/* Some optional metrics when using RSA HW Accleration */ #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) int esp_hw_show_mp_metrics(void) { @@ -3004,6 +3185,10 @@ int esp_hw_show_mp_metrics(void) ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled."); ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu", esp_mp_mul_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mul with tiny operands: %lu", + esp_mp_mul_tiny_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mul HW operand exceeded: %lu", + esp_mp_mul_max_exceeded_ct); if (esp_mp_mul_error_ct == 0) { ESP_LOGI(TAG, "Success: no esp_mp_mul() errors."); } @@ -3025,6 +3210,8 @@ int esp_hw_show_mp_metrics(void) /* Metrics: esp_mp_mulmod() */ ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod: %lu", esp_mp_mulmod_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod HW operand exceeded: %lu", + esp_mp_mulmod_max_exceeded_ct); ESP_LOGI(TAG, "Number of fallback to SW mp_mulmod: %lu", esp_mp_mulmod_fallback_ct); @@ -3065,6 +3252,8 @@ int esp_hw_show_mp_metrics(void) ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu", esp_mp_exptmod_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod HW operand exceeded: %lu", + esp_mp_exptmod_max_exceeded_ct); ESP_LOGI(TAG, "Number of fallback to SW mp_exptmod: %lu", esp_mp_exptmod_fallback_ct); if (esp_mp_exptmod_error_ct == 0) { @@ -3078,7 +3267,10 @@ int esp_hw_show_mp_metrics(void) #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used); - ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout); + ESP_LOGI(TAG, "Max hw wait timeout: esp_mp_max_wait_timeout = %lu", + esp_mp_max_wait_timeout); + ESP_LOGI(TAG, "Max calc timeout: esp_mp_max_timeout = 0x%08lx", + esp_mp_max_timeout); #else /* no HW math, no HW math metrics */ diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md new file mode 100644 index 000000000..55635e89e --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md @@ -0,0 +1,287 @@ +# wolfSSL Support for ESP-IDF Certificate Bundles + +These files are typically only used when integrating wolfSSL with the ESP-IDF +and with the intention of using Certificate Bundles in the esp-tls component. + +See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig) +file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) +can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl) +when not using a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). + +## Getting Started + +Use the `idf.py menuconfig`, + +When in doubt, delete the `./build` directory. This is particularly important when changing Certificate Bundle PEM files. + +## Certificate Inspection + +The certificates in the bundle are in PEM format. The [gen_crt_bundle.py script](./gen_crt_bundle.py) +converts them to DER format to load into the `x509_crt_imported_bundle_wolfssl_bin_start` binary +array. + +To convert a PEM to DER from command-line: + +``` +MY_CERT_NAME=ISRG_ROOT_X1 +openssl x509 -outform der -in "$MY_CERT_NAME".pem -out "$MY_CERT_NAME".der +``` + +To inspect a DER file: + +``` +openssl x509 -inform der -in "$MY_CERT_NAME".der -text -noout +``` + + +## Known Problems and Issues + +Here are the areas that may need attention. Most are related to older published versions of the ESP-IDF +that may not yet have wolfSSL integration. An updated ESP-IDF is required to use wolfSSL component _in_ the ESP-IDF. +There's a [gojimmypi V5.2.2 WIP Branch](https://github.com/gojimmypi/esp-idf/tree/my_522/components/lwip) for reference +until a PR is created for upstream support. + +### Time + +The wolfSSL libraries are by default considerably more robust and strict. As such, it is important to have an accurate +time and date setting for the certficate date ranges.. The wolfssL libraries include some +[time helper functions](https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h). +These can be enabled with `#define USE_WOLFSSL_ESP_SDK_TIME` in the `user_settings.h`. + +Alternatively, the `WOLFSSL_DEBUG_IGNORE_ASN_TIME` can be used to ignore the time. This is strongly discouraged in anything +other than a development / test environment where the time is known to be incorrect. + +### Examples may need to have wolfSSL Certificate Bundles enabled. + +In cases where [some examples are gated out](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L419), +the "or" needs to be added for `CONFIG_WOLFSSL_CERTIFICATE_BUNDLE` option like this: + +``` +#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE || CONFIG_WOLFSSL_CERTIFICATE_BUNDLE +``` + +### Adding Embedded Certificates + +The `main` app directory has a [CMakeLists.txt](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/CMakeLists.txt#L10) +with the `idf_component_register` function: + +``` +idf_component_register(SRCS "esp_http_client_example.c" + INCLUDE_DIRS "." + REQUIRES ${requires} + EMBED_TXTFILES howsmyssl_com_root_cert.pem + postman_root_cert.pem) +``` + +This data ends up in the [extern const char](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45) +arrays: + +``` +extern const char howsmyssl_com_root_cert_pem_start[] asm("_binary_howsmyssl_com_root_cert_pem_start"); +extern const char howsmyssl_com_root_cert_pem_end[] asm("_binary_howsmyssl_com_root_cert_pem_end"); + +extern const char postman_root_cert_pem_start[] asm("_binary_postman_root_cert_pem_start"); +extern const char postman_root_cert_pem_end[] asm("_binary_postman_root_cert_pem_end"); +``` + +When changing the source files (also located in the `main` directory) - it is usually best to +delete the `./build` directory to ensure fresh contents get parsed in as desired. + +VS Code / PlatformIO users can consider deleting the `./pio` and `./vscode` directories. + +Visual Studio/VisualGDB users can remove the `./vs` and `.visualgdb`. + +### TLS 1.3 issues with howsmyssl.com + +Espressif is using the well known https://www.howsmyssl.com/ in the +[examples](https://github.com/espressif/esp-idf/tree/master/examples/protocols/), for instance in +the [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client). + +It was recently observed that TLS 1.3 is _not_ currently configured properly on that web site. +See [howsmyssl #716](https://github.com/jmhodges/howsmyssl/issues/716). + +As such, when configuring wolfSSL for _only_ TLS 1.3, a `fatal error -313` may occur. + +Additionally, not that there's a [cert in the app](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45) +in `howsmyssl_com_root_cert_pem_start`, separate from the bundle certificate data. Take note of this when +attempting to simply change `www.howsmyssl.com` to `www.google.com`. + + +### postman + +Beware there's a hard-coded PEM certificate for the [postman root cert](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L48) +(not in the bundle). If you see a failure, the data may need to be updated. + +See the comments for adding certificate data, copied here for reference: + +>Root cert for howsmyssl.com, taken from howsmyssl_com_root_cert.pem + +>The PEM file was extracted from the output of this command: + openssl s_client -showcerts -connect www.howsmyssl.com:443 The CA root cert is the last cert given in the chain of certs. + +>To embed it in the app binary, the PEM file is named + in the component.mk COMPONENT_EMBED_TXTFILES variable. + +## Timeout + +Occasionally there may be connection timeouts. This is not specific to wolfSSL. The root cause is likely CDN related. + +See the `.timeout_ms` and make adjustments as necessary in the `esp_http_client_config_t`:. + +``` + esp_http_client_config_t config = { + .url = "https://postman-echo.com/post", + .event_handler = _http_event_handler, + .cert_pem = postman_root_cert_pem_start, + .is_async = true, + .timeout_ms = 5000, + }; +``` + +## Failed to load CA + +This is expected to be a common error to encounter: + +``` +E (28454) esp_crt_bundle-wolfssl: Failed to load CA +W (28454) esp_crt_bundle-wolfssl: Warning: found a matching cert, but not added to the Certificate Manager. error: 0 +E (28454) esp_crt_bundle-wolfssl: Did not find a matching crt +E (28464) internal.c: ssl != NULL; no callback, verifyFail = 1 +W (28474) internal.c: CleanupStoreCtxCallback +E (28474) internal.c: DoCertFatalAlert = -188 +E (28484) esp-tls-wolfssl: wolfSSL_connect returned -1, error code: -188 +E (28484) esp-tls-wolfssl: Failed to verify peer certificate , returned 24 +E (28494) esp-tls: Failed to open new connection +E (28504) transport_base: Failed to open a new connection +E (28514) HTTP_CLIENT: Connection failed, sock < 0 +E (28514) HTTP_CLIENT: HTTP request failed: ESP_ERR_HTTP_CONNECT +``` + +The problem here is that the example [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client) +app _does not work_ immediately out of the box unless changes are made to the source: + +``` +#ifdef CONFIG_ESP_TLS_USING_WOLFSSL + #include + #include + + /* TODO: conditional bundle */ + #include +#endif +``` + +` openssl s_client -connect postman-echo.com:443 -CAfile ./postman.pem` + +### Component esp-wolfssl needs to be installed + +The wrong ESP-IDF toolchain is being used. Use the [gojimmypi my_522 branch](https://github.com/gojimmypi/esp-idf/tree/my_522). + +``` +-- Component esp-wolfssl needs to be installed. See api-reference/protocols/esp_tls docs. +CMake Error at /mnt/c/SysGCC/esp32/esp-idf/v5.2/tools/cmake/component.cmake:382 (message): + Component esp-wolfssl not found +Call Stack (most recent call first): + /mnt/c/SysGCC/esp32/esp-idf/v5.2/components/esp-tls/CMakeLists.txt:26 (idf_component_get_property) + + +-- Configuring incomplete, errors occurred! +``` + +## x509_crt_bundle_wolfssl.S not found + +It is important to note that PlatformIO components can NOT be used for esp-tls. + +The wolfSSL library MUST be used from either the local project `components` or from the ESP-IDF. + +``` +*** [.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o] +Source `.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S' not found, +needed by target `.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o'. +``` + + +## Error couldn't get hostname for not.existent.url + +This error is as desired, showing that a bad URL will fail. + +``` +E (50613) esp-tls: couldn't get hostname for :not.existent.url: getaddrinfo() returns 202, addrinfo=0x0 +E (50613) esp-tls: Failed to open new connection +E (50613) transport_base: Failed to open a new connection +E (50623) HTTP_CLIENT: Connection failed, sock < 0 +E (50623) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT +``` + +## Tool doesn't match supported version from list + +Edit the `C:\Users\%USER%\.platformio\packages\framework-espidf\tools\tools.json` and replace +`13.2.0_20230928` with the desired version, such as `esp-13.2.0_20240530`. + +``` + Tool doesn't match supported version from list ['esp-13.2.0_20230928']: + C:/Users/gojimmypi/.platformio/packages/toolchain-xtensa-esp-elf/bin/xtensa-esp32-elf-gcc.exe +``` + +## ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60 + +This is a generic `ESP_ERROR_CHECK` result, in this case the default WiFi SSID and password could not connect: + + +``` +I (25970) example_connect: Wi-Fi disconnected, trying to reconnect... +I (28380) example_connect: WiFi Connect failed 7 times, stop reconnect. +ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60 +file: "main/esp_http_client_example.c" line 936 +func: app_main +expression: example_connect() + +abort() was called at PC 0x400890e3 on core 0 +``` + +## Manual Testing + +To test if the `howsmyssl` web site has TLS 1.3 working, use the [wolfSSL client example](https://github.com/wolfSSL/wolfssl/tree/master/examples/client): + +```bash +./examples/client/client -v 4 -h www.howsmyssl.com -p 443 -g -j +``` + +Or OpenSSL: + +```bash +openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384' +``` + +Returns this unintuitive error: + +```text +$ openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384' +CONNECTED(00000003) +4007DA6C617F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40 +--- +no peer certificate available +--- +No client certificate CA names sent +--- +SSL handshake has read 7 bytes and written 247 bytes +Verification: OK +--- +New, (NONE), Cipher is (NONE) +Secure Renegotiation IS NOT supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +``` + + + +Or OpenSSL, + +```bash +openssl s_client -tls1_3 -host www.howsmyssl.com -port 443 +``` diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem new file mode 100644 index 000000000..4ea6c1ead --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem @@ -0,0 +1,3602 @@ +## +## Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Tue Jul 2 03:12:04 2024 GMT +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt). This file can be found in the mozilla source tree: +## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt +## +## It contains the certificates in PEM format and therefore +## can be directly used with curl / libcurl / php_curl, or with +## an Apache+mod_ssl webserver for SSL client authentication. +## Just configure this file as the SSLCACertificateFile. +## +## Conversion done with mk-ca-bundle.pl version 1.29. +## SHA256: 456ff095dde6dd73354c5c28c73d9c06f53b61a803963414cb91a1d92945cdd3 +## + + +Google Trust Services LLC, CN = GTS Root R1 +-----BEGIN CERTIFICATE----- +MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE +CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx +OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT +GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63 +ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS +iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k +KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ +DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk +j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5 +cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW +CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499 +iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei +Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap +sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b +9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf +BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw +JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH +MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al +oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy +MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF +AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9 +NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9 +WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw +9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy ++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi +d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8= +-----END CERTIFICATE----- + + +GlobalSign Root CA +================== +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +Entrust.net Premium 2048 Secure Server CA +========================================= +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +Baltimore CyberTrust Root +========================= +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +XRamp Global CA Root +==================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- + +Go Daddy Class 2 CA +=================== +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b +vZ8= +-----END CERTIFICATE----- + +Starfield Class 2 CA +==================== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 +QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SwissSign Silver CA - G2 +======================== +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT +BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X +DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 +aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 +N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm ++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH +6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu +MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h +qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 +FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs +ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc +celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X +CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB +tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P +4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F +kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L +3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx +/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa +DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP +e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu +WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ +DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub +DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +======================================== +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +SecureSign RootCA11 +=================== +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi +SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS +b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw +KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 +cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL +TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO +wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq +g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP +O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA +bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX +t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh +OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r +bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ +Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 +y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 +lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +QuoVadis Root CA 1 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE +PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm +PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 +Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN +ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l +g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV +7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX +9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f +iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg +t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI +hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 +GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct +Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP ++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh +3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa +wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 +O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 +FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV +hMJKzRwuJIczYOXD +-----END CERTIFICATE----- + +QuoVadis Root CA 2 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh +ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY +NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t +oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o +MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l +V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo +L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ +sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD +6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh +lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI +hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K +pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 +x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz +dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X +U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw +mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD +zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN +JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr +O3jtZsSOeWmD3n+M +-----END CERTIFICATE----- + +QuoVadis Root CA 3 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 +IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL +Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe +6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 +I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U +VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 +5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi +Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM +dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt +rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI +hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS +t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ +TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib +Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD +hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX +0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW +dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 +PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +DigiCert Assured ID Root G2 +=========================== +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw +MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq +bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw +VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP +YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn +lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO +w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv +0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz +d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW +hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M +jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- + +DigiCert Assured ID Root G3 +=========================== +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD +VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb +RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs +KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF +UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy +YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy +1vUhZscv6pZjamVFkpUBtA== +-----END CERTIFICATE----- + +DigiCert Global Root G2 +======================= +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx +MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ +kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO +3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV +BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu +5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr +F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U +WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH +QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ +iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- + +DigiCert Global Root G3 +======================= +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD +VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw +MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k +aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O +YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y +3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 +VOKa5Vt8sycX +-----END CERTIFICATE----- + +DigiCert Trusted Root G4 +======================== +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw +HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp +pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o +k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa +vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY +QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 +MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm +mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 +f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH +dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 +oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY +ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr +yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy +7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah +ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN +5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb +/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa +5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK +G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP +82Z+ +-----END CERTIFICATE----- + +COMODO RSA Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- + +USERTrust RSA Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz +0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j +Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn +RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O ++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq +/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE +Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM +lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 +yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ +eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW +FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ +7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ +Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM +8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi +FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi +yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c +J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw +sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx +Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +USERTrust ECC Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 +0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez +nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB +HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu +9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R5 +=========================== +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 +SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS +h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx +uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 +yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- + +IdenTrust Commercial Root CA 1 +============================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES +MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB +IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld +hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ +mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi +1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C +XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl +3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy +NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV +WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg +xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix +uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI +hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg +ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt +ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV +YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro +kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe +2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz +Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R +cGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- + +IdenTrust Public Sector Root CA 1 +================================= +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv +ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy +P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 +Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI +rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf +qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS +mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh +LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v +iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL +4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw +DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A +mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt +GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt +m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx +NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 +Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI +ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC +ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ +3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy +bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug +b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw +HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx +OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP +/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz +HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU +s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y +TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx +AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 +0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z +iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi +nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ +vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO +e4pIb4tF9g== +-----END CERTIFICATE----- + +Entrust Root Certification Authority - EC1 +========================================== +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn +YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw +FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs +LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy +AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef +9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h +vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 +kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- + +CFCA EV ROOT +============ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE +CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB +IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw +MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD +DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV +BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD +7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN +uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW +ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 +xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f +py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K +gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol +hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ +tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf +BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q +ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua +4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG +E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX +BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn +aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy +PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX +kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C +ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GB CA +=============================== +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG +EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw +MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds +b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX +scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP +rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk +9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o +Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg +GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD +dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 +VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui +HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +SZAFIR ROOT CA2 +=============== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV +BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ +BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD +VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q +qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK +DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE +2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ +ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi +ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC +AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 +O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 +oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul +4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 ++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +Certum Trusted Network CA 2 +=========================== +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE +BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 +bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y +ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ +TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB +IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 +7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o +CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b +Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p +uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 +GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ +9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB +Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye +hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM +BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW +Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA +L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo +clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM +pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb +w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo +J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm +ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX +is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 +zAYspsbiDrW5viSP +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2015 +======================================================= +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT +BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 +aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx +MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg +QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV +BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw +MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv +bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh +iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ +6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd +FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr +i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F +GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 +fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu +iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI +hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ +D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM +d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y +d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn +82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb +davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F +Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt +J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa +JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q +p/UsQu0yrbYhnr68 +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions ECC RootCA 2015 +=========================================================== +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 +aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw +MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj +IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD +VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 +Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP +dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK +Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA +GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn +dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- + +ISRG Root X1 +============ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE +BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD +EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG +EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT +DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r +Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 +3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K +b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN +Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ +4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf +1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu +hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH +usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r +OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY +9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV +0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt +hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw +TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx +e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA +JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD +YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n +JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ +m+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM +================ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT +AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw +MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD +TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf +qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr +btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL +j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou +08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw +WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT +tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ +47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC +ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa +i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o +dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s +D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ +j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT +Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW ++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 +Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d +8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm +5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG +rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +Amazon Root CA 1 +================ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 +MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH +FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ +gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t +dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce +VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 +DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM +CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy +8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa +2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 +xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- + +Amazon Root CA 2 +================ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 +MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 +kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp +N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 +AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd +fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx +kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS +btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 +Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN +c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ +3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw +DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA +A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE +YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW +xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ +gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW +aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV +Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 +KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi +JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= +-----END CERTIFICATE----- + +Amazon Root CA 3 +================ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB +f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr +Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 +rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc +eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== +-----END CERTIFICATE----- + +Amazon Root CA 4 +================ +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN +/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri +83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA +MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 +AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT +D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr +IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g +TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp +ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD +VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt +c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth +bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 +IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 +6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc +wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 +3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 +WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU +ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc +lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R +e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j +q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- + +GlobalSign Root CA - R6 +======================= +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX +R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i +YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs +U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss +grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE +3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF +vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM +PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+ +azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O +WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy +CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP +0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN +b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV +HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0 +lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY +BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym +Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr +3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1 +0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T +uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK +oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t +JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GC CA +=============================== +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD +SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo +MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa +Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL +ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr +VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab +NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E +AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk +AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- + +UCA Global G2 Root +================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x +NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU +cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT +oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV +8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS +h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o +LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/ +R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe +KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa +4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc +OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97 +8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo +5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A +Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9 +yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX +c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo +jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk +bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x +ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn +RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A== +-----END CERTIFICATE----- + +UCA Extended Validation Root +============================ +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u +IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G +A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs +iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF +Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu +eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR +59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH +0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR +el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv +B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth +WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS +NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS +3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM +aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4 +dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb ++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW +F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi +GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc +GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi +djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr +dhh2n1ax +-----END CERTIFICATE----- + +Certigna Root CA +================ +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE +BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ +MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda +MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz +MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX +stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz +KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8 +JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16 +XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq +4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej +wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ +lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI +jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/ +/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy +dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h +LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl +cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt +OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP +TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq +7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3 +4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd +8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS +6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY +tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS +aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde +E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- + +emSign Root CA - G1 +=================== +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET +MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl +ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx +ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk +aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN +LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1 +cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW +DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ +6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH +hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2 +vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q +NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q ++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih +U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- + +emSign ECC Root CA - G3 +======================= +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG +A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg +MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4 +MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11 +ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc +58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr +MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D +CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7 +jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- + +emSign Root CA - C1 +=================== +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx +EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp +Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD +ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up +ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/ +Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX +OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V +I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms +lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+ +XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp +/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1 +NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9 +wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ +BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- + +emSign ECC Root CA - C3 +======================= +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG +A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF +Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD +ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd +6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9 +SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA +B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA +MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU +ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- + +Hongkong Post Root CA 3 +======================= +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG +A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK +Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2 +MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv +bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX +SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz +iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf +jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim +5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe +sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj +0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/ +JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u +y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h ++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG +xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID +AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN +AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw +W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld +y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov ++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc +eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw +9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7 +nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY +hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB +60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq +dBb9HxEGmpv0 +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G4 +========================================= +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu +bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT +AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D +umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV +3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds +8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ +e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7 +ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X +xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV +7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 +dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW +Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n +MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q +jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht +7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK +YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt +jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+ +m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW +RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA +JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G ++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT +kcpG2om3PVODLAgfi49T3f+sHw== +-----END CERTIFICATE----- + +Microsoft ECC Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4 +MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6 +thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB +eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM ++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf +Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR +eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- + +Microsoft RSA Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg +UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw +NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml +7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e +S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7 +1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+ +dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F +yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS +MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr +lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ +0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ +ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og +6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80 +dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk ++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex +/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy +AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW +ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE +7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT +c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D +5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E +-----END CERTIFICATE----- + +e-Szigno Root CA 2017 +===================== +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw +DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt +MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa +Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE +CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp +Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx +s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv +vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA +tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO +svxyqltZ+efcMQ== +-----END CERTIFICATE----- + +certSIGN Root CA G2 +=================== +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw +EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy +MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH +TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05 +N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk +abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg +wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp +dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh +ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732 +jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf +95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc +z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL +iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB +ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB +/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5 +8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5 +BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW +atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU +Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M +NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N +0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc= +-----END CERTIFICATE----- + +Trustwave Global Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29 +zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf +LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq +stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o +WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+ +OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40 +Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE +uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm ++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj +ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB +BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H +PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H +ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla +4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R +vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd +zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O +856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH +Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu +3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP +29FpHOTKyeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- + +Trustwave Global ECC P256 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 +NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj +43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm +P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt +0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz +RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- + +Trustwave Global ECC P384 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4 +NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH +Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr +/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV +HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn +ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl +CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw== +-----END CERTIFICATE----- + +NAVER Global Root Certification Authority +========================================= +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG +A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD +DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4 +NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT +UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb +UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW ++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7 +XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2 +aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4 +Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z +VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B +A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai +cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy +YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV +HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK +21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB +jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx +hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg +E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH +D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ +A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY +qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG +I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg +kpzNNIaRkPpkUZ3+/uul9XXeifdy +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM SERVIDORES SEGUROS +=================================== +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF +UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy +NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4 +MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt +UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB +QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2 +LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG +SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD +zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c= +-----END CERTIFICATE----- + +GlobalSign Root R46 +=================== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv +b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX +BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es +CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/ +r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje +2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt +bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj +K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4 +12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on +ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls +eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9 +vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM +BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy +gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92 +CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm +OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq +JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye +qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz +nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7 +DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3 +QEUxeCp6 +-----END CERTIFICATE----- + +GlobalSign Root E46 +=================== +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT +AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg +RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV +BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB +jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj +QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL +gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk +vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+ +CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE----- + +ANF Secure Server Root CA +========================= +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4 +NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv +bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg +Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw +MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw +EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz +BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv +T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv +B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse +zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM +VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j +7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z +JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe +8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO +Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ +UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx +j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt +dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM +5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb +5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54 +EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H +hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy +g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3 +r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- + +Certum EC-384 CA +================ +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ +TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2 +MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh +dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq +vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn +iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo +ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0 +QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- + +Certum Trusted Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG +EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew +HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY +QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p +fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52 +HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2 +fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt +g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4 +NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk +fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ +P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY +njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK +HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL +LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s +ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K +h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8 +CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA +4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo +WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj +6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT +OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck +bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- + +TunTrust Root CA +================ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG +A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj +dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw +NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD +ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz +2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b +bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7 +NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd +gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW +VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f +Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ +juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas +DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS +VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI +04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl +0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd +Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY +YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp +adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x +xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP +jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM +MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z +ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r +AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= +-----END CERTIFICATE----- + +HARICA TLS RSA Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG +EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz +OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl +bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB +IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN +JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu +a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y +Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K +5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv +dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR +0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH +GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm +haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ +CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU +EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq +QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD +QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR +j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5 +vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0 +qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6 +Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/ +PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn +kf3/W9b3raYvAwtt41dU63ZTGI0RmLo= +-----END CERTIFICATE----- + +HARICA TLS ECC Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH +UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD +QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX +DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj +IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv +b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l +AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b +ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW +0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi +rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw +CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud +DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w +gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j +b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A +bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL +4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb +LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il +I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP +cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA +LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A +lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH +9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf +NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE +ZycPvEJdvSRUDewdcAZfpLz6IHxV +-----END CERTIFICATE----- + +vTrus ECC Root CA +================= +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE +BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS +b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa +BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c +ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n +TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT +QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL +YgmRWAD5Tfs0aNoJrSEGGJTO +-----END CERTIFICATE----- + +vTrus Root CA +============= +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG +A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv +b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG +A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots +SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI +ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF +XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA +YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70 +kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2 +AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu +/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu +1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO +9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg +scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC +AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd +nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr +jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4 +8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn +xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg +icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4 +sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW +nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc +SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H +l3s= +-----END CERTIFICATE----- + +ISRG Root X2 +============ +-----BEGIN CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV +UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT +UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT +MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS +RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H +ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb +d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF +cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5 +U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn +-----END CERTIFICATE----- + +HiPKI Root CA - G1 +================== +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ +IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT +AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg +Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0 +o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k +wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE +YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA +GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd +hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj +1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4 +9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/ +Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF +8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD +AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi +7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl +tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE +wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q +JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv +5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz +jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg +hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb +yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/ +yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R4 +=========================== +-----BEGIN CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW +ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI +KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg +UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +-----END CERTIFICATE----- + +GTS Root R1 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0 +xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w +B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW +nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk +9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq +kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A +K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX +V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW +cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD +ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi +ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar +J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci +NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me +LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF +fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+ +7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3 +FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3 +gm3c +-----END CERTIFICATE----- + +GTS Root R2 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl +e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb +a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS ++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M +kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG +r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q +S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV +J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL +dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD +ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh +swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel +/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn +jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5 +9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M +7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8 +0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR +WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW +HYbL +-----END CERTIFICATE----- + +GTS Root R3 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq +Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT +L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV +11RZt+cRLInUue4X +-----END CERTIFICATE----- + +GTS Root R4 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1 +PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C +r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh +4rsUecrNIdSUtUlD +-----END CERTIFICATE----- + +Telia Root CA v2 +================ +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT +AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2 +MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK +DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7 +6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q +9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn +pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl +tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW +5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr +RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E +BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4 +M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau +BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W +xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5 +tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H +eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C +y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC +QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15 +h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70 +sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9 +xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ +raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc= +-----END CERTIFICATE----- + +D-TRUST BR Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7 +dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu +QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom +AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87 +-----END CERTIFICATE----- + +D-TRUST EV Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8 +ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ +raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR +AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW +-----END CERTIFICATE----- + +DigiCert TLS ECC P384 Root G5 +============================= +-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4 +NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg +Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd +lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj +n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB +/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds +Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx +AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- + +DigiCert TLS RSA4096 Root G5 +============================ +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG +EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0 +MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2 +IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8 +7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU +AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces +tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa +zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV +DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q +TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy +z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/ +MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk +wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E +FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN +lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN +MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/ +u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G +OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh +47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU +FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ +yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP +bEtoL8pU9ozaMv7Da4M/OMZ+ +-----END CERTIFICATE----- + +Certainly Root R1 +================= +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE +BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN +MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy +dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O +5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl +8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl +DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI +XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN +KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ +AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb +rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1 +VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS +p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz +HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v +MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB +GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+ +gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH +JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7 +fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw +x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S +X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8= +-----END CERTIFICATE----- + +Certainly Root E1 +================= +-----BEGIN CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV +UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0 +MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu +bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4 +fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9 +YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E +AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8 +rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR +-----END CERTIFICATE----- + +Security Communication RootCA3 +============================== +-----BEGIN CERTIFICATE----- +MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNVBAYTAkpQMSUw +IwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQDEx5TZWN1cml0eSBD +b21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQsw +CQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UE +AxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4rCmDvu20r +hvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzAlrenfna84xtSGc4RHwsE +NPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MGTfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2 +/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF79+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGm +npjKIG58u4iFW/vAEGK78vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtY +XLVqAvO4g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3weGVPK +p7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst+3A7caoreyYn8xrC +3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M0V9hvqG8OmpI6iZVIhZdXw3/JzOf +GAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQT9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0Vcw +CBEF/VfR2ccCAwEAAaNCMEAwHQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS +YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PAFNr0Y/Dq9HHu +Tofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd9XbXv8S2gVj/yP9kaWJ5rW4O +H3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQIUYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASx +YfQAW0q3nHE3GYV5v4GwxxMOdnE+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZ +XSEIx2C/pHF7uNkegr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml ++LLfiAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUVnuiZIesn +KwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD2NCcnWXL0CsnMQMeNuE9 +dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm +6Vwdp6POXiUyK+OVrCoHzrQoeIY8LaadTdJ0MN1kURXbg4NR16/9M51NZg== +-----END CERTIFICATE----- + +Security Communication ECC RootCA1 +================================== +-----BEGIN CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD +VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t +dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL +MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV +BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo +5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW +BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK +BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L +snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e +N9k= +-----END CERTIFICATE----- + +BJCA Global Root CA1 +==================== +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG +EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK +Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG +A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD +DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm +CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS +sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn +P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW +yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj +eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn +MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b +OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh +GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK +H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB +AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ +dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8 +60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh +TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW +4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp +GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx +4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps +3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S +SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI= +-----END CERTIFICATE----- + +BJCA Global Root CA2 +==================== +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD +TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg +R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE +BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC +SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl +SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK +/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI +1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8 +W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g +UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root E46 +============================================= +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH +QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2 +ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5 +WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0 +aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0 +NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud +DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH +lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U +SAGKcw== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root R46 +============================================= +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1 +OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k +1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf +GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP +FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu +ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz +Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A +wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF +plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ +EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW +6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI +IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp +E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4 +exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M +0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI +84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m +pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd +Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b +E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm +J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- + +SSL.com TLS RSA Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG +EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg +Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC +VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u +9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y +7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac +oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M +R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG +D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW +TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk +8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq +g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk +7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu +N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN +j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by +iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU +o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo +ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib +MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi +vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7 +P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0 +9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- + +SSL.com TLS ECC Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v +dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx +GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy +JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1 +5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7 +81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w +7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5 +Zn6g6g== +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA ECC TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB +dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD +VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg +VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT +AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K +DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS +b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX +NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+ +uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY +a3cpetskz2VAv9LcjBHo9H1/IISpQuQo +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA RSA TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD +DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw +CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0 +b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV +BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB +l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG +vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK +ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt +0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK +PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY +sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY +Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+ +rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa +fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G +CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl +Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX +AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G +slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt +afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q +TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj +1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l +PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W +HYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- + +TrustAsia Global Root CA G3 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG +A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM +G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw +MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu +MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz +lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ +Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V +P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag +dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm +9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc +D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg +WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea +mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF +TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj +7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E +BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1 +D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T +G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj +duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl +cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys ++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli +2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y +aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS +ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR +JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH +-----END CERTIFICATE----- + +TrustAsia Global Root CA G4 +=========================== +-----BEGIN CERTIFICATE----- +MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE +BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry +dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa +MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw +IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8 +m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF +MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/ +pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA +bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk +dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA== +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx +eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot +6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2 +Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW +pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE= +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M +MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE +SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9 +Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7 +3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag== +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft +nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6 +uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq +ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs +vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c +Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif +BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9 +lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo +KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH ++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4 +5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6 +NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM +3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck +jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf +Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W +NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+ +o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/ +oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc +1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM +6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V +rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx +7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC +e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W +Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp +M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf +hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr +eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE +VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t +Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx +cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB +KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF +1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa +MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd +gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O +HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm +YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr +dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ +iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN +lM47ni3niAIi9G7oyOzWPPO5std3eqx7 +-----END CERTIFICATE----- + +Telekom Security TLS ECC Root 2020 +================================== +-----BEGIN CERTIFICATE----- +MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE +RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl +a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz +NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg +R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG +SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1 +2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC +MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ +Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU +ga/sf+Rn27iQ7t0l +-----END CERTIFICATE----- + +Telekom Security TLS RSA Root 2023 +================================== +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG +EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU +ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy +NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp +dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC +KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP +GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx +UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo +l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9 +FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v +zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg +rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML +KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S +WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 +p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+ +sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp +kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy +/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4 +mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz +aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa +oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8 +wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE +HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0 +o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A= +-----END CERTIFICATE----- + +FIRMAPROFESIONAL CA ROOT-A WEB +============================== +-----BEGIN CERTIFICATE----- +MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF +UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4 +MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2 +WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h +bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM +IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6 +iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg +st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD +Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB +/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL +cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ +pYXFuXqUPoeovQA= +-----END CERTIFICATE----- diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem new file mode 100644 index 000000000..2c2f6d9fb --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem @@ -0,0 +1,198 @@ +## +## Deprecated CA Root Certificates +## Deprecated CA Root Certificates that get appended to 'cacrt_all.pem' + +## These certificates have been removed from the newer Mozilla CA certificate store. +## Refer to https://wiki.mozilla.org/CA/Removed_Certificates for more information. + +## These certificates might be removed from ESP-IDF during every major release. + +## The current deprecated certificate bundle is up-to-date with the Mozilla cert bundle (cacrt_all.pem) dated Tue Jul 2 03:12:04 2024 GMT + + +Hongkong Post Root CA 1 +======================= +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT +DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx +NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n +IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 +ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr +auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh +qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY +V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV +HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i +h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio +l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei +IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps +T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT +c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== +-----END CERTIFICATE----- + +E-Tugra Certification Authority +=============================== +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w +DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls +ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw +NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx +QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl +cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD +DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd +hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K +CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g +ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ +BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 +E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz +rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq +jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 +dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK +kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO +XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 +VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo +a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc +dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV +KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT +Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 +8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G +C7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +E-Tugra Global Root CA RSA v3 +============================= +-----BEGIN CERTIFICATE----- +MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQELBQAwgYAxCzAJ +BgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAb +BgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290 +IENBIFJTQSB2MzAeFw0yMDAzMTgwOTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJU +UjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRF +LVR1Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBSU0Eg +djMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J77gnJY9LTQ91ew6aEOErx +jYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscxuj7X/iWpKo429NEvx7epXTPcMHD4QGxL +sqYxYdE0PD0xesevxKenhOGXpOhL9hd87jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF +/YP9f4RtNGx/ardLAQO/rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8q +QedmCeFLl+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bGwzrw +bMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4znKS4iicvObpCdg6 +04nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBOM/J+JjKsBY04pOZ2PJ8QaQ5tndLB +eSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiM +bIedBi3x7+PmBvrFZhNb/FAHnnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbg +h3cXTJ2w2AmoDVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSytK7mLfcm1ap1 +LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAImocn+M684uGMQQ +gC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN4 +38o2Fi+CiJ+8EUdPdk3ILY7r3y18Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/q +ln0F7psTpURs+APQ3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3s +SdPkvmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn99t2HVhjY +sCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQmhty3QUBjYZgv6Rn7rWl +DdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YAVSgU7NbHEqIbZULpkejLPoeJVF3Zr52X +nGnnCv8PWniLYypMfUeUP95L6VPQMPHF9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFH +IK+WEj5jlB0E5y67hscMmoi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiX +YY60MGo8bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ +-----END CERTIFICATE----- + +E-Tugra Global Root CA ECC v3 +============================= +-----BEGIN CERTIFICATE----- +MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMwgYAxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAbBgNV +BAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENB +IEVDQyB2MzAeFw0yMDAzMTgwOTQ2NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEP +MA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 +Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBFQ0MgdjMw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQKczLWYHMjLiSF4mDKpL2 +w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YKfWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31 +Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQ +zPUwHQYDVR0OBBYEFP+CMXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO +PQQDAwNpADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/67W4W +Aie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFxvmjkI6TZraE3 +-----END CERTIFICATE----- + +Security Communication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw +8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM +DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX +5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd +DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 +JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g +0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a +mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ +s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ +6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi +FL39vmwLAw== +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH +DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA +bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx +ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx +51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk +R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP +T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f +Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl +osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR +crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR +saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD +KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi +6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +GLOBALTRUST 2020 +================ +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx +IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT +VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh +BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy +MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi +D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO +VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM +CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm +fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA +A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR +JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG +DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU +clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ +mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud +IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw +4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9 +iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS +8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2 +HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS +vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918 +oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF +YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl +gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem new file mode 100644 index 000000000..3633ed161 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem @@ -0,0 +1,33 @@ +## +## Local CA Root Certificates +## +## Local CA Root Certificates that gets appended to "cacrt_all.pem" + + +## letsencrypt has generated a cross signed certificate with DST ROOT CA X3 +## for compatibility after the expiry of the certificate. +## The new certificate has the ISSUER name as DST Root CA X3. +## Thus, the handshake fails if esp_crt_bundle does not find the +## respective name in the crt_bundle. +## Keeping this certificate for compatibility reasons. +## This will be removed once the cross-signed certificate expires in Sep 2024. + +DST Root CA X3 +============== +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK +ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X +DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 +cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT +rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 +UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy +xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d +utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ +MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug +dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE +GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw +RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS +fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c new file mode 100644 index 000000000..c0a092b75 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -0,0 +1,1564 @@ +/* esp_crt_bundle.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include + +/* Espressif */ +#include + +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) +#include + +static const char *TAG = "esp_crt_bundle-wolfssl"; + + +#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \ + (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1) + +/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer. + * When there's no bundle selected, but a call is made, return a warning: */ +esp_err_t esp_crt_bundle_attach(void *conf) +{ + esp_err_t ret = ESP_OK; + ESP_LOGW(TAG, "No certificate bundle was selected"); + return ret; +} +#else +/* Certificate Bundles are enabled, and something other than NONE selected. */ +#include +#include + +#include +#include + +#include /* needed only for esp_tls_free_global_ca_store() */ + +/* There's a minimum version of wolfSSL needed for Certificate Bundle Support. + * + * See the latest code at: + * https://github.com/wolfSSL/wolfssl or + * https://components.espressif.com/components/wolfssl/wolfssl + */ +#if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) + #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0) + #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 1 + #else + #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 0 + #warning "This library depends on a recent version of wolfSSL config" + #endif +#else + #warning "This library depends on a recent version of wolfSSL config" + #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID -1 +#endif + +#include + +/* Bundle debug may come from user_settings.h and/or sdkconfig.h */ +#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \ + defined( WOLFSSL_DEBUG_CERT_BUNDLE) + /* We'll only locally check this one: */ + #undef WOLFSSL_DEBUG_CERT_BUNDLE + #define WOLFSSL_DEBUG_CERT_BUNDLE + /* Only display certificate bundle debugging messages when enabled: */ + #define ESP_LOGCBI ESP_LOGI + #define ESP_LOGCBW ESP_LOGW + #define ESP_LOGCBV ESP_LOGV + /* Always show bundle name debugging when cert bundle debugging. */ + #define ESP_LOGCBNI ESP_LOGI + #define ESP_LOGCBNW ESP_LOGW + #define ESP_LOGCBNV ESP_LOGV +#else + /* Only display certificate bundle messages for most verbose setting. + * Note that the delays will likely cause TLS connection failures. */ + #define ESP_LOGCBI ESP_LOGV + #define ESP_LOGCBW ESP_LOGV + #define ESP_LOGCBV ESP_LOGV + /* Optionally debug only certificate bundle names: */ + /* #define WOLFSSL_DEBUG_CERT_BUNDLE_NAME */ + #ifdef WOLFSSL_DEBUG_CERT_BUNDLE_NAME + #define ESP_LOGCBNI ESP_LOGI + #define ESP_LOGCBNW ESP_LOGW + #define ESP_LOGCBNV ESP_LOGV + #else + #define ESP_LOGCBNI ESP_LOGV + #define ESP_LOGCBNW ESP_LOGV + #define ESP_LOGCBNV ESP_LOGV + #endif +#endif + +#if defined(WOLFSSL_EXAMPLE_VERBOSITY) + #define ESP_LOGXI ESP_LOGI + #define ESP_LOGXW ESP_LOGW + #define ESP_LOGXV ESP_LOGW +#else + #define ESP_LOGXI ESP_LOGV + #define ESP_LOGXI ESP_LOGV + #define ESP_LOGXI ESP_LOGV +#endif + +#ifndef X509_MAX_SUBJECT_LEN + #define X509_MAX_SUBJECT_LEN 255 +#endif + +#ifndef CTC_DATE_SIZE + #define CTC_DATE_SIZE 32 +#endif + +#define IS_WOLFSSL_CERT_BUNDLE_FORMAT +#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT + /* For reference only, the other cert bundles are structured differently! + * The others contain only a PARTIAL certificate, along with a name. */ + #define BUNDLE_HEADER_OFFSET 2 + #define CRT_HEADER_OFFSET 4 +#else + /* Note these are also set in [ESP-IDF]/components/esp-tls/esp_tls_wolfssl.c + * to avoid conflicts with other cert bundles that may, in theory, + * be enabled concurrently (NOT recommended). + * + * Ensure they exactly match here: */ + #define BUNDLE_HEADER_OFFSET 2 + #define CRT_HEADER_OFFSET 2 +#endif + +/* NOTE: Manually edit sort order in gen_crt_bundle.py + * + * The default is having the bundle pre-sorted in the python script + * to allow for rapid binary cert match search at runtime. The unsorted + * seach ALWAYS works, but when expecting a sorted search the python + * script MUST presort the data, oherwise the connection will likely fail. + * + * When debugging and using an unsorted bundle, define CERT_BUNDLE_UNSORTED + * Reminder: the actual sort occurs in gen_crt_bundly.py call from CMake. */ +/* #define CERT_BUNDLE_UNSORTED */ + +/* Inline cert bundle functions performance hint unless otherwise specified. */ +#ifndef CB_INLINE + #define CB_INLINE inline +#endif + +/* A "Certificate Bundle" is this array of [size] + [x509 CA List] + * certs that the client trusts: */ +extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[] + asm("_binary_x509_crt_bundle_wolfssl_start"); + +extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[] + asm("_binary_x509_crt_bundle_wolfssl_end"); + +/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF. + * TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification). + * For now, it is here: */ +typedef struct crt_bundle_t { + const uint8_t **crts; + uint16_t num_certs; + size_t x509_crt_bundle_wolfssl_len; +} crt_bundle_t; + +static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/ +static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/ + +static const uint8_t **crts = NULL; +static uint16_t num_certs = 0; + + +/* Found in */ +void esp_tls_free_global_ca_store(void); + +#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE +static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, + size_t bundle_size); +static esp_err_t _esp_crt_bundle_is_valid = ESP_FAIL; +#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */ + +static crt_bundle_t s_crt_bundle = { 0 }; +static esp_err_t _wolfssl_found_zero_serial = ESP_OK; + +static int _cert_bundle_loaded = 0; + +static int _crt_found = 0; + +static int _added_cert = 0; + +static int _need_bundle_cert = 0; + + +/* Returns ESP_OK if there are no zero serial numbers in the bundle, + * OR there may be zeros, but */ +static CB_INLINE int wolfssl_found_zero_serial(void) +{ + return _wolfssl_found_zero_serial; +} + +/* Returns: + * 1 if the cert has a zero serial number + * 0 if the cert has a non-zero serial number + * < 0 for error wolfssl\wolfcrypt\error-crypt.h values */ +static CB_INLINE int wolfssl_is_zero_serial_number(const uint8_t *der_cert, + int sz) +{ + DecodedCert cert; + int ret = 0; + + wc_InitDecodedCert(&cert, der_cert, sz, NULL); + + ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + + /* Check the special case of parse error with strict checking. */ + if ((cert.serialSz == 1) && (cert.serial[0] == 0x0)) { + /* If we find a zero serial number, a parse error may still occur. */ + if (ret == ASN_PARSE_E) { + /* Issuer amd subject will only be non-blank with relaxed check */ + ESP_LOGW(TAG, "Encountered ASN Parse error with zero serial"); + ESP_LOGCBI(TAG, "Issuer: %s", cert.issuer); + ESP_LOGCBI(TAG, "Subject: %s", cert.subject); +#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \ + defined( WOLFSSL_NO_ASN_STRICT) + ESP_LOGW(TAG, "WOLFSSL_NO_ASN_STRICT enabled. Ignoring error."); + + /* We'll force the return result to one for a "valid" + * parsing result, but not strict and found zero serial num. */ + ret = 1; +#else + #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \ + defined( WOLFSSL_ASN_ALLOW_0_SERIAL) + /* Issuer amd subject will only be non-blank with relaxed check */ + ESP_LOGCBW(TAG, "WOLFSSL_ASN_ALLOW_0_SERIAL enabled. " + "Ignoring error."); + + /* We'll force the return result for a "valid" parsing result, + * not strict and found zero serial num. */ + ret = 1; + #else + ESP_LOGE(TAG, "ERROR: Certificate must have a Serial Number."); + ESP_LOGE(TAG, "Define WOLFSSL_NO_ASN_STRICT or " + "WOLFSSL_ASN_ALLOW_0_SERIALto relax checks."); + /* ret (Keep ASN_PARSE_E) */ + #endif +#endif + } /* special ASN_PARSE_E handling */ + else { + /* Not an ASN Parse Error; the zero configured to be allowed. */ + ESP_LOGV(TAG, "WARNING: Certificate has no Serial Number."); + + /* If we found a zero, and the result of wc_ParseCert is zero, + * we'll return that zero as "cert has a zero serial number". */ + } + } + else { + ESP_LOGV(TAG, "Not a special case zero serial number."); + } + + if (ret > -1) { + ESP_LOGV(TAG, "Issuer: %s", cert.issuer); + ESP_LOGV(TAG, "Subject: %s", cert.subject); + ESP_LOGV(TAG, "Serial Number: %.*s", cert.serialSz, cert.serial); + } + else { + ESP_LOGCBV(TAG, "wolfssl_is_zero_serial_number exit = %d", ret); + } + + /* Clean up and exit */ + wc_FreeDecodedCert(&cert); + + return ret; +} + +/* API for determining if the wolfSSL cert bundle is loaded. */ +int wolfssl_cert_bundle_loaded(void) +{ + return _cert_bundle_loaded; +} + +/* API for determining if the wolfSSL cert bundle is needed. */ +int wolfssl_need_bundle_cert(void) +{ + return _need_bundle_cert; +} + +/* Public API wolfSSL_X509_get_cert_items() */ +int wolfSSL_X509_get_cert_items(char* CERT_TAG, + WOLFSSL_X509* cert, + WOLFSSL_X509_NAME** issuer, + WOLFSSL_X509_NAME** subject) +{ + char stringVaue[X509_MAX_SUBJECT_LEN + 1]; +#ifdef WOLFSSL_DEBUG_CERT_BUNDLE + char before_str[CTC_DATE_SIZE]; + char after_str[CTC_DATE_SIZE]; + WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL; +#endif + int ret = WOLFSSL_SUCCESS; /* Not ESP value! Success = 1, fail = 0 */ + + *issuer = wolfSSL_X509_get_issuer_name(cert); + if (wolfSSL_X509_NAME_oneline(*issuer, + stringVaue, sizeof(stringVaue)) == NULL) { + ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBI(TAG, "%s Store Cert Issuer: %s", CERT_TAG, stringVaue); + } + + *subject = wolfSSL_X509_get_subject_name(cert); + if (wolfSSL_X509_NAME_oneline(*subject, + stringVaue, sizeof(stringVaue)) == NULL) { + ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBI(TAG, "%s Store Cert Subject: %s", CERT_TAG, stringVaue ); + } + +#ifdef WOLFSSL_DEBUG_CERT_BUNDLE + notBefore = wolfSSL_X509_get_notBefore(cert); + if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str, + sizeof(before_str)) == NULL) { + ESP_LOGCBW(TAG, "%s Not Before value not valid", CERT_TAG); + } + else { + ESP_LOGCBI(TAG, "%s Not Before: %s", CERT_TAG, before_str); + } + + esp_show_current_datetime(); + + notAfter = wolfSSL_X509_get_notAfter(cert); + if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str, + sizeof(after_str)) == NULL) { + ESP_LOGCBW(TAG, "%s Not After value not valid", CERT_TAG); + } + else { + ESP_LOGCBI(TAG, "%s Not After: %s", CERT_TAG, after_str); + } + +#endif + + return ret; +} /* wolfSSL_X509_show_cert */ + + +/* + * cert_manager_load() + * + * returns preverify value. + * + * WARNING: It is the caller's responsibility to confirm the der cert should be + * added. (Typically during a callback error override). + * + * Verify Callback Arguments: + * preverify: 1=Verify Okay, 0=Failure + * store->error: Failure error code (0 indicates no failure) + * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA) + * store->error_depth: Current Index + * store->domain: Subject CN as string (null term) + * store->totalCerts: Number of certs presented by peer + * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert + * store->store: WOLFSSL_X509_STORE with CA cert chain + * store->store->cm: WOLFSSL_CERT_MANAGER + * store->ex_data: The WOLFSSL object pointer + * store->discardSessionCerts: When set to non-zero value session certs + will be discarded (only with SESSION_CERTS) */ +static CB_INLINE int cert_manager_load(int preverify, + WOLFSSL_X509_STORE_CTX* store, + const unsigned char * der, long derSz) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm = NULL; /* points to wolfSSL cm, no cleanup need */ + WOLFSSL_X509_NAME *issuer = NULL; + WOLFSSL_X509_NAME *subject = NULL; + + WOLFSSL_X509* peer = NULL; /* points to wolfSSL cm store, no cleanup need */ + + if (der == NULL) { + ESP_LOGE(TAG, "cert_manager_load der is null"); + return 0; /* preverify */ + } + + if (store == NULL) { + ESP_LOGE(TAG, "cert_manager_load store is null"); + return 0; /* preverify */ + } + + if (store->current_cert == NULL) { + ESP_LOGE(TAG, "cert_manager_load store->current_cert is null"); + return 0; /* preverify */ + } + + cm = store->store->cm; + peer = store->current_cert; + wolfSSL_X509_get_cert_items("peer", peer, &issuer, &subject); + + /* It is the caller's responsibility to check conditions to add cert. */ + if ((preverify == 0) && (store->error == ASN_NO_SIGNER_E)) { + ESP_LOGCBI(TAG, "Confirmed call for ASN_NO_SIGNER_E"); + } + else { + ESP_LOGW(TAG, "Warning: calling for non ASN_NO_SIGNER_E error."); + } + + /* Some interesting cert bundle debug details: */ + ESP_LOGCBI(TAG, "Cert %d:\n\tIssuer: %s\n\tSubject: %s\n", + store->error_depth, + issuer->name != NULL ? issuer->name : "[none]", + subject->name != NULL ? subject->name : "[none]"); + + /* Load the der cert to Certificate Manager:*/ + ret = wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1); + if (ret == WOLFSSL_SUCCESS) { + /* Attempt to validate the certificate again */ + ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1); + + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGCBI(TAG, "Successfully validated cert: %s\n", subject->name); + + /* If verification is successful then override error. */ + preverify = 1; + } + else { + ESP_LOGE(TAG, "Failed to verify cert after loading new CA. " + "err = %d", ret); + } + } + else { + ESP_LOGE(TAG, "Failed to load CA"); + } + + /* We don't free the issue and subject, as they are + * pointers to current store->current_cert values. */ + return preverify; +} + +/* Not a Best Practice, but in dev one can ignore cert date/time: */ +#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME) +static CB_INLINE int wolfssl_ssl_conf_verify_cb_before_date(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + if (store == NULL) { + ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_before_date store is null"); + preverify = 0; + } + else if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) { + ESP_LOGW(TAG, "Overriding ASN_BEFORE_DATE_E!"); + preverify = 1; + } + + return preverify; +} + +static CB_INLINE int wolfssl_ssl_conf_verify_cb_after_date(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + if (store == NULL) { + ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_after_date store is null"); + preverify = 0; + } + else if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) { + ESP_LOGW(TAG, "Overriding ASN_AFTER_DATE_E!"); + preverify = 1; + } + + return preverify; +} +#endif /* WOLFSSL_DEBUG_CERT_BUNDLE && WOLFSSL_DEBUG_IGNORE_ASN_TIME */ + +#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE +void print_cert_subject_and_issuer(WOLFSSL_X509_STORE_CTX* store) +{ + char subjectStr[X509_MAX_SUBJECT_LEN + 1]; + char issuerStr[X509_MAX_SUBJECT_LEN + 1]; + WOLFSSL_BUFFER_INFO buffer; + WOLFSSL_X509_NAME* subject; + WOLFSSL_X509_NAME* issuer; + WOLFSSL_X509* cert; + int totalCerts; + int i; + + if (store == NULL) { + ESP_LOGCBI(TAG, "store is NULL"); + totalCerts = 0; + } + else { + totalCerts = store->totalCerts; + } + + for (i = 0; i < totalCerts; i++) { + buffer = store->certs[i]; + cert = wolfSSL_X509_d2i(NULL, + (const unsigned char*)buffer.buffer, + buffer.length); + if (cert == NULL) { + ESP_LOGCBI(TAG, "Failed to parse certificate at index %d\n", i); + continue; + } + + subject = wolfSSL_X509_get_subject_name(cert); + issuer = wolfSSL_X509_get_issuer_name(cert); + + if (subject != NULL && issuer != NULL) { + wolfSSL_X509_NAME_oneline(subject, subjectStr, sizeof(subjectStr)); + wolfSSL_X509_NAME_oneline(issuer, issuerStr, sizeof(issuerStr)); + + ESP_LOGCBI(TAG, "Certificate at index %d:\n", i); + ESP_LOGCBI(TAG, " Subject: %s\n", subjectStr); + ESP_LOGCBI(TAG, " Issuer: %s\n", issuerStr); + } + else { + ESP_LOGCBI(TAG, "Failed to extract subject or issuer at index " + "%d\n", i); + } + + /* Clean up and exit */ + wolfSSL_X509_free(cert); + } +} /* print_cert_subject_and_issuer */ +#endif + +/* wolfssl_ssl_conf_verify_cb_no_signer() should only be called + * from wolfssl_ssl_conf_verify_cb, handling the special case of + * TLS handshake preverify failure for the "No Signer" condition. */ +static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + char subjectName[X509_MAX_SUBJECT_LEN + 1]; + + const unsigned char* cert_data = NULL; + const unsigned char* cert_bundle_data = NULL; + + WOLFSSL_X509_NAME* store_cert_subject = NULL; /* part of store_cert*/ + WOLFSSL_X509_NAME* store_cert_issuer = NULL; /* part of store_cert*/ + WOLFSSL_X509_NAME* this_subject = NULL; /* part of bundle_cert.*/ + WOLFSSL_X509_NAME* this_issuer = NULL; /* part of bundle_cert.*/ + + intptr_t this_addr = 0; /* Beginning of the bundle object: [size][cert] */ + int derCertLength = 0; /* The [size] value: length of [cert] budnle item */ + int cmp_res = 0; + int last_cmp = -1; + + int start = 0; /* Beginning of search; only changes if binary search. */ + int end = 0; /* End of bunndle search; only changes if binary search. */ + int middle = 0; /* Middle value for binary search, otherwise increments. */ + +#ifdef WOLFSSL_ALT_CERT_CHAINS + WOLFSSL_BUFFER_INFO buffer; +#endif +#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE + WOLFSSL_STACK* chain; + int numCerts; +#endif + + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfssl_ssl_conf_verify_cb_no_signer"); + ESP_LOGCBI(TAG, "\n\nBegin callback: " + "wolfssl_ssl_conf_verify_cb_no_signer\n"); + + /* Debugging section for viewing preverify values. */ +#ifndef NO_SKIP_PREVIEW + if (preverify == WOLFSSL_SUCCESS) { + ESP_LOGCBI(TAG, "Success: Detected prior Pre-verification == 1."); + /* So far, so good... we need to now check cert against alt */ + } + else { + ESP_LOGCBW(TAG, "Detected prior Pre-verification Failure."); + } +#else + /* Skip pre-verification, so we'll start with success. */ + ret = WOLFSSL_SUCCESS; +#endif + + /* Check how many CA Certs in our bundle. Need at least one to proceed. */ + if (ret == WOLFSSL_SUCCESS) { + if (s_crt_bundle.crts == NULL) { + ESP_LOGE(TAG, "No certificates in bundle."); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBI(TAG, "%d certificates in bundle.", + s_crt_bundle.num_certs); + ret = WOLFSSL_SUCCESS; + } + } + + /* Get the current cert from the store. */ + if (ret == WOLFSSL_SUCCESS) { + /* Get the current certificate being verified during the certificate + * chain validation process. */ +#ifdef OPENSSL_EXTRA + #ifdef WOLFSSL_ALT_CERT_CHAINS + /* Retrieve the last WOLFSSL_BUFFER_INFO struct with alt chains */ + buffer = store->certs[store->totalCerts - 1]; + store_cert = wolfSSL_X509_d2i(NULL, + (const unsigned char*)buffer.buffer, + buffer.length); + #else + store_cert = wolfSSL_X509_STORE_CTX_get_current_cert(store); + #endif + + #ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE + chain = wolfSSL_X509_STORE_CTX_get_chain(store); + numCerts = wolfSSL_sk_X509_num(chain); + if (!chain) { + numCerts = 0; /* Verification failed. */ + } + ESP_LOGI(TAG, "Number of certificates in chain: %d", numCerts); + print_cert_subject_and_issuer(store); + #endif +#else + store_cert = store->current_cert; +#endif + if (store_cert == NULL) { + ESP_LOGE(TAG, "Failed to get current certificate.\n"); + ret = WOLFSSL_FAILURE; + } + else { + ret = WOLFSSL_SUCCESS; + } + } /* this (ret == WOLFSSL_SUCCESS) step to get cert from store */ + + + /* Get the target name and subject from the current_cert(store) */ + if (ret == WOLFSSL_SUCCESS) { + store_cert_subject = wolfSSL_X509_get_subject_name(store_cert); + if (wolfSSL_X509_NAME_oneline(store_cert_subject, subjectName, + sizeof(subjectName)) == NULL) { + ESP_LOGE(TAG, "Error converting subject name to string."); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBNI(TAG, "Store Cert Subject: %s", subjectName ); + } + store_cert_issuer = wolfSSL_X509_get_issuer_name(store_cert); + if (store_cert_issuer == NULL) { + ESP_LOGE(TAG, "Error converting Store Cert Issuer to string"); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBI(TAG, "Store Cert Issuer: %s", store_cert_issuer->name ); + } + } + + /* When the server presents its certificate, the client checks if this + * certificate can be traced back to one of the CA certificates in the + * bundle. + * + * NOTE: To save memory, the store `cert` from above is overwritten below. + * Any details needed from the store `cert` should have been saved. + * + * We'll proceed by assiging `cert` to each of the respective items in + * bundle as we attempt to find the desired cert: */ + if (ret == WOLFSSL_SUCCESS) { + _cert_bundle_loaded = 1; + start = 0; + if (s_crt_bundle.num_certs > 0) { + end = s_crt_bundle.num_certs - 1; + } + else { + ESP_LOGCBW(TAG, "The certificate bundle is empty."); + end = -1; + } + +#ifndef CERT_BUNDLE_UNSORTED + /* When sorted (not unsorted), binary search: */ + middle = (end - start) / 2; +#else + /* When not sorted, we start at beginning and look at each: */ + ESP_LOGCBW(TAG, "Looking at CA indexed. Start = %d, end = %d", + start, end); + middle = 0; +#endif + /* Look for the certificate searching on subject name: */ + while (start <= end) { +#ifndef CERT_BUNDLE_UNSORTED + ESP_LOGCBNW(TAG, "Looking at CA #%d; Binary Search start = %d," + "end = %d", middle, start, end); +#else + ESP_LOGCBNW(TAG, "Looking at CA index #%d", middle); +#endif +#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT + /* For reference only */ + name_len = s_crt_bundle.crts[middle][0] << 8 | + s_crt_bundle.crts[middle][1]; + crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET; + ESP_LOGI(TAG, "String: %.*s", name_len, crt_name); + int cmp_res = memcmp(subject, crt_name, name_len); +#else + /* Each cert length should have been saved via python script: */ + derCertLength = (s_crt_bundle.crts[middle][0] << 8) | + s_crt_bundle.crts[middle][1]; + this_addr = (intptr_t)s_crt_bundle.crts[middle]; + ESP_LOGCBI(TAG, "This addr = 0x%x", this_addr); + + cert_data = (const unsigned char*)(this_addr + CRT_HEADER_OFFSET); + + if (wolfssl_is_zero_serial_number(cert_data, derCertLength)) { + ESP_LOGW(TAG, "Warning: No Certificate Serial Number: " + "for Certificate #%d", middle); + } + + ESP_LOGCBI(TAG, "s_crt_bundle ptr = 0x%x", (intptr_t)cert_data); + ESP_LOGCBI(TAG, "derCertLength = %d", derCertLength); + + /* Convert the DER format in the Cert Bundle to x509. + * Reminder: Cert PEM files converted to DER by gen_crt_bundle.py */ + cert_bundle_data = cert_data; /* wolfSSL_d2i_X509 changes address */ + + /* Ensure we don't keep adding new bundle_certs to the heap. */ + if (bundle_cert != NULL) { + wolfSSL_X509_free(bundle_cert); + } + bundle_cert = wolfSSL_d2i_X509(NULL, &cert_bundle_data, + derCertLength); + + if (bundle_cert == NULL) { + ESP_LOGE(TAG, "Error loading DER Certificate Authority (CA)" + "from bundle #%d.", middle); + #if !defined(WOLFSSL_NO_ASN_STRICT) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) + /* Suggestion only when relevant: */ + if (wolfssl_found_zero_serial()) { + ESP_LOGE(TAG, "Try turning on WOLFSSL_NO_ASN_STRICT " + "or WOLFSSL_ASN_ALLOW_0_SERIAL"); + } + #endif + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBI(TAG, "Successfully loaded DER certificate!"); + ret = WOLFSSL_SUCCESS; + } + + if (ret == WOLFSSL_SUCCESS) { + this_issuer = wolfSSL_X509_get_issuer_name(bundle_cert); + if (this_issuer == NULL) { + ESP_LOGE(TAG, "Error getting issuer name."); + ret = WOLFSSL_FAILURE; + } + else { + ESP_LOGCBNI(TAG, "This Bundle Item Issuer Name: %s", + this_issuer->name); + } + + this_subject = wolfSSL_X509_get_subject_name(bundle_cert); + if (this_subject == NULL) { + ESP_LOGE(TAG, "Error getting subject name."); + ret = WOLFSSL_FAILURE; + } + else { + if (wolfSSL_X509_NAME_oneline(this_subject, subjectName, + sizeof(subjectName)) == NULL) { + ESP_LOGE(TAG, "Error converting subject name " + "to string."); + ret = WOLFSSL_FAILURE; + } + ESP_LOGCBI(TAG, "This Bundle Item Subject Name: %s", + subjectName); + } + } + + /* subject == issuer */ + if (ret == WOLFSSL_SUCCESS) { + /* Compare the current store cert issuer saved above, to the + * current one being inspected in the bundle loop. We want to + * match this bundle item issuer with the store certificate + * subject name, as later we'll call wolfSSL_X509_check_issued() + * which compares these fields. */ + + cmp_res = strcmp(this_subject->name, + store_cert_issuer->name); + last_cmp = cmp_res; /* in case we have to skip an item, save */ + } + else { + ESP_LOGCBW(TAG, "Skipping CA #%d due to failure", middle); + cmp_res = last_cmp; + } + #ifdef CERT_BUNDLE_UNSORTED + if (cmp_res != last_cmp) { + ESP_LOGE(TAG, "Warning: unsorted!"); + } + #endif +#endif + ESP_LOGCBV(TAG, "This cmp_res = %d", cmp_res); + if (cmp_res == 0) { + ESP_LOGCBI(TAG, "Found a cert issuer match: %s", + this_issuer->name); + _crt_found = 1; + break; + } + + /* The next indexed cert item to look at: [middle] value: */ +#ifndef CERT_BUNDLE_UNSORTED + /* If the list is presorted, we can use a binary search. */ + else if (cmp_res < 0) { + start = middle + 1; + } + else { + end = middle - 1; + } + middle = start + ((end - start) / 2); +#else + /* When the list is NOT presorted, typically during debugging, + * just step though in the order found until one is found: */ + else { + middle++; + start = middle; + } +#endif + ESP_LOGCBV(TAG, "Item = %d; start: %d, end: %d", + middle, start, end); + if (!_crt_found) { + /* this_issuer and this_subject are parts of this bundle_cert + * so we don't need to clean them up explicitly. + * + * However, we'll start over with a freash bundle_cert for the + * next search interation. */ + if (bundle_cert != NULL) { + wolfSSL_X509_free(bundle_cert); + } + bundle_cert = wolfSSL_X509_new(); + } + } /* while (start <= end) */ + + /************************* END Bundle Search. *************************/ + + /* After searching the bundle for an appropriate CA, if found then + * load into the provided cert manager. */ + if (_crt_found) { + ESP_LOGCBW(TAG, "Found a Matching Certificate Name in the bundle!"); + ret = cert_manager_load(preverify, store, cert_data, derCertLength); + if (ret == WOLFSSL_FAILURE) { + ESP_LOGW(TAG, "Warning: found a matching cert, but not added " + "to the Certificate Manager. error: %d", ret); + } + else { + ESP_LOGCBI(TAG, "New CA added to the Certificate Manager."); + } + } + else { + ESP_LOGCBW(TAG, "Matching Certificate Name not found in bundle!"); + ret = WOLFSSL_FAILURE; + } /* crt search result */ + + if ((_crt_found == 1) && (ret == WOLFSSL_SUCCESS)) { +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* Store verify will fail when alt certs enabled. */ + ESP_LOGCBI(TAG, "Skipping pre-update store verify with " + "WOLFSSL_ALT_CERT_CHAINS enabled."); +#else + /* Unlikely to work without alt cert chains, try to verify: */ + ret = wolfSSL_X509_verify_cert(store); + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGCBI(TAG, "Successfully verified store before " + "making changes"); + } + else { + ESP_LOGE(TAG, "Failed to verify store before making changes! " + "ret = %d", ret); + } +#endif + +#if defined(OPENSSL_EXTRA) + ESP_LOGCBI(TAG, "Checking wolfSSL_X509_check_issued(bundle_cert, " + "store_cert)"); + if (store_cert && wolfSSL_X509_check_issued(bundle_cert, + store_cert) == X509_V_OK) { + ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued == X509_V_OK"); + + } + else { + /* This is ok, we may have others */ + ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued failed. " + "(there may be others)"); + } +#else + ESP_LOGW(TAG, "Warning: skipping wolfSSL_X509_check_issued, " + "OPENSSL_EXTRA not enabled."); +#endif + + if (_added_cert == 0) { + /* Is this a CA or Leaf? */ + if (bundle_cert->isCa == 1) { + ESP_LOGCBI(TAG, "Adding Certificate Authority."); + } + else { + ESP_LOGCBW(TAG, "Warning: Adding end-entity leaf " + "certificate."); + } + + /* Note that although we are adding a certificate to the store + * now, it is too late to be used in the current TLS connecton + * that caused the callback. See the Cerfiicate Manager for + * validation and possible overriding of preverify values. */ + ESP_LOGCBI(TAG, "\n\nAdding Cert for Certificate Store!\n"); + ret = wolfSSL_X509_STORE_add_cert(store->store, bundle_cert); + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGCBI(TAG, "Successfully added cert to wolfSSL " + "Certificate Store!"); + _added_cert = 1; + } + else { + ESP_LOGE(TAG, "Failed to add cert to store! ret = %d", ret); + ret = WOLFSSL_FAILURE; + } + } + else { + ESP_LOGCBI(TAG, "Already added a matching cert!"); + } /* _added_cert */ + +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* Store verify will fail when alt certs enabled. */ + ESP_LOGCBI(TAG, "Skipping post-update store verify with " + "WOLFSSL_ALT_CERT_CHAINS enabled."); +#else + ESP_LOGCBI(TAG, "wolfSSL_X509_verify_cert(store)"); + ret = wolfSSL_X509_verify_cert(store); + if (ret == WOLFSSL_SUCCESS) { + ESP_LOGCBI(TAG, "Successfully verified cert in updated store!"); + } + else { + ESP_LOGE(TAG, "Failed to verify cert in updated store! " + "ret = %d", ret); + ret = WOLFSSL_FAILURE; + } +#endif + } /* crt_found */ + else { + ESP_LOGE(TAG, "Did not find a matching crt"); + ret = WOLFSSL_FAILURE; + } + } /* Did not find a cert */ + else { + /* not successful, so return zero for failure. */ + ret = WOLFSSL_FAILURE; + } /* Failed to init, didn't even try to search. */ + + + /* Clean up and exit */ + if ((_crt_found == 0) && (bundle_cert != NULL)) { + ESP_LOGW(TAG, "Cert not found, free bundle_cert"); + wolfSSL_X509_free(bundle_cert); + bundle_cert = NULL; + /* this_subject and this_issuer are pointers into cert used. + * Don't free if the cert was found. */ + wolfSSL_X509_NAME_free(this_subject); + this_subject = NULL; + wolfSSL_X509_NAME_free(this_issuer); + this_issuer = NULL; + } + + /* We don't clean up the store_cert and x509 as we are in a callback, + * and it is just a pointer into the actual ctx store cert. + * + * See wolfSSL_bundle_cleanup() called after connection completed. */ + ESP_LOGCBI(TAG, "Exit wolfssl_ssl_conf_verify_cb ret = %d", ret); + + WOLFSSL_LEAVE( "wolfssl_ssl_conf_verify_cb complete", ret); + + return ret; /* preverify */ +} + +/* wolfssl_ssl_conf_verify_cb() + * for reference: + * typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); + * + * This is the callback for TLS handshake verify / valiation. See related: + * wolfssl_ssl_conf_verify_cb_no_signer + * wolfssl_ssl_conf_verify_cb_before_date + * wolfssl_ssl_conf_verify_cb_after_date + * + * This callback is called FOR EACH cert in the store. + * Not all certs in the store will have a match for a cert in the bundle, + * but we NEED ONE to match when a preverify error occurs. + * + * See wolfssl_ssl_conf_verify() for setting callback to this function. + * Typically set when calling esp_crt_bundle_attach(). Specifically: + * cfg->crt_bundle_attach(&tls->conf) in esp_tls_wolfssl.c + * from the ESP-IDF esp-tls component. + * + * See esp_tls.h file: esp_err_t (*crt_bundle_attach)(void *conf) + * and initialization in esp_transport_ssl_crt_bundle_attach + * from the tcp_transport component: (transport_ssl.c) + * + * Functions in esp_crt_bundle are same names as other providers and + * gated in as appropriate when enabling CONFIG_ESP_TLS_USING_WOLFSSL. + * + * Note the wolfSSL component CMakeLists.txt *MUST* be properly linked in the + * file to be used within the ESP-IDF. Something like this: + * + * target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl}) + * + * Returns: + * 0 if the verification process should stop immediately with an error. + * 1 if the verification process should continue with the rest of handshake. */ +static CB_INLINE int wolfssl_ssl_conf_verify_cb(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ +#ifdef WOLFSSL_DEBUG_CERT_BUNDLE + char before_str[CTC_DATE_SIZE]; + char after_str[CTC_DATE_SIZE]; + WOLFSSL_ASN1_TIME *notBefore = NULL; + WOLFSSL_ASN1_TIME *notAfter = NULL; + + int initial_preverify; + initial_preverify = preverify; + + if (store == NULL) { + ESP_LOGCBW(TAG, "wolfssl_ssl_conf_verify_cb store is Null. Abort"); + return initial_preverify; + } + + /* Show the interesting preverify & error state upon entry to callback. */ + if (preverify == 1) { + ESP_LOGCBI(TAG, "preverify == 1\n"); + } + else { + ESP_LOGCBW(TAG, "preverify == %d\n", preverify); + } + + if (store->error == 0) { + ESP_LOGCBI(TAG, "store->error == 0"); + } + else { + ESP_LOGCBW(TAG, "store->error: %d", store->error); + } + + notBefore = wolfSSL_X509_get_notBefore(store->current_cert); + if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str, + sizeof(before_str)) == NULL) { + ESP_LOGCBW(TAG, "Not Before value not valid"); + } + else { + ESP_LOGCBI(TAG, "Not Before: %s", before_str); + } + + esp_show_current_datetime(); + + notAfter = wolfSSL_X509_get_notAfter(store->current_cert); + if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str, + sizeof(after_str)) == NULL) { + ESP_LOGCBW(TAG, "Not After value not valid"); + } + else { + ESP_LOGCBI(TAG, "Not After: %s", after_str); + } +#endif + + /* One possible condition is the error "Failed to find signer". + * This is where we search the bundle for a matching needed CA cert. */ + if ((preverify == 0) && (store->error == ASN_NO_SIGNER_E)) { + ESP_LOGCBW(TAG, "Setting _need_bundle_cert!"); + _need_bundle_cert = 1; + + preverify = wolfssl_ssl_conf_verify_cb_no_signer(preverify, store); + } + + /* Another common issue is the date/timestamp. + * During debugging, we can ignore cert ASN before/after limits: */ +#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME) + esp_show_current_datetime(); + + if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) { + preverify = wolfssl_ssl_conf_verify_cb_before_date(preverify, store); + } + + if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) { + preverify = wolfssl_ssl_conf_verify_cb_after_date(preverify, store); + } +#endif + + /* Insert any other callback handlers here. */ + +#ifdef WOLFSSL_DEBUG_CERT_BUNDLE + /* When debugging, show if have we resolved any error. */ + if (preverify == 1) { + ESP_LOGCBI(TAG, "Returning preverify == 1\n"); + if (preverify != initial_preverify) { + /* Here we assume wolfssl_ssl_conf_verify_cb_no_signer + * properly found and validated the problem: such as + * a new cert from the bundled needed for signing. */ + ESP_LOGCBW(TAG, "Callback overriding error initial preverify = %d, " + "returning preverify = %d", + initial_preverify, preverify ); + } + } + else { + ESP_LOGCBW(TAG, "Warning; returning preverify == %d\n", preverify); + } +#endif + + return preverify; +} /* wolfssl_ssl_conf_verify_cb */ + +/* wolfssl_ssl_conf_verify() patterned after ESP-IDF. + * Used locally here only. Not used directly by esp-tls. + * + * This is typically called during esp_crt_bundle_attach() in + * *this* file, which has same-name functions gated with the macro: + * CONFIG_ESP_TLS_USING_WOLFSSL + * + * See also ESP-IDF transport_ssl component. */ +void CB_INLINE wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf, + int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK, + void (*p_vrfy) ) +{ + /* Other Crytographic providers for reference: + conf->f_vrfy = f_vrfy; (verification function callback) + conf->p_vrfy = p_vrfy; (pre-verification value) + */ + + /* typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); */ + wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)(conf->priv_ctx), + WOLFSSL_VERIFY_PEER, wolfssl_ssl_conf_verify_cb); +} + +/* esp_crt_verify_callback() patterned after ESP-IDF. + * Used locally here only. Not used directly by esp-tls. + * + * This callback is called for every certificate in the chain. If the chain + * is proper each intermediate certificate is validated through its parent + * in the x509_crt_verify_chain() function. So this callback should + * only verify the first untrusted link in the chain is signed by the + * root certificate in the trusted bundle +*/ +int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, int depth, + uint32_t *flags) +{ + WOLFSSL_X509 *child; + const uint8_t *crt_name; + int start = 0; + int middle = 0; + int end = 0; + int crt_found = 0; + int ret = -1; + size_t name_len = 0; + size_t key_len = 0; + + child = crt; + + if (s_crt_bundle.crts == NULL) { + ESP_LOGE(TAG, "No certificates in bundle"); + return -1; + } + + ESP_LOGCBI(TAG, "esp_crt_verify_callback: %d certificates in bundle", + s_crt_bundle.num_certs); + + name_len = 0; + + crt_found = false; + start = 0; + if (s_crt_bundle.num_certs > 0) { + end = s_crt_bundle.num_certs - 1; + middle = (end - start) / 2; + } + else { + end = -1; + middle = -1; + } + /* Look for the certificate using binary search on subject name */ + while (start <= end) { + name_len = (s_crt_bundle.crts[middle][0] << 8) | + (s_crt_bundle.crts[middle][1]); + crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET; + + int cmp_res = memcmp(child->altNames, crt_name, name_len); + if (cmp_res == 0) { + ESP_LOGCBI(TAG, "crt found %s", crt_name); + crt_found = true; + break; + } + else if (cmp_res < 0) { + end = middle + 1; + } + else { + start = middle - 1; + } + middle = (start + end) / 2; + } + + ret = -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */ + if (crt_found) { + key_len = (s_crt_bundle.crts[middle][2] << 8) | + (s_crt_bundle.crts[middle][3]); + /* This is the wolfssl_ssl_conf_verify callback to attach bundle. + * We'll verify at certificate attachment time. */ + ESP_LOGV(TAG, "Found key. Len = %d", key_len); + /* Optional validation not implemented at this time. */ + /* See wolfssl_ssl_conf_verify_cb() */ + } + else { + ESP_LOGW(TAG, "crt not found!"); + } + + if (ret == 0) { + ESP_LOGCBI(TAG, "Certificate validated (2)"); + *flags = 0; + return 0; + } + + ESP_LOGW(TAG, "Deprecated; this API for compiler compatibility only."); + ESP_LOGW(TAG, "Please use wolfssl_ssl_conf_verify_cb() ."); + ESP_LOGE(TAG, "Failed to verify certificate"); + return -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */ +} /* esp_crt_verify_callback */ + +/* wolfssl_ssl_conf_authmode() patterned after ESP-IDF. */ +void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, int authmode) +{ + wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)conf->priv_ctx, authmode, NULL); +} + +/* API wolfssl_x509_crt_init */ +void wolfssl_x509_crt_init(WOLFSSL_X509 *crt) +{ + InitX509(crt, 0, NULL); +} + +/* cert buffer compatibility helper */ +void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf, + WOLFSSL_X509 *ca_chain, + WOLFSSL_X509_CRL *ca_crl) +{ + conf->ca_chain = ca_chain; + conf->ca_crl = ca_crl; + +#if defined(WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK) + /* wolfssl_ssl_conf_ca_chain() and wolfsslssl_ssl_conf_ca_cb() + * cannot be used together. */ + conf->f_ca_cb = NULL; + conf->p_ca_cb = NULL; +#endif /* WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK */ +} + +#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE +esp_err_t esp_crt_bundle_is_valid(void) +{ + return _esp_crt_bundle_is_valid; +} + +/* Initialize the bundle into an array so we can do binary + * search for certs; the bundle generated by the python utility is + * normally already presorted by subject name attrbutes in ARBITRARY order! + * + * See gen_crt_bundle.py regarding element extraction sort. + * + * To used as unsorted list, see above: + * `#define CERT_BUNDLE_UNSORTED` + */ +static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, + size_t bundle_size) +{ + const uint8_t *bundle_end = NULL; + const uint8_t *cur_crt = NULL; + uint16_t i; + size_t cert_len; + int ret = ESP_OK; + + WOLFSSL_ENTER("wolfssl_esp_crt_bundle_init"); + _esp_crt_bundle_is_valid = ESP_OK; /* Assume valid until proven otherise. */ + + _cert_bundle_loaded = 0; + _crt_found = 0; + _added_cert = 0; + _need_bundle_cert = 0; + + /* Basic check of bundle size. */ + if (ret == ESP_OK) { + if (bundle_size < BUNDLE_HEADER_OFFSET + CRT_HEADER_OFFSET) { + ESP_LOGE(TAG, "Invalid certificate bundle size"); + _esp_crt_bundle_is_valid = ESP_FAIL; + ret = ESP_ERR_INVALID_ARG; + } + } + + /* Number of certificates pre-calculated in python script, extract value: */ + if (ret == ESP_OK) { + num_certs = (x509_bundle[0] << 8) | x509_bundle[1]; + if (num_certs > CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS) { + ESP_LOGE(TAG, "Number of certs in the certificate bundle = %d " + "exceeds\nMax allowed certificates in certificate " + "bundle = %d\nPlease update the menuconfig option", + num_certs, + CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS); + _esp_crt_bundle_is_valid = ESP_FAIL; + ret = ESP_ERR_INVALID_ARG; + } + else { + ESP_LOGCBI(TAG, "No. of certs in certificate bundle = % d", + num_certs); + ESP_LOGCBI(TAG, "Max allowed certificates in certificate bundle = " + "%d", CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS); + } + } /* ret == ESP_OK */ + + if (ret == ESP_OK) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGW(TAG, "calloc certs: %d bytes", (uint)sizeof(x509_bundle)); +#endif + /* Contiguous allocation is important to our cert extraction. */ + crts = calloc(num_certs, sizeof(x509_bundle)); + if (crts == NULL) { + ESP_LOGE(TAG, "Unable to allocate memory for bundle pointers"); + _esp_crt_bundle_is_valid = ESP_FAIL; + ret = ESP_ERR_NO_MEM; + } + } /* ret == ESP_OK */ + + /* If all is ok, proceed with initialization of Certificate Bundle */ + if (ret == ESP_OK) { + /* This is the maximum region that is allowed to access */ + ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle); + ESP_LOGV(TAG, "Bundle Size %d", bundle_size); + bundle_end = x509_bundle + bundle_size; + ESP_LOGV(TAG, "Bundle End 0x%x", (intptr_t)bundle_end); + cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET; + + for (i = 0; i < num_certs; i++) { + ESP_LOGV(TAG, "Init Cert %d", i); + if (cur_crt + CRT_HEADER_OFFSET > bundle_end) { + ESP_LOGE(TAG, "Invalid certificate bundle current offset"); + _esp_crt_bundle_is_valid = ESP_FAIL; + ret = ESP_ERR_INVALID_ARG; + break; + } + + crts[i] = cur_crt; + +#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT + /* For reference only */ + size_t name_len = cur_crt[0] << 8 | cur_crt[1]; + size_t key_len = cur_crt[2] << 8 | cur_crt[3]; + cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len; +#else + cert_len = cur_crt[0] << 8 | cur_crt[1]; + #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \ + defined( WOLFSSL_ASN_ALLOW_0_SERIAL) || \ + defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \ + defined( WOLFSSL_NO_ASN_STRICT) + if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET, + cert_len) > 0) { + ESP_LOGW(TAG, "Warning: found zero value for serial number in " + "certificate #%d", i); + ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in " + "serial number."); + } + #endif + cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len); +#endif + } /* for certs 0 to num_certs - 1 in the order found */ + } /* ret == ESP_OK */ + + /* One final validation check. */ + if (cur_crt > bundle_end) { + ESP_LOGE(TAG, "Invalid certificate bundle after end"); + _esp_crt_bundle_is_valid = ESP_FAIL; + ret = ESP_ERR_INVALID_ARG; + } + + if (_esp_crt_bundle_is_valid == ESP_FAIL) { + if (crts == NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGW(TAG, "Free certs after invalid bundle"); +#endif + free(crts); + crts = NULL; + s_crt_bundle.num_certs = 0; + s_crt_bundle.crts = NULL; + } + } + else { + /* The previous crt bundle is only updated when initialization of the + * current crt_bundle is successful */ + /* Free previous crt_bundle */ + if (s_crt_bundle.crts != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGI(TAG, "Free crts"); +#endif + free(s_crt_bundle.crts); + } + s_crt_bundle.num_certs = num_certs; + s_crt_bundle.crts = crts; + } + + /* Consider using WOLFSSL_ASN_ALLOW_0_SERIAL or WOLFSSL_NO_ASN_STRICT + * to relax checks. Use with caution. See wolfSSL documentation. */ + if (wolfssl_found_zero_serial()) { + ESP_LOGCBW(TAG, "Warning: At least one certificate in the bundle " + "is missing a serial number."); + } + + WOLFSSL_LEAVE("wolfssl_esp_crt_bundle_init", ret); + return ret; +} /* esp_crt_bundle_init */ + +/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer. */ +esp_err_t esp_crt_bundle_attach(void *conf) +{ + esp_err_t ret = ESP_OK; + ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach"); + /* If no bundle has been set by the user, + * then use the bundle embedded in the binary */ + if (s_crt_bundle.crts == NULL) { + ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary."); + ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x", + (intptr_t)x509_crt_imported_bundle_wolfssl_bin_start); + ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x", + (intptr_t)x509_crt_imported_bundle_wolfssl_bin_end); + ret = wolfssl_esp_crt_bundle_init( + x509_crt_imported_bundle_wolfssl_bin_start, + (x509_crt_imported_bundle_wolfssl_bin_end + - x509_crt_imported_bundle_wolfssl_bin_start)); + } + else { + ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.", + (intptr_t)s_crt_bundle.crts); + } + + if (ret == ESP_OK) { + if (conf) { + wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf; + wolfssl_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL); + } + else { + ESP_LOGCBI(TAG, "esp_crt_bundle_attach no conf object supplied"); + } + } + else { + ESP_LOGE(TAG, "Failed to attach bundle"); + } + ESP_LOGCBI(TAG, "esp_crt_bundle_attach completed for wolfSSL"); + + _esp_crt_bundle_is_valid = ret; + return ret; +} /* esp_crt_bundle_attach */ + +/* esp_crt_bundle_detach() used by ESP-IDF esp-tls layer. */ +void esp_crt_bundle_detach(wolfssl_ssl_config *conf) +{ + ESP_LOGI(TAG, "esp_crt_bundle_detach"); + _wolfssl_found_zero_serial = ESP_OK; + _cert_bundle_loaded = 0; + _crt_found = 0; + _added_cert = 0; + _need_bundle_cert = 0; + + if (s_crt_bundle.crts != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGI(TAG, "Free s_crt_bundle.crts"); +#endif + free(s_crt_bundle.crts); + s_crt_bundle.crts = NULL; + } + if (conf) { + wolfssl_ssl_conf_verify(conf, NULL, NULL); + ESP_LOGE(TAG, "esp_crt_bundle_detach not implemented for wolfSSL"); + } + ESP_LOGE(TAG, "Not implemented: esp_crt_bundle_detach"); + + /* If there's no cert bundle attached, it is not valid: */ + _esp_crt_bundle_is_valid = ESP_FAIL; +} + +/* The name esp_crt_bundle_set() used by ESP-IDF esp-tls layer, + * but called wolfssl_esp_crt_bundle_init here. */ +esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size) +{ + return wolfssl_esp_crt_bundle_init(x509_bundle, bundle_size); +} + +/* Clean up bundle when closing connection from ESP-TLS layer. */ +esp_err_t wolfSSL_bundle_cleanup(void) +{ +#ifdef DEBUG_WOLFSSL_MALLOC + size_t free_heap_size; + size_t min_free_heap_size; + size_t free_internal_heap_size; +#endif + + ESP_LOGV(TAG, "Enter wolfSSL_bundle_cleanup"); + + if (s_crt_bundle.crts != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGI(TAG, "Free s_crt_bundle.crts in wolfSSL_bundle_cleanup"); +#endif + free(s_crt_bundle.crts); + s_crt_bundle.crts = NULL; + } + + esp_tls_free_global_ca_store(); + /* Be sure to free the bundle_cert first, as it may be part of store. */ + if (bundle_cert != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGI(TAG, "Free bundle_cert in wolfSSL_bundle_cleanup"); +#endif + wolfSSL_X509_free(bundle_cert); + bundle_cert = NULL; + } + + if (store_cert != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGI(TAG, "Free store_cert in wolfSSL_bundle_cleanup"); +#endif + wolfSSL_X509_free(store_cert); + store_cert = NULL; + } + + memset(&s_crt_bundle, 0, sizeof(s_crt_bundle)); + +#ifdef DEBUG_WOLFSSL_MALLOC + /* Get total free heap size */ + free_heap_size = esp_get_free_heap_size(); + ESP_LOGI(TAG, "Free heap size: %u bytes", free_heap_size); + + /* Get minimum ever free heap size (since boot) */ + min_free_heap_size = esp_get_minimum_free_heap_size(); + ESP_LOGI(TAG, "Minimum ever free heap size: %u bytes", min_free_heap_size); + + /* Get the amount of free memory in internal RAM */ + free_internal_heap_size = heap_caps_get_free_size(MALLOC_CAP_INTERNAL); + ESP_LOGI(TAG, "Free internal heap size: %u bytes", free_internal_heap_size); +#endif /* DEBUG_WOLFSSL_MALLOC */ + + return ESP_OK; +} +#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */ + +/* Sanity checks: */ +#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT) + /* The settings.h and/or user_settings.h should have detected config + * values from Kconfig and set the appropriate wolfSSL macro: */ + #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT" +#endif /* CONFIG_WOLFSSL_NO_ASN_STRICT && ! WOLFSSL_NO_ASN_STRICT */ + +#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE && !(NONE cert) */ +#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */ +#endif /* WOLFSSL_ESPIDF */ diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py new file mode 100644 index 000000000..03cfe0989 --- /dev/null +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py @@ -0,0 +1,360 @@ +#!/usr/bin/env python +# +# gen_crt_bundle.py +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# +# ESP32 x509 certificate bundle generation utility +# +# Converts PEM and DER certificates to a custom bundle format which stores just the +# subject name and public key to reduce space +# +# The bundle will have the format: +# number of certificates; +# crt 1 subject name length; +# crt 1 public key length; +# crt 1 subject name; +# crt 1 public key; +# crt 2... + + +from __future__ import with_statement + +import argparse +import csv +import os +import re +import unicodedata +import struct +import sys +from io import open + +try: + from cryptography import x509 + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import serialization + from cryptography.x509.oid import NameOID + +except ImportError: + print('The cryptography package is not installed.' + 'Please refer to the Get Started section of the ESP-IDF Programming Guide for ' + 'setting up the required packages.') + raise + +ca_bundle_bin_file = 'x509_crt_bundle_wolfssl' + +quiet = False + + +def status(msg): + """ Print status message to stderr """ + if not quiet: + critical(msg) + + +def critical(msg): + """ Print critical message to stderr """ + sys.stderr.write('gen_crt_bundle.py: ') + sys.stderr.write(msg) + sys.stderr.write('\n') + + +class CertificateBundle: + def __init__(self): + self.certificates = [] + self.compressed_crts = [] + + if os.path.isfile(ca_bundle_bin_file): + os.remove(ca_bundle_bin_file) + + def add_from_path(self, crts_path): + + found = False + for file_path in os.listdir(crts_path): + found |= self.add_from_file(os.path.join(crts_path, file_path)) + + if found is False: + raise InputError('No valid x509 certificates found in %s' % crts_path) + + def add_from_file(self, file_path): + try: + if file_path.endswith('.pem'): + status('Parsing certificates from %s' % file_path) + with open(file_path, 'r', encoding='utf-8') as f: + crt_str = f.read() + self.add_from_pem(crt_str) + return True + + elif file_path.endswith('.der'): + status('Parsing certificates from %s' % file_path) + with open(file_path, 'rb') as f: + crt_str = f.read() + self.add_from_der(crt_str) + return True + + except ValueError: + critical('Invalid certificate in %s' % file_path) + raise InputError('Invalid certificate') + + return False + + def add_from_pem(self, crt_str): + """ A single PEM file may have multiple certificates """ + + crt = '' + count = 0 + start = False + + for strg in crt_str.splitlines(True): + if strg == '-----BEGIN CERTIFICATE-----\n' and start is False: + crt = '' + start = True + elif strg == '-----END CERTIFICATE-----\n' and start is True: + crt += strg + '\n' + start = False + self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend())) + count += 1 + if start is True: + crt += strg + + if count == 0: + raise InputError('No certificate found') + + status('Successfully added %d certificates' % count) + + def add_from_der(self, crt_str): + self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend())) + status('Successfully added 1 certificate') + + def get_subject_text(self, cert): + # Extract subject as a string in the desired format + return ", ".join( + f"/{attribute.oid._name}={attribute.value}" # Adjust as necessary to format as "/C=US/O=..." + for attribute in cert.subject + ) + + # We are currently sorting in AS FOUND order. wolfSSL does this in wolfSSL_X509_NAME_oneline() + # But for reference, if desired: + # + # /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA + # /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave + desired_dn_order = ["/C=", "/ST=", "/L=", "/O=", "/OU=", "/CN="] + + def extract_dn_components(self, cert): + """ + Extract the DN components based on the desired order and return the assembled string. + """ + #dn_dict = {"/C=": "/C=", "/ST=": "/ST=", "/L=": "/L=", "/O=": "/O=", "/OU=": "/OU=", "/CN=": "/CN="} + dn_dict = {"/C=": "", "/ST=": "", "/L=": "", "/O=": "", "/OU=": "", "/CN=": ""} + + # Map the actual DN elements to the correct keys in the desired order + for attribute in cert.subject: + if attribute.oid == x509.NameOID.COUNTRY_NAME: + dn_dict["/C="] = attribute.value + elif attribute.oid == x509.NameOID.ORGANIZATIONAL_UNIT_NAME: + dn_dict["/OU="] = attribute.value + elif attribute.oid == x509.NameOID.ORGANIZATION_NAME: + dn_dict["/O="] = attribute.value + elif attribute.oid == x509.NameOID.COMMON_NAME: + dn_dict["/CN="] = attribute.value + elif attribute.oid == x509.NameOID.LOCALITY_NAME: + dn_dict["/L="] = attribute.value + elif attribute.oid == x509.NameOID.STATE_OR_PROVINCE_NAME: + dn_dict["/ST="] = attribute.value + + #return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order]) + return dn_dict + + def sorting_key(self, cert): + """ + Create a tuple for sorting, where each component is sorted in the order defined by `desired_dn_order`. + If a component is missing, it is replaced with a value that will ensure proper sorting (empty string). + """ + dn_dict = self.extract_dn_components(cert) + + return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order if dn_dict[key]]) + + def sort_certificates_by_dn_order(self, certificates): + """ + Sort the list of certificates based on the DN string assembled in the specified order. + """ + return sorted(certificates, key=self.sorting_key) + + def extract_dn_components_as_is(self, cert): + """ + Extract the DN components exactly as they appear in the certificate. + """ + # dn_string = ', '.join([f"{attribute.oid._name}={attribute.value}" for attribute in cert.subject]) + dn_string = "" + result_string = "" + + # Mapping of known OIDs to their short names + oid_short_names = { + 'commonName': '/CN', + 'countryName': '/C', + 'stateOrProvinceName': '/ST', + 'localityName': '/L', + 'organizationName': '/O', + 'organizationalUnitName': '/OU' + } + + with open("cert_bundle.log", "a") as file: + # Write to the file + file.write("\nNew cert\n\n") + for attribute in cert.subject: + # Use a predefined map for known OIDs, and fallback to the dotted string if not found + oid_full_name = attribute.oid._name if attribute.oid._name else attribute.oid.dotted_string + + # The common string uses "/CN" and not "commonName", so we need to swap out keywords such as commonName: + oid_name = oid_short_names.get(oid_full_name, oid_full_name) + file.write(f"oid_name={oid_name}\n") + + # Strip unicode + normalized_string = unicodedata.normalize('NFKD', attribute.value) + + # Encode to ASCII bytes, ignoring any characters that can't be converted + ascii_bytes = normalized_string.encode('ascii', 'ignore') + + # Decode back to ASCII string + ascii_string = ascii_bytes.decode('ascii') + file.write(f"attribute_value={ascii_string}\n") + + # assemble the dn string for this cert + dn_string += f"/{oid_name}={ascii_string}" + file.write(f"dn_string={dn_string}\n") + + # Remove any unprintable characters + cleaned_string = re.sub(r'[^\x20-\x7E]', ' ', dn_string) + file.write(f"cleaned_string={cleaned_string}\n") + result_string = cleaned_string.replace("=", " ") + file.write(f"result_string={result_string}\n") + + # Reminder this is a sort order only; cert NOT modified. + return result_string + + def sorting_key_as_is(self, cert): + """ + Use the DN string as found in the certificate as the sorting key. + """ + dn_string = self.extract_dn_components_as_is(cert) + return dn_string + + def sort_certificates_by_as_is(self, certificates): + """ + Sort the list of certificates based on the DN string assembled in the specified order. + """ + return sorted(certificates, key=self.sorting_key_as_is) + + def create_bundle(self): + # Sort certificates in order to do binary search when looking up certificates + # NOTE: When sorting, see `esp_crt_bundle.c`; + # Use `#define CERT_BUNDLE_UNSORTED` when not sorting. + # + with open("cert_bundle.log", "w") as file: + # Write to the file + file.write("init.\n") + self.certificates = self.sort_certificates_by_as_is(self.certificates) + + + bundle = struct.pack('>H', len(self.certificates)) + + for crt in self.certificates: + cert_der = crt.public_bytes(serialization.Encoding.DER) + cert_der_len = len(cert_der) + + len_data = struct.pack('>H', cert_der_len) + bundle += len_data + bundle += cert_der + + return bundle + + def add_with_filter(self, crts_path, filter_path): + + filter_set = set() + with open(filter_path, 'r', encoding='utf-8') as f: + csv_reader = csv.reader(f, delimiter=',') + + # Skip header + next(csv_reader) + for row in csv_reader: + filter_set.add(row[1]) + + status('Parsing certificates from %s' % crts_path) + crt_str = [] + with open(crts_path, 'r', encoding='utf-8') as f: + crt_str = f.read() + + # Split all certs into a list of (name, certificate string) tuples + pem_crts = re.findall(r'(^.+?)\n(=+\n[\s\S]+?END CERTIFICATE-----\n)', crt_str, re.MULTILINE) + + filtered_crts = '' + for name, crt in pem_crts: + if name in filter_set: + filtered_crts += crt + + self.add_from_pem(filtered_crts) + + +class InputError(RuntimeError): + def __init__(self, e): + super(InputError, self).__init__(e) + + +def main(): + global quiet + + parser = argparse.ArgumentParser(description='ESP-IDF x509 certificate bundle utility') + + parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true') + parser.add_argument('--input', '-i', nargs='+', required=True, + help='Paths to the custom certificate folders or files to parse, parses all .pem or .der files') + parser.add_argument('--filter', '-f', help='Path to CSV-file where the second columns contains the name of the certificates \ + that should be included from cacrt_all.pem') + + args = parser.parse_args() + + quiet = args.quiet + + bundle = CertificateBundle() + + for path in args.input: + if os.path.isfile(path): + if os.path.basename(path) == 'cacrt_all.pem' and args.filter: + bundle.add_with_filter(path, args.filter) + else: + bundle.add_from_file(path) + elif os.path.isdir(path): + bundle.add_from_path(path) + else: + raise InputError('Invalid --input=%s, is neither file nor folder' % args.input) + + status('Successfully added %d certificates in total' % len(bundle.certificates)) + + crt_bundle = bundle.create_bundle() + + with open(ca_bundle_bin_file, 'wb') as f: + f.write(crt_bundle) + + +if __name__ == '__main__': + try: + main() + except InputError as e: + print(e) + sys.exit(2) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index c4bed901f..9c574451a 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -24,15 +24,13 @@ #endif /* wolfSSL */ -/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS - #include -#endif +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include - -#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#include "sdkconfig.h" /* programmatically generated from sdkconfig */ +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF. */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig. */ #if defined(USE_WOLFSSL_ESP_SDK_TIME) /* Espressif */ @@ -121,6 +119,41 @@ esp_err_t esp_sdk_time_lib_init(void) #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT #endif +/* When reproducible builds are enabled in ESP-IDF + * (starting from version 4.0 and above), + * the __DATE__ and __TIME__ macros are deliberately disabled. */ +#ifndef __DATE__ + #define YEAR 2024 + #define MONTH 9 + #define DAY 25 +#else + /* e.g. __DATE__ "Sep 25 2024" */ + #define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ + ) + + #define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) + + #define DAY ( \ + ((__DATE__)[4] - '0') * 10 + \ + ((__DATE__)[5] - '0') * 1 \ + ) +#endif + /* our NTP server list is global info */ extern char* ntpServerList[NTP_SERVER_COUNT]; @@ -149,9 +182,9 @@ int set_fixed_default_time(void) /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ struct tm timeinfo = { - .tm_year = 2024 - 1900, - .tm_mon = 9 - 1, /* Month, where 0 = Jan */ - .tm_mday = 3 , /* Day of the month 30 */ + .tm_year = YEAR, + .tm_mon = MONTH, /* Month, where 0 = Jan */ + .tm_mday = DAY, /* Numeric decimal day of the month */ .tm_hour = 13, .tm_min = 1, .tm_sec = 5 diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index d091946c0..1ccb8426f 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -107,8 +107,9 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/silabs/silabs_random.h \ wolfssl/wolfcrypt/port/st/stm32.h \ wolfssl/wolfcrypt/port/st/stsafe.h \ - wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \ wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \ + wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \ + wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \ wolfssl/wolfcrypt/port/arm/cryptoCell.h \ wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \ wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \ diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 41961cf4f..3d6c4e1de 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -233,6 +233,14 @@ enum { ** WOLFSSL_DEBUG_ESP_RSA_MULM_BITS ** Shows a warning when mulm falls back for minimum number of bits. ** +** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS +** Shows a marning when multiplication math bits have exceeded hardware +** capabilities and will fall back to slower software. +** +** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +** Shows a marning when modular math bits have exceeded hardware capabilities +** and will fall back to slower software. +** ** NO_HW_MATH_TEST ** Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED. ** diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h new file mode 100644 index 000000000..632b371f5 --- /dev/null +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -0,0 +1,233 @@ +/* esp_crt_bundle.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef __ESP_CRT_BUNDLE_wolfssl_LIB_H__ + +#define __ESP_CRT_BUNDLE_wolfssl_LIB_H__ + +/* This file is typically NOT directly used by applications utilizing the + * wolfSSL libraries. It is used when the wolfssl libary component is configured + * to be utilized by the Espressif ESP-IDF, specifically the esp-tls layer. + * + * See: + * https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/protocols/esp_tls.html + * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h + * + ******************************************************************************* + ** Optional Settings: + ******************************************************************************* + * WOLFSSL_DEBUG_CERT_BUNDLE_NAME + * Optionally show certificate bundle debugging info. + * + * WOLFSSL_DEBUG_CERT_BUNDLE_NAME + * Optionally show certificate bundle name debugging info. + * + * WOLFSSL_EXAMPLE_VERBOSITY + * Optionally print example application information that may be interesting. + * + * IS_WOLFSSL_CERT_BUNDLE_FORMAT + * This should be left on as no other bundle format is supported at this time. + * + * CB_INLINE + * Normally on, this uses the compiler `inline` decorator for bundle functions + * to be optimized, since they are called during a TLS connection. + * + * See Kconfig file (or use idy.py menufconfig) for other bundle settings. + */ + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +#ifndef WOLFSSL_USER_SETTINGS + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" +#endif + +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) + + +#ifdef __cplusplus +extern "C" { +#endif + +#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *) +#include + +typedef struct wolfssl_ssl_config wolfssl_ssl_config; + +struct wolfssl_ssl_config +{ + WOLFSSL_X509* ca_chain; + WOLFSSL_X509_CRL* ca_crl; + void *priv_ctx; + void *priv_ssl; +}; + +/** + * @brief Attach and enable use of a bundle for certificate verification + * + * Attach and enable use of a bundle for certificate verification through a + * verification callback.If no specific bundle has been set through + * esp_crt_bundle_set() it will default to the bundle defined in menuconfig + * and embedded in the binary. + * + * Note this must be visible for both the regular bundles, as well as the + *"none" option. + * + * Other code gated out, below, when the "none" option is selected. + * + * @param[in] conf The config struct for the SSL connection. + * + * @return + * - ESP_OK if adding certificates was successful. + * - Other if an error occurred or an action must be taken by the + * calling process. + */ +esp_err_t esp_crt_bundle_attach(void *conf); + + +#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \ + (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1) + +/* Certificate bundles are enabled, but the "none" option selected */ + +#else +/** + * @brief Return ESP_OK for valid bunder, otherwise ESP_FAIL. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +esp_err_t esp_crt_bundle_is_valid(void); + +/** + * @brief Return 1 if Cert Bundle loaded, otheriwse 0. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +int wolfssl_cert_bundle_loaded(void); + +/** + * @brief Return 1 is a cert from the bundle was needed + * at connection time, otherwise 0. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +int wolfssl_need_bundle_cert(void); + +/** + * @brief Disable and dealloc the certification bundle + * + * Used by ESP-IDF esp-tls layer. + * + * Removes the certificate verification callback and deallocates used resources + * + * @param[in] conf The config struct for the SSL connection. + */ +void esp_crt_bundle_detach(wolfssl_ssl_config *conf); + +/** + * @brief Set the default certificate bundle used for verification + * + * Used by ESP-IDF esp-tls layer. + * + * Overrides the default certificate bundle only in case of successful + * initialization. In most use cases the bundle should be set through + * menuconfig. The bundle needs to be sorted by subject name since binary + * search is used to find certificates. + * + * @param[in] x509_bundle A pointer to the certificate bundle. + * + * @param[in] bundle_size Size of the certificate bundle in bytes. + * + * @return + * - ESP_OK if adding certificates was successful. + * - Other if an error occured or an action must be taken + * by the calling process. + */ +esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); + + +/** + * @brief Set the issuer and subject values given the current cert. + * + * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging + * and general visibiity to certificate attributes. + * + * The CERT_TAG can be used at the esp-tls or application layer to indicate + * the usage of the respective cert (e.g. the string "peer"). + * + * Turn on WOLFSSL_DEBUG_CERT_BUNDLE to also see ASN1 before/after values. + * + * @return + * - WOLFSSL_SUCCESS (1) + * - WOLFSSL_FAILURE (0) if unable to get issues and/or subject. + */ +int wolfSSL_X509_get_cert_items(char* CERT_TAG, + WOLFSSL_X509* cert, + WOLFSSL_X509_NAME** issuer, + WOLFSSL_X509_NAME** subject); + +esp_err_t wolfSSL_bundle_cleanup(void); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf, + int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK, + void *p_vrfy); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, + int authmode); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf, + WOLFSSL_X509 *ca_chain, + WOLFSSL_X509_CRL *ca_crl); + +WOLFSSL_LOCAL void wolfssl_x509_crt_init(WOLFSSL_X509 *crt); + +WOLFSSL_LOCAL int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, + int depth, uint32_t *flags); + +#ifdef __cplusplus +} +#endif + +/* Detect if wolfSSL is enabled, but so are mbedTLS bundles */ +#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \ + CONFIG_MBEDTLS_CERTIFICATE_BUNDLE + #error "wolfSSL cannot use mbedTLS certificate bundles. Please disable them" +#endif + +#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */ + +#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */ + +#endif /* WOLFSSL_ESPIDF */ + +#endif /* __ESP_CRT_BUNDLE_wolfssl_LIB_H__ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7792fb765..bc41ac25d 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -551,6 +551,12 @@ * been processed. The following settings are additive; Enabled settings * from user_settings are not disabled here. */ + #if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \ + CONFIG_ESP_WOLFSSL_TEST_LOOP + #define WOLFSSL_TEST_LOOP 1 + #else + #define WOLFSSL_TEST_LOOP 0 + #endif #if (defined(CONFIG_DEBUG_WOLFSSL) && \ CONFIG_DEBUG_WOLFSSL) || \ (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \ @@ -593,6 +599,14 @@ CONFIG_WOLFSSL_APPLE_HOMEKIT #define WOLFSSL_APPLE_HOMEKIT #endif + #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \ + CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + #define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + #endif + #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \ + CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + #define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + #endif #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL) /* When using ESP-TLS, some old algorithms such as SHA1 are no longer @@ -917,7 +931,58 @@ #undef HAVE_AESGCM #define HAVE_AESGCM #endif /* SM */ + #endif /* defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) */ + /* Final device-specific hardware settings. user_settings.h loaded above. */ + + /* Counters for RSA wait timeout. CPU and frequency specific. */ + #define ESP_RSA_WAIT_TIMEOUT_CNT 0x000020 + #if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 0xAE8C8F @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0xAF0000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C2) + /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */ + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 0x2624B2 @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0x280000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 144323 @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0x160000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP8266) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP8684) + /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */ + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #else + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #endif #endif /* WOLFSSL_ESPIDF */ #if defined(WOLFSSL_RENESAS_TSIP) From 2323a5cf59d67c19895ba04cf959c197e133694e Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 26 Sep 2024 18:43:34 +1000 Subject: [PATCH 062/325] ARM32 ChaCha20, Poly1305: assembly code Add assembly code for ChaCha20 and Poly1305 on ARM32 when no NEON available. --- src/include.am | 12 +- wolfcrypt/src/chacha.c | 3 +- wolfcrypt/src/poly1305.c | 11 +- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 2 +- wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 522 ++++++++++++++++ .../src/port/arm/armv8-32-chacha-asm_c.c | 569 ++++++++++++++++++ .../src/port/arm/armv8-32-poly1305-asm.S | 356 +++++++++++ .../src/port/arm/armv8-32-poly1305-asm_c.c | 388 ++++++++++++ wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 110 ++-- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 41 +- wolfcrypt/src/port/arm/armv8-chacha.c | 117 +++- wolfcrypt/src/port/arm/armv8-poly1305.c | 126 +++- wolfssl/wolfcrypt/chacha.h | 8 +- wolfssl/wolfcrypt/poly1305.h | 21 +- 14 files changed, 2177 insertions(+), 109 deletions(-) create mode 100644 wolfcrypt/src/port/arm/armv8-32-chacha-asm.S create mode 100644 wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c create mode 100644 wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S create mode 100644 wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c diff --git a/src/include.am b/src/include.am index c3d8376a1..dbda409a2 100644 --- a/src/include.am +++ b/src/include.am @@ -924,8 +924,10 @@ if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S endif !BUILD_ARMASM_INLINE endif @@ -999,17 +1001,17 @@ endif if BUILD_CHACHA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c -if BUILD_ARMASM_NEON -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c -else if BUILD_ARMASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S endif !BUILD_ARMASM_INLINE -endif BUILD_ARMASM +else if BUILD_RISCV_ASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c endif BUILD_RISCV_ASM @@ -1018,7 +1020,7 @@ if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S endif BUILD_INTELASM endif !BUILD_X86_ASM -endif !BUILD_ARMASM_NEON +endif !BUILD_ARMASM if BUILD_POLY1305 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c endif BUILD_POLY1305 diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index f7ee6bba3..84b26eb56 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -72,8 +72,7 @@ Public domain. #endif /* HAVE_CHACHA */ -#if defined(WOLFSSL_ARMASM) && (!defined(WOLFSSL_ARMASM_NO_NEON) || \ - defined(__thumb__)) +#if defined(WOLFSSL_ARMASM) /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ #elif defined(WOLFSSL_RISCV_ASM) diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 48529d78c..718289c4f 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -232,7 +232,7 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac); } #endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ /* if not 64 bit then use 32 bit */ -#elif !defined(WOLFSSL_ARMASM) || !defined(__thumb__) +#elif !defined(WOLFSSL_ARMASM) static word32 U8TO32(const byte *p) { @@ -269,8 +269,7 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8]) } -#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ - !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) /* This local function operates on a message with a given number of bytes with a given ctx pointer to a Poly1305 structure. @@ -789,8 +788,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) return 0; } -#endif /* (!WOLFSSL_ARMASM || (!__aarch64__ && !__thumb__)) && - * !WOLFSSL_RISCV_ASM */ +#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) @@ -885,8 +883,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) /* process full blocks */ if (bytes >= POLY1305_BLOCK_SIZE) { size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1)); -#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ - !defined(__thumb__))) && !defined(WOLFSSL_RISCV_ASM) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) int ret; ret = poly1305_blocks(ctx, m, want); if (ret != 0) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index 97edaf4a9..f8ba89ac0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -411,7 +411,7 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) static const uint32_t L_AES_ARM32_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1b000000, 0x36000000, + 0x1b000000, 0x36000000, }; void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks); diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S new file mode 100644 index 000000000..77ec21908 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -0,0 +1,522 @@ +/* armv8-32-chacha-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./chacha/chacha.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE +#ifdef HAVE_CHACHA + .text + .align 4 + .globl wc_chacha_setiv + .type wc_chacha_setiv, %function +wc_chacha_setiv: + push {r4, lr} + add r3, r0, #52 + ldr r4, [r1] + ldr r12, [r1, #4] + ldr lr, [r1, #8] + str r2, [r0, #48] +#ifdef BIG_ENDIAN_ORDER + rev r4, r4 + rev r12, r12 + rev lr, lr +#endif /* BIG_ENDIAN_ORDER */ + stm r3, {r4, r12, lr} + pop {r4, pc} + .size wc_chacha_setiv,.-wc_chacha_setiv + .text + .type L_chacha_arm32_constants, %object + .size L_chacha_arm32_constants, 32 + .align 4 +L_chacha_arm32_constants: + .word 0x61707865 + .word 0x3120646e + .word 0x79622d36 + .word 0x6b206574 + .word 0x61707865 + .word 0x3320646e + .word 0x79622d32 + .word 0x6b206574 + .text + .align 4 + .globl wc_chacha_setkey + .type wc_chacha_setkey, %function +wc_chacha_setkey: + push {r4, r5, lr} + adr r3, L_chacha_arm32_constants + subs r2, r2, #16 + add r3, r3, r2 + # Start state with constants + ldm r3, {r4, r5, r12, lr} + stm r0!, {r4, r5, r12, lr} + # Next is first 16 bytes of key. + ldr r4, [r1] + ldr r5, [r1, #4] + ldr r12, [r1, #8] + ldr lr, [r1, #12] +#ifdef BIG_ENDIAN_ORDER + rev r4, r4 + rev r5, r5 + rev r12, r12 + rev lr, lr +#endif /* BIG_ENDIAN_ORDER */ + stm r0!, {r4, r5, r12, lr} + # Next 16 bytes of key. + beq L_chacha_arm32_setkey_same_keyb_ytes + # Update key pointer for next 16 bytes. + add r1, r1, r2 + ldr r4, [r1] + ldr r5, [r1, #4] + ldr r12, [r1, #8] + ldr lr, [r1, #12] +L_chacha_arm32_setkey_same_keyb_ytes: + stm r0, {r4, r5, r12, lr} + pop {r4, r5, pc} + .size wc_chacha_setkey,.-wc_chacha_setkey +#ifdef WOLFSSL_ARMASM_NO_NEON + .text + .align 4 + .globl wc_chacha_crypt_bytes + .type wc_chacha_crypt_bytes, %function +wc_chacha_crypt_bytes: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #52 + mov lr, r0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r0, [sp, #32] + str r1, [sp, #36] +#else + strd r0, r1, [sp, #32] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r2, [sp, #40] + str r3, [sp, #44] +#else + strd r2, r3, [sp, #40] +#endif +L_chacha_arm32_crypt_block: + # Put x[12]..x[15] onto stack. +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r4, [lr, #48] + ldr r5, [lr, #52] +#else + ldrd r4, r5, [lr, #48] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r6, [lr, #56] + ldr r7, [lr, #60] +#else + ldrd r6, r7, [lr, #56] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [sp, #16] + str r5, [sp, #20] +#else + strd r4, r5, [sp, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [sp, #24] + str r7, [sp, #28] +#else + strd r6, r7, [sp, #24] +#endif + # Load x[0]..x[12] into registers. + ldm lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12} + # 10x 2 full rounds to perform. + mov lr, #10 + str lr, [sp, #48] +L_chacha_arm32_crypt_loop: + # 0, 4, 8, 12 + # 1, 5, 9, 13 + ldr lr, [sp, #20] + add r0, r0, r4 + add r1, r1, r5 + eor r12, r12, r0 + eor lr, lr, r1 + ror r12, r12, #16 + ror lr, lr, #16 + add r8, r8, r12 + add r9, r9, lr + eor r4, r4, r8 + eor r5, r5, r9 + ror r4, r4, #20 + ror r5, r5, #20 + add r0, r0, r4 + add r1, r1, r5 + eor r12, r12, r0 + eor lr, lr, r1 + ror r12, r12, #24 + ror lr, lr, #24 + add r8, r8, r12 + add r9, r9, lr + eor r4, r4, r8 + eor r5, r5, r9 + ror r4, r4, #25 + ror r5, r5, #25 + str r12, [sp, #16] + str lr, [sp, #20] + # 2, 6, 10, 14 + # 3, 7, 11, 15 + ldr r12, [sp, #24] + ldr lr, [sp, #28] + add r2, r2, r6 + add r3, r3, r7 + eor r12, r12, r2 + eor lr, lr, r3 + ror r12, r12, #16 + ror lr, lr, #16 + add r10, r10, r12 + add r11, r11, lr + eor r6, r6, r10 + eor r7, r7, r11 + ror r6, r6, #20 + ror r7, r7, #20 + add r2, r2, r6 + add r3, r3, r7 + eor r12, r12, r2 + eor lr, lr, r3 + ror r12, r12, #24 + ror lr, lr, #24 + add r10, r10, r12 + add r11, r11, lr + eor r6, r6, r10 + eor r7, r7, r11 + ror r6, r6, #25 + ror r7, r7, #25 + # 3, 4, 9, 14 + # 0, 5, 10, 15 + add r3, r3, r4 + add r0, r0, r5 + eor r12, r12, r3 + eor lr, lr, r0 + ror r12, r12, #16 + ror lr, lr, #16 + add r9, r9, r12 + add r10, r10, lr + eor r4, r4, r9 + eor r5, r5, r10 + ror r4, r4, #20 + ror r5, r5, #20 + add r3, r3, r4 + add r0, r0, r5 + eor r12, r12, r3 + eor lr, lr, r0 + ror r12, r12, #24 + ror lr, lr, #24 + add r9, r9, r12 + add r10, r10, lr + eor r4, r4, r9 + eor r5, r5, r10 + ror r4, r4, #25 + ror r5, r5, #25 + str r12, [sp, #24] + str lr, [sp, #28] + ldr r12, [sp, #16] + ldr lr, [sp, #20] + # 1, 6, 11, 12 + # 2, 7, 8, 13 + add r1, r1, r6 + add r2, r2, r7 + eor r12, r12, r1 + eor lr, lr, r2 + ror r12, r12, #16 + ror lr, lr, #16 + add r11, r11, r12 + add r8, r8, lr + eor r6, r6, r11 + eor r7, r7, r8 + ror r6, r6, #20 + ror r7, r7, #20 + add r1, r1, r6 + add r2, r2, r7 + eor r12, r12, r1 + eor lr, lr, r2 + ror r12, r12, #24 + ror lr, lr, #24 + add r11, r11, r12 + add r8, r8, lr + eor r6, r6, r11 + eor r7, r7, r8 + ror r6, r6, #25 + ror r7, r7, #25 + str lr, [sp, #20] + # Check if we have done enough rounds. + ldr lr, [sp, #48] + subs lr, lr, #1 + str lr, [sp, #48] + bgt L_chacha_arm32_crypt_loop + stm sp, {r8, r9, r10, r11, r12} + ldr lr, [sp, #32] + mov r12, sp + # Add in original state + ldm lr!, {r8, r9, r10, r11} + add r0, r0, r8 + add r1, r1, r9 + add r2, r2, r10 + add r3, r3, r11 + ldm lr!, {r8, r9, r10, r11} + add r4, r4, r8 + add r5, r5, r9 + add r6, r6, r10 + add r7, r7, r11 + ldm r12, {r8, r9} + ldm lr!, {r10, r11} + add r8, r8, r10 + add r9, r9, r11 + stm r12!, {r8, r9} + ldm r12, {r8, r9} + ldm lr!, {r10, r11} + add r8, r8, r10 + add r9, r9, r11 + stm r12!, {r8, r9} + ldm r12, {r8, r9} + ldm lr!, {r10, r11} + add r8, r8, r10 + add r9, r9, r11 + add r10, r10, #1 + stm r12!, {r8, r9} + str r10, [lr, #-8] + ldm r12, {r8, r9} + ldm lr, {r10, r11} + add r8, r8, r10 + add r9, r9, r11 + stm r12, {r8, r9} + ldr r12, [sp, #44] + cmp r12, #0x40 + blt L_chacha_arm32_crypt_lt_block + ldr r12, [sp, #40] + ldr lr, [sp, #36] + # XOR state into 64 bytes. + ldr r8, [r12] + ldr r9, [r12, #4] + ldr r10, [r12, #8] + ldr r11, [r12, #12] + eor r0, r0, r8 + eor r1, r1, r9 + eor r2, r2, r10 + eor r3, r3, r11 + str r0, [lr] + str r1, [lr, #4] + str r2, [lr, #8] + str r3, [lr, #12] + ldr r8, [r12, #16] + ldr r9, [r12, #20] + ldr r10, [r12, #24] + ldr r11, [r12, #28] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + str r4, [lr, #16] + str r5, [lr, #20] + str r6, [lr, #24] + str r7, [lr, #28] + ldr r4, [sp] + ldr r5, [sp, #4] + ldr r6, [sp, #8] + ldr r7, [sp, #12] + ldr r8, [r12, #32] + ldr r9, [r12, #36] + ldr r10, [r12, #40] + ldr r11, [r12, #44] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + str r4, [lr, #32] + str r5, [lr, #36] + str r6, [lr, #40] + str r7, [lr, #44] + ldr r4, [sp, #16] + ldr r5, [sp, #20] + ldr r6, [sp, #24] + ldr r7, [sp, #28] + ldr r8, [r12, #48] + ldr r9, [r12, #52] + ldr r10, [r12, #56] + ldr r11, [r12, #60] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + str r4, [lr, #48] + str r5, [lr, #52] + str r6, [lr, #56] + str r7, [lr, #60] + ldr r3, [sp, #44] + add r12, r12, #0x40 + add lr, lr, #0x40 + str r12, [sp, #40] + str lr, [sp, #36] + subs r3, r3, #0x40 + ldr lr, [sp, #32] + str r3, [sp, #44] + bne L_chacha_arm32_crypt_block + b L_chacha_arm32_crypt_done +L_chacha_arm32_crypt_lt_block: + # Store in over field of ChaCha. + ldr lr, [sp, #32] + add r12, lr, #0x44 + stm r12!, {r0, r1, r2, r3, r4, r5, r6, r7} + ldm sp, {r0, r1, r2, r3, r4, r5, r6, r7} + stm r12, {r0, r1, r2, r3, r4, r5, r6, r7} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp, #40] + ldr r3, [sp, #44] +#else + ldrd r2, r3, [sp, #40] +#endif + ldr r1, [sp, #36] + rsb r12, r3, #0x40 + str r12, [lr, #64] + add lr, lr, #0x44 +L_chacha_arm32_crypt_16byte_loop: + cmp r3, #16 + blt L_chacha_arm32_crypt_word_loop + # 16 bytes of state XORed into message. + ldm lr!, {r4, r5, r6, r7} + ldr r8, [r2] + ldr r9, [r2, #4] + ldr r10, [r2, #8] + ldr r11, [r2, #12] + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 + subs r3, r3, #16 + str r8, [r1] + str r9, [r1, #4] + str r10, [r1, #8] + str r11, [r1, #12] + beq L_chacha_arm32_crypt_done + add r2, r2, #16 + add r1, r1, #16 + b L_chacha_arm32_crypt_16byte_loop +L_chacha_arm32_crypt_word_loop: + cmp r3, #4 + blt L_chacha_arm32_crypt_byte_start + # 4 bytes of state XORed into message. + ldr r4, [lr] + ldr r8, [r2] + eor r8, r8, r4 + subs r3, r3, #4 + str r8, [r1] + beq L_chacha_arm32_crypt_done + add lr, lr, #4 + add r2, r2, #4 + add r1, r1, #4 + b L_chacha_arm32_crypt_word_loop +L_chacha_arm32_crypt_byte_start: + ldr r4, [lr] +L_chacha_arm32_crypt_byte_loop: + ldrb r8, [r2] + eor r8, r8, r4 + subs r3, r3, #1 + strb r8, [r1] + beq L_chacha_arm32_crypt_done + lsr r4, r4, #8 + add r2, r2, #1 + add r1, r1, #1 + b L_chacha_arm32_crypt_byte_loop +L_chacha_arm32_crypt_done: + add sp, sp, #52 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes + .text + .align 4 + .globl wc_chacha_use_over + .type wc_chacha_use_over, %function +wc_chacha_use_over: + push {r4, r5, r6, r7, r8, r9, lr} +L_chacha_arm32_over_16byte_loop: + cmp r3, #16 + blt L_chacha_arm32_over_word_loop + # 16 bytes of state XORed into message. + ldr r12, [r0] + ldr lr, [r0, #4] + ldr r4, [r0, #8] + ldr r5, [r0, #12] + ldr r6, [r2] + ldr r7, [r2, #4] + ldr r8, [r2, #8] + ldr r9, [r2, #12] + eor r12, r12, r6 + eor lr, lr, r7 + eor r4, r4, r8 + eor r5, r5, r9 + subs r3, r3, #16 + str r12, [r1] + str lr, [r1, #4] + str r4, [r1, #8] + str r5, [r1, #12] + beq L_chacha_arm32_over_done + add r0, r0, #16 + add r2, r2, #16 + add r1, r1, #16 + b L_chacha_arm32_over_16byte_loop +L_chacha_arm32_over_word_loop: + cmp r3, #4 + blt L_chacha_arm32_over_byte_loop + # 4 bytes of state XORed into message. + ldr r12, [r0] + ldr r6, [r2] + eor r12, r12, r6 + subs r3, r3, #4 + str r12, [r1] + beq L_chacha_arm32_over_done + add r0, r0, #4 + add r2, r2, #4 + add r1, r1, #4 + b L_chacha_arm32_over_word_loop +L_chacha_arm32_over_byte_loop: + # 4 bytes of state XORed into message. + ldrb r12, [r0] + ldrb r6, [r2] + eor r12, r12, r6 + subs r3, r3, #1 + strb r12, [r1] + beq L_chacha_arm32_over_done + add r0, r0, #1 + add r2, r2, #1 + add r1, r1, #1 + b L_chacha_arm32_over_byte_loop +L_chacha_arm32_over_done: + pop {r4, r5, r6, r7, r8, r9, pc} + .size wc_chacha_use_over,.-wc_chacha_use_over +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* HAVE_CHACHA */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c new file mode 100644 index 000000000..8c80fc4ad --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -0,0 +1,569 @@ +/* armv8-32-chacha-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./chacha/chacha.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#include +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#ifdef HAVE_CHACHA +#include + +void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p) +{ + register word32* x asm ("r0") = (word32*)x_p; + register const byte* iv asm ("r1") = (const byte*)iv_p; + register word32 counter asm ("r2") = (word32)counter_p; + + __asm__ __volatile__ ( + "add r3, %[x], #52\n\t" + "ldr r4, [%[iv]]\n\t" + "ldr r12, [%[iv], #4]\n\t" + "ldr lr, [%[iv], #8]\n\t" + "str %[counter], [%[x], #48]\n\t" +#ifdef BIG_ENDIAN_ORDER + "rev r4, r4\n\t" + "rev r12, r12\n\t" + "rev lr, lr\n\t" +#endif /* BIG_ENDIAN_ORDER */ + "stm r3, {r4, r12, lr}\n\t" + : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) + : + : "memory", "r3", "r12", "lr", "r4", "cc" + ); +} + +static const uint32_t L_chacha_arm32_constants[] = { + 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574, + 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, +}; + +void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) +{ + register word32* x asm ("r0") = (word32*)x_p; + register const byte* key asm ("r1") = (const byte*)key_p; + register word32 keySz asm ("r2") = (word32)keySz_p; + register uint32_t* L_chacha_arm32_constants_c asm ("r3") = (uint32_t*)&L_chacha_arm32_constants; + + __asm__ __volatile__ ( + "subs %[keySz], %[keySz], #16\n\t" + "add r3, r3, %[keySz]\n\t" + /* Start state with constants */ + "ldm r3, {r4, r5, r12, lr}\n\t" + "stm %[x]!, {r4, r5, r12, lr}\n\t" + /* Next is first 16 bytes of key. */ + "ldr r4, [%[key]]\n\t" + "ldr r5, [%[key], #4]\n\t" + "ldr r12, [%[key], #8]\n\t" + "ldr lr, [%[key], #12]\n\t" +#ifdef BIG_ENDIAN_ORDER + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r12, r12\n\t" + "rev lr, lr\n\t" +#endif /* BIG_ENDIAN_ORDER */ + "stm %[x]!, {r4, r5, r12, lr}\n\t" + /* Next 16 bytes of key. */ + "beq L_chacha_arm32_setkey_same_keyb_ytes_%=\n\t" + /* Update key pointer for next 16 bytes. */ + "add %[key], %[key], %[keySz]\n\t" + "ldr r4, [%[key]]\n\t" + "ldr r5, [%[key], #4]\n\t" + "ldr r12, [%[key], #8]\n\t" + "ldr lr, [%[key], #12]\n\t" + "\n" + "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t" + "stm %[x], {r4, r5, r12, lr}\n\t" + : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) + : + : "memory", "r12", "lr", "r4", "r5", "cc" + ); +} + +#ifdef WOLFSSL_ARMASM_NO_NEON +void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len_p) +{ + register ChaCha* ctx asm ("r0") = (ChaCha*)ctx_p; + register byte* c asm ("r1") = (byte*)c_p; + register const byte* m asm ("r2") = (const byte*)m_p; + register word32 len asm ("r3") = (word32)len_p; + + __asm__ __volatile__ ( + "sub sp, sp, #52\n\t" + "mov lr, %[ctx]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str %[ctx], [sp, #32]\n\t" + "str %[c], [sp, #36]\n\t" +#else + "strd %[ctx], %[c], [sp, #32]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str %[m], [sp, #40]\n\t" + "str %[len], [sp, #44]\n\t" +#else + "strd %[m], %[len], [sp, #40]\n\t" +#endif + "\n" + "L_chacha_arm32_crypt_block_%=: \n\t" + /* Put x[12]..x[15] onto stack. */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r4, [lr, #48]\n\t" + "ldr r5, [lr, #52]\n\t" +#else + "ldrd r4, r5, [lr, #48]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r6, [lr, #56]\n\t" + "ldr r7, [lr, #60]\n\t" +#else + "ldrd r6, r7, [lr, #56]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r4, [sp, #16]\n\t" + "str r5, [sp, #20]\n\t" +#else + "strd r4, r5, [sp, #16]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [sp, #24]\n\t" + "str r7, [sp, #28]\n\t" +#else + "strd r6, r7, [sp, #24]\n\t" +#endif + /* Load x[0]..x[12] into registers. */ + "ldm lr, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t" + /* 10x 2 full rounds to perform. */ + "mov lr, #10\n\t" + "str lr, [sp, #48]\n\t" + "\n" + "L_chacha_arm32_crypt_loop_%=: \n\t" + /* 0, 4, 8, 12 */ + /* 1, 5, 9, 13 */ + "ldr lr, [sp, #20]\n\t" + "add %[ctx], %[ctx], r4\n\t" + "add %[c], %[c], r5\n\t" + "eor r12, r12, %[ctx]\n\t" + "eor lr, lr, %[c]\n\t" + "ror r12, r12, #16\n\t" + "ror lr, lr, #16\n\t" + "add r8, r8, r12\n\t" + "add r9, r9, lr\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "ror r4, r4, #20\n\t" + "ror r5, r5, #20\n\t" + "add %[ctx], %[ctx], r4\n\t" + "add %[c], %[c], r5\n\t" + "eor r12, r12, %[ctx]\n\t" + "eor lr, lr, %[c]\n\t" + "ror r12, r12, #24\n\t" + "ror lr, lr, #24\n\t" + "add r8, r8, r12\n\t" + "add r9, r9, lr\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "ror r4, r4, #25\n\t" + "ror r5, r5, #25\n\t" + "str r12, [sp, #16]\n\t" + "str lr, [sp, #20]\n\t" + /* 2, 6, 10, 14 */ + /* 3, 7, 11, 15 */ + "ldr r12, [sp, #24]\n\t" + "ldr lr, [sp, #28]\n\t" + "add %[m], %[m], r6\n\t" + "add %[len], %[len], r7\n\t" + "eor r12, r12, %[m]\n\t" + "eor lr, lr, %[len]\n\t" + "ror r12, r12, #16\n\t" + "ror lr, lr, #16\n\t" + "add r10, r10, r12\n\t" + "add r11, r11, lr\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "ror r6, r6, #20\n\t" + "ror r7, r7, #20\n\t" + "add %[m], %[m], r6\n\t" + "add %[len], %[len], r7\n\t" + "eor r12, r12, %[m]\n\t" + "eor lr, lr, %[len]\n\t" + "ror r12, r12, #24\n\t" + "ror lr, lr, #24\n\t" + "add r10, r10, r12\n\t" + "add r11, r11, lr\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "ror r6, r6, #25\n\t" + "ror r7, r7, #25\n\t" + /* 3, 4, 9, 14 */ + /* 0, 5, 10, 15 */ + "add %[len], %[len], r4\n\t" + "add %[ctx], %[ctx], r5\n\t" + "eor r12, r12, %[len]\n\t" + "eor lr, lr, %[ctx]\n\t" + "ror r12, r12, #16\n\t" + "ror lr, lr, #16\n\t" + "add r9, r9, r12\n\t" + "add r10, r10, lr\n\t" + "eor r4, r4, r9\n\t" + "eor r5, r5, r10\n\t" + "ror r4, r4, #20\n\t" + "ror r5, r5, #20\n\t" + "add %[len], %[len], r4\n\t" + "add %[ctx], %[ctx], r5\n\t" + "eor r12, r12, %[len]\n\t" + "eor lr, lr, %[ctx]\n\t" + "ror r12, r12, #24\n\t" + "ror lr, lr, #24\n\t" + "add r9, r9, r12\n\t" + "add r10, r10, lr\n\t" + "eor r4, r4, r9\n\t" + "eor r5, r5, r10\n\t" + "ror r4, r4, #25\n\t" + "ror r5, r5, #25\n\t" + "str r12, [sp, #24]\n\t" + "str lr, [sp, #28]\n\t" + "ldr r12, [sp, #16]\n\t" + "ldr lr, [sp, #20]\n\t" + /* 1, 6, 11, 12 */ + /* 2, 7, 8, 13 */ + "add %[c], %[c], r6\n\t" + "add %[m], %[m], r7\n\t" + "eor r12, r12, %[c]\n\t" + "eor lr, lr, %[m]\n\t" + "ror r12, r12, #16\n\t" + "ror lr, lr, #16\n\t" + "add r11, r11, r12\n\t" + "add r8, r8, lr\n\t" + "eor r6, r6, r11\n\t" + "eor r7, r7, r8\n\t" + "ror r6, r6, #20\n\t" + "ror r7, r7, #20\n\t" + "add %[c], %[c], r6\n\t" + "add %[m], %[m], r7\n\t" + "eor r12, r12, %[c]\n\t" + "eor lr, lr, %[m]\n\t" + "ror r12, r12, #24\n\t" + "ror lr, lr, #24\n\t" + "add r11, r11, r12\n\t" + "add r8, r8, lr\n\t" + "eor r6, r6, r11\n\t" + "eor r7, r7, r8\n\t" + "ror r6, r6, #25\n\t" + "ror r7, r7, #25\n\t" + "str lr, [sp, #20]\n\t" + /* Check if we have done enough rounds. */ + "ldr lr, [sp, #48]\n\t" + "subs lr, lr, #1\n\t" + "str lr, [sp, #48]\n\t" + "bgt L_chacha_arm32_crypt_loop_%=\n\t" + "stm sp, {r8, r9, r10, r11, r12}\n\t" + "ldr lr, [sp, #32]\n\t" + "mov r12, sp\n\t" + /* Add in original state */ + "ldm lr!, {r8, r9, r10, r11}\n\t" + "add %[ctx], %[ctx], r8\n\t" + "add %[c], %[c], r9\n\t" + "add %[m], %[m], r10\n\t" + "add %[len], %[len], r11\n\t" + "ldm lr!, {r8, r9, r10, r11}\n\t" + "add r4, r4, r8\n\t" + "add r5, r5, r9\n\t" + "add r6, r6, r10\n\t" + "add r7, r7, r11\n\t" + "ldm r12, {r8, r9}\n\t" + "ldm lr!, {r10, r11}\n\t" + "add r8, r8, r10\n\t" + "add r9, r9, r11\n\t" + "stm r12!, {r8, r9}\n\t" + "ldm r12, {r8, r9}\n\t" + "ldm lr!, {r10, r11}\n\t" + "add r8, r8, r10\n\t" + "add r9, r9, r11\n\t" + "stm r12!, {r8, r9}\n\t" + "ldm r12, {r8, r9}\n\t" + "ldm lr!, {r10, r11}\n\t" + "add r8, r8, r10\n\t" + "add r9, r9, r11\n\t" + "add r10, r10, #1\n\t" + "stm r12!, {r8, r9}\n\t" + "str r10, [lr, #-8]\n\t" + "ldm r12, {r8, r9}\n\t" + "ldm lr, {r10, r11}\n\t" + "add r8, r8, r10\n\t" + "add r9, r9, r11\n\t" + "stm r12, {r8, r9}\n\t" + "ldr r12, [sp, #44]\n\t" + "cmp r12, #0x40\n\t" + "blt L_chacha_arm32_crypt_lt_block_%=\n\t" + "ldr r12, [sp, #40]\n\t" + "ldr lr, [sp, #36]\n\t" + /* XOR state into 64 bytes. */ + "ldr r8, [r12]\n\t" + "ldr r9, [r12, #4]\n\t" + "ldr r10, [r12, #8]\n\t" + "ldr r11, [r12, #12]\n\t" + "eor %[ctx], %[ctx], r8\n\t" + "eor %[c], %[c], r9\n\t" + "eor %[m], %[m], r10\n\t" + "eor %[len], %[len], r11\n\t" + "str %[ctx], [lr]\n\t" + "str %[c], [lr, #4]\n\t" + "str %[m], [lr, #8]\n\t" + "str %[len], [lr, #12]\n\t" + "ldr r8, [r12, #16]\n\t" + "ldr r9, [r12, #20]\n\t" + "ldr r10, [r12, #24]\n\t" + "ldr r11, [r12, #28]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "str r4, [lr, #16]\n\t" + "str r5, [lr, #20]\n\t" + "str r6, [lr, #24]\n\t" + "str r7, [lr, #28]\n\t" + "ldr r4, [sp]\n\t" + "ldr r5, [sp, #4]\n\t" + "ldr r6, [sp, #8]\n\t" + "ldr r7, [sp, #12]\n\t" + "ldr r8, [r12, #32]\n\t" + "ldr r9, [r12, #36]\n\t" + "ldr r10, [r12, #40]\n\t" + "ldr r11, [r12, #44]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "str r4, [lr, #32]\n\t" + "str r5, [lr, #36]\n\t" + "str r6, [lr, #40]\n\t" + "str r7, [lr, #44]\n\t" + "ldr r4, [sp, #16]\n\t" + "ldr r5, [sp, #20]\n\t" + "ldr r6, [sp, #24]\n\t" + "ldr r7, [sp, #28]\n\t" + "ldr r8, [r12, #48]\n\t" + "ldr r9, [r12, #52]\n\t" + "ldr r10, [r12, #56]\n\t" + "ldr r11, [r12, #60]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "str r4, [lr, #48]\n\t" + "str r5, [lr, #52]\n\t" + "str r6, [lr, #56]\n\t" + "str r7, [lr, #60]\n\t" + "ldr %[len], [sp, #44]\n\t" + "add r12, r12, #0x40\n\t" + "add lr, lr, #0x40\n\t" + "str r12, [sp, #40]\n\t" + "str lr, [sp, #36]\n\t" + "subs %[len], %[len], #0x40\n\t" + "ldr lr, [sp, #32]\n\t" + "str %[len], [sp, #44]\n\t" + "bne L_chacha_arm32_crypt_block_%=\n\t" + "b L_chacha_arm32_crypt_done_%=\n\t" + "\n" + "L_chacha_arm32_crypt_lt_block_%=: \n\t" + /* Store in over field of ChaCha. */ + "ldr lr, [sp, #32]\n\t" + "add r12, lr, #0x44\n\t" + "stm r12!, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" + "ldm sp, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" + "stm r12, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr %[m], [sp, #40]\n\t" + "ldr %[len], [sp, #44]\n\t" +#else + "ldrd %[m], %[len], [sp, #40]\n\t" +#endif + "ldr %[c], [sp, #36]\n\t" + "rsb r12, %[len], #0x40\n\t" + "str r12, [lr, #64]\n\t" + "add lr, lr, #0x44\n\t" + "\n" + "L_chacha_arm32_crypt_16byte_loop_%=: \n\t" + "cmp %[len], #16\n\t" + "blt L_chacha_arm32_crypt_word_loop_%=\n\t" + /* 16 bytes of state XORed into message. */ + "ldm lr!, {r4, r5, r6, r7}\n\t" + "ldr r8, [%[m]]\n\t" + "ldr r9, [%[m], #4]\n\t" + "ldr r10, [%[m], #8]\n\t" + "ldr r11, [%[m], #12]\n\t" + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" + "subs %[len], %[len], #16\n\t" + "str r8, [%[c]]\n\t" + "str r9, [%[c], #4]\n\t" + "str r10, [%[c], #8]\n\t" + "str r11, [%[c], #12]\n\t" + "beq L_chacha_arm32_crypt_done_%=\n\t" + "add %[m], %[m], #16\n\t" + "add %[c], %[c], #16\n\t" + "b L_chacha_arm32_crypt_16byte_loop_%=\n\t" + "\n" + "L_chacha_arm32_crypt_word_loop_%=: \n\t" + "cmp %[len], #4\n\t" + "blt L_chacha_arm32_crypt_byte_start_%=\n\t" + /* 4 bytes of state XORed into message. */ + "ldr r4, [lr]\n\t" + "ldr r8, [%[m]]\n\t" + "eor r8, r8, r4\n\t" + "subs %[len], %[len], #4\n\t" + "str r8, [%[c]]\n\t" + "beq L_chacha_arm32_crypt_done_%=\n\t" + "add lr, lr, #4\n\t" + "add %[m], %[m], #4\n\t" + "add %[c], %[c], #4\n\t" + "b L_chacha_arm32_crypt_word_loop_%=\n\t" + "\n" + "L_chacha_arm32_crypt_byte_start_%=: \n\t" + "ldr r4, [lr]\n\t" + "\n" + "L_chacha_arm32_crypt_byte_loop_%=: \n\t" + "ldrb r8, [%[m]]\n\t" + "eor r8, r8, r4\n\t" + "subs %[len], %[len], #1\n\t" + "strb r8, [%[c]]\n\t" + "beq L_chacha_arm32_crypt_done_%=\n\t" + "lsr r4, r4, #8\n\t" + "add %[m], %[m], #1\n\t" + "add %[c], %[c], #1\n\t" + "b L_chacha_arm32_crypt_byte_loop_%=\n\t" + "\n" + "L_chacha_arm32_crypt_done_%=: \n\t" + "add sp, sp, #52\n\t" + : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) + : + : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + ); +} + +void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, word32 len_p) +{ + register byte* over asm ("r0") = (byte*)over_p; + register byte* output asm ("r1") = (byte*)output_p; + register const byte* input asm ("r2") = (const byte*)input_p; + register word32 len asm ("r3") = (word32)len_p; + + __asm__ __volatile__ ( + "\n" + "L_chacha_arm32_over_16byte_loop_%=: \n\t" + "cmp %[len], #16\n\t" + "blt L_chacha_arm32_over_word_loop_%=\n\t" + /* 16 bytes of state XORed into message. */ + "ldr r12, [%[over]]\n\t" + "ldr lr, [%[over], #4]\n\t" + "ldr r4, [%[over], #8]\n\t" + "ldr r5, [%[over], #12]\n\t" + "ldr r6, [%[input]]\n\t" + "ldr r7, [%[input], #4]\n\t" + "ldr r8, [%[input], #8]\n\t" + "ldr r9, [%[input], #12]\n\t" + "eor r12, r12, r6\n\t" + "eor lr, lr, r7\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "subs %[len], %[len], #16\n\t" + "str r12, [%[output]]\n\t" + "str lr, [%[output], #4]\n\t" + "str r4, [%[output], #8]\n\t" + "str r5, [%[output], #12]\n\t" + "beq L_chacha_arm32_over_done_%=\n\t" + "add %[over], %[over], #16\n\t" + "add %[input], %[input], #16\n\t" + "add %[output], %[output], #16\n\t" + "b L_chacha_arm32_over_16byte_loop_%=\n\t" + "\n" + "L_chacha_arm32_over_word_loop_%=: \n\t" + "cmp %[len], #4\n\t" + "blt L_chacha_arm32_over_byte_loop_%=\n\t" + /* 4 bytes of state XORed into message. */ + "ldr r12, [%[over]]\n\t" + "ldr r6, [%[input]]\n\t" + "eor r12, r12, r6\n\t" + "subs %[len], %[len], #4\n\t" + "str r12, [%[output]]\n\t" + "beq L_chacha_arm32_over_done_%=\n\t" + "add %[over], %[over], #4\n\t" + "add %[input], %[input], #4\n\t" + "add %[output], %[output], #4\n\t" + "b L_chacha_arm32_over_word_loop_%=\n\t" + "\n" + "L_chacha_arm32_over_byte_loop_%=: \n\t" + /* 4 bytes of state XORed into message. */ + "ldrb r12, [%[over]]\n\t" + "ldrb r6, [%[input]]\n\t" + "eor r12, r12, r6\n\t" + "subs %[len], %[len], #1\n\t" + "strb r12, [%[output]]\n\t" + "beq L_chacha_arm32_over_done_%=\n\t" + "add %[over], %[over], #1\n\t" + "add %[input], %[input], #1\n\t" + "add %[output], %[output], #1\n\t" + "b L_chacha_arm32_over_byte_loop_%=\n\t" + "\n" + "L_chacha_arm32_over_done_%=: \n\t" + : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), [len] "+r" (len) + : + : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + ); +} + +#endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* HAVE_CHACHA */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* WOLFSSL_ARMASM */ + +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S new file mode 100644 index 000000000..ffbd7b270 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -0,0 +1,356 @@ +/* armv8-32-poly1305-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./poly1305/poly1305.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE +#ifdef HAVE_POLY1305 + .text + .align 4 + .globl poly1305_blocks_arm32_16 + .type poly1305_blocks_arm32_16, %function +poly1305_blocks_arm32_16: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #28 + cmp r2, #0 + beq L_poly1305_arm32_16_done + add lr, sp, #12 + stm lr, {r0, r1, r2, r3} + # Get h pointer + add lr, r0, #16 + ldm lr, {r4, r5, r6, r7, r8} +L_poly1305_arm32_16_loop: + # Add m to h + ldr r1, [sp, #16] + ldr r2, [r1] + ldr r3, [r1, #4] + ldr r9, [r1, #8] + ldr r10, [r1, #12] + ldr r11, [sp, #24] + adds r4, r4, r2 + adcs r5, r5, r3 + adcs r6, r6, r9 + adcs r7, r7, r10 + add r1, r1, #16 + adc r8, r8, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + stm lr, {r4, r5, r6, r7, r8} +#else + # h[0]-h[2] in r4-r6 for multiplication. + str r7, [lr, #12] + str r8, [lr, #16] +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + str r1, [sp, #16] + ldr r1, [sp, #12] + # Multiply h by r +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + # r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] + ldr r3, [r1] + eor r0, r0, r0 + # r[0] * h[0] + # h[0] in r4 + umull r4, r5, r3, r4 + # r[0] * h[2] + # h[2] in r6 + umull r6, r7, r3, r6 + # r[0] * h[4] + # h[4] in r8 + mul r8, r3, r8 + # r[0] * h[1] + ldr r2, [lr, #4] + mov r12, r0 + umlal r5, r12, r3, r2 + # r[0] * h[3] + ldr r2, [lr, #12] + adds r6, r6, r12 + adc r7, r7, r0 + umlal r7, r8, r3, r2 + # r[1] * h[0] + ldr r3, [r1, #4] + ldr r2, [lr] + mov r12, r0 + umlal r5, r12, r3, r2 + # r[1] * h[1] + ldr r2, [lr, #4] + adds r6, r6, r12 + adc r12, r0, r0 + umlal r6, r12, r3, r2 + # r[1] * h[2] + ldr r2, [lr, #8] + adds r7, r7, r12 + adc r12, r0, r0 + umlal r7, r12, r3, r2 + # r[1] * h[3] + ldr r2, [lr, #12] + adds r8, r8, r12 + adc r9, r0, r0 + umlal r8, r9, r3, r2 + # r[1] * h[4] + ldr r2, [lr, #16] + mla r9, r3, r2, r9 + # r[2] * h[0] + ldr r3, [r1, #8] + ldr r2, [lr] + mov r12, r0 + umlal r6, r12, r3, r2 + # r[2] * h[1] + ldr r2, [lr, #4] + adds r7, r7, r12 + adc r12, r0, r0 + umlal r7, r12, r3, r2 + # r[2] * h[2] + ldr r2, [lr, #8] + adds r8, r8, r12 + adc r12, r0, r0 + umlal r8, r12, r3, r2 + # r[2] * h[3] + ldr r2, [lr, #12] + adds r9, r9, r12 + adc r10, r0, r0 + umlal r9, r10, r3, r2 + # r[2] * h[4] + ldr r2, [lr, #16] + mla r10, r3, r2, r10 + # r[3] * h[0] + ldr r3, [r1, #12] + ldr r2, [lr] + mov r12, r0 + umlal r7, r12, r3, r2 + # r[3] * h[1] + ldr r2, [lr, #4] + adds r8, r8, r12 + adc r12, r0, r0 + umlal r8, r12, r3, r2 + # r[3] * h[2] + ldr r2, [lr, #8] + adds r9, r9, r12 + adc r10, r10, r0 + umlal r9, r10, r3, r2 + # r[3] * h[3] + ldr r2, [lr, #12] + mov r11, r0 + umlal r10, r11, r3, r2 + # r[3] * h[4] + ldr r2, [lr, #16] + mov r12, r0 + mla r11, r3, r2, r11 +#else + ldm r1, {r0, r1, r2, r3} + # r[0] * h[0] + umull r10, r11, r0, r4 + # r[1] * h[0] + umull r12, r7, r1, r4 + # r[0] * h[1] + umaal r11, r12, r0, r5 + # r[2] * h[0] + umull r8, r9, r2, r4 + # r[1] * h[1] + umaal r12, r8, r1, r5 + # r[0] * h[2] + umaal r12, r7, r0, r6 + # r[3] * h[0] + umaal r8, r9, r3, r4 + stm sp, {r10, r11, r12} + # r[2] * h[1] + umaal r7, r8, r2, r5 + # Replace h[0] with h[3] + ldr r4, [lr, #12] + # r[1] * h[2] + umull r10, r11, r1, r6 + # r[2] * h[2] + umaal r8, r9, r2, r6 + # r[0] * h[3] + umaal r7, r10, r0, r4 + # r[3] * h[1] + umaal r8, r11, r3, r5 + # r[1] * h[3] + umaal r8, r10, r1, r4 + # r[3] * h[2] + umaal r9, r11, r3, r6 + # r[2] * h[3] + umaal r9, r10, r2, r4 + # Replace h[1] with h[4] + ldr r5, [lr, #16] + # r[3] * h[3] + umaal r10, r11, r3, r4 + mov r12, #0 + # r[0] * h[4] + umaal r8, r12, r0, r5 + # r[1] * h[4] + umaal r9, r12, r1, r5 + # r[2] * h[4] + umaal r10, r12, r2, r5 + # r[3] * h[4] + umaal r11, r12, r3, r5 + # DONE + ldm sp, {r4, r5, r6} +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + # r12 will be zero because r is masked. + # Load length + ldr r2, [sp, #20] + # Reduce mod 2^130 - 5 + bic r3, r8, #3 + and r8, r8, #3 + adds r4, r4, r3 + lsr r3, r3, #2 + adcs r5, r5, r9 + orr r3, r3, r9, LSL #30 + adcs r6, r6, r10 + lsr r9, r9, #2 + adcs r7, r7, r11 + orr r9, r9, r10, LSL #30 + adc r8, r8, r12 + lsr r10, r10, #2 + adds r4, r4, r3 + orr r10, r10, r11, LSL #30 + adcs r5, r5, r9 + lsr r11, r11, #2 + adcs r6, r6, r10 + adcs r7, r7, r11 + adc r8, r8, r12 + # Sub 16 from length. + subs r2, r2, #16 + # Store length. + str r2, [sp, #20] + # Loop again if more message to do. + bgt L_poly1305_arm32_16_loop + stm lr, {r4, r5, r6, r7, r8} +L_poly1305_arm32_16_done: + add sp, sp, #28 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size poly1305_blocks_arm32_16,.-poly1305_blocks_arm32_16 + .text + .type L_poly1305_arm32_clamp, %object + .size L_poly1305_arm32_clamp, 16 + .align 4 +L_poly1305_arm32_clamp: + .word 0xfffffff + .word 0xffffffc + .word 0xffffffc + .word 0xffffffc + .text + .align 4 + .globl poly1305_set_key + .type poly1305_set_key, %function +poly1305_set_key: + push {r4, r5, r6, r7, r8, lr} + # Load mask. + adr lr, L_poly1305_arm32_clamp + ldm lr, {r6, r7, r8, r12} + # Load and cache padding. + ldr r2, [r1, #16] + ldr r3, [r1, #20] + ldr r4, [r1, #24] + ldr r5, [r1, #28] + add lr, r0, #36 + stm lr, {r2, r3, r4, r5} + # Load, mask and store r. + ldr r2, [r1] + ldr r3, [r1, #4] + ldr r4, [r1, #8] + ldr r5, [r1, #12] + and r2, r2, r6 + and r3, r3, r7 + and r4, r4, r8 + and r5, r5, r12 + add lr, r0, #0 + stm lr, {r2, r3, r4, r5} + # h (accumulator) = 0 + eor r6, r6, r6 + eor r7, r7, r7 + eor r8, r8, r8 + eor r12, r12, r12 + add lr, r0, #16 + eor r5, r5, r5 + stm lr, {r5, r6, r7, r8, r12} + # Zero leftover + str r5, [r0, #52] + pop {r4, r5, r6, r7, r8, pc} + .size poly1305_set_key,.-poly1305_set_key + .text + .align 4 + .globl poly1305_final + .type poly1305_final, %function +poly1305_final: + push {r4, r5, r6, r7, r8, r9, lr} + add r9, r0, #16 + ldm r9, {r4, r5, r6, r7, r8} + # Add 5 and check for h larger than p. + adds r2, r4, #5 + adcs r2, r5, #0 + adcs r2, r6, #0 + adcs r2, r7, #0 + adc r2, r8, #0 + sub r2, r2, #4 + lsr r2, r2, #31 + sub r2, r2, #1 + and r2, r2, #5 + # Add 0/5 to h. + adds r4, r4, r2 + adcs r5, r5, #0 + adcs r6, r6, #0 + adc r7, r7, #0 + # Add padding + add r9, r0, #36 + ldm r9, {r2, r3, r12, lr} + adds r4, r4, r2 + adcs r5, r5, r3 + adcs r6, r6, r12 + adc r7, r7, lr + # Store MAC + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + # Zero out h. + eor r4, r4, r4 + eor r5, r5, r5 + eor r6, r6, r6 + eor r7, r7, r7 + eor r8, r8, r8 + add r9, r0, #16 + stm r9, {r4, r5, r6, r7, r8} + # Zero out r. + add r9, r0, #0 + stm r9, {r4, r5, r6, r7} + # Zero out padding. + add r9, r0, #36 + stm r9, {r4, r5, r6, r7} + pop {r4, r5, r6, r7, r8, r9, pc} + .size poly1305_final,.-poly1305_final +#endif /* HAVE_POLY1305 */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c new file mode 100644 index 000000000..287129357 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -0,0 +1,388 @@ +/* armv8-32-poly1305-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./poly1305/poly1305.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#include +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#ifdef HAVE_POLY1305 +#include + +void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, int notLast_p) +{ + register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; + register const byte* m asm ("r1") = (const byte*)m_p; + register word32 len asm ("r2") = (word32)len_p; + register int notLast asm ("r3") = (int)notLast_p; + + __asm__ __volatile__ ( + "sub sp, sp, #28\n\t" + "cmp %[len], #0\n\t" + "beq L_poly1305_arm32_16_done_%=\n\t" + "add lr, sp, #12\n\t" + "stm lr, {%[ctx], %[m], %[len], %[notLast]}\n\t" + /* Get h pointer */ + "add lr, %[ctx], #16\n\t" + "ldm lr, {r4, r5, r6, r7, r8}\n\t" + "\n" + "L_poly1305_arm32_16_loop_%=: \n\t" + /* Add m to h */ + "ldr %[m], [sp, #16]\n\t" + "ldr %[len], [%[m]]\n\t" + "ldr %[notLast], [%[m], #4]\n\t" + "ldr r9, [%[m], #8]\n\t" + "ldr r10, [%[m], #12]\n\t" + "ldr r11, [sp, #24]\n\t" + "adds r4, r4, %[len]\n\t" + "adcs r5, r5, %[notLast]\n\t" + "adcs r6, r6, r9\n\t" + "adcs r7, r7, r10\n\t" + "add %[m], %[m], #16\n\t" + "adc r8, r8, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "stm lr, {r4, r5, r6, r7, r8}\n\t" +#else + /* h[0]-h[2] in r4-r6 for multiplication. */ + "str r7, [lr, #12]\n\t" + "str r8, [lr, #16]\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "str %[m], [sp, #16]\n\t" + "ldr %[m], [sp, #12]\n\t" + /* Multiply h by r */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */ + "ldr %[notLast], [%[m]]\n\t" + "eor %[ctx], %[ctx], %[ctx]\n\t" + /* r[0] * h[0] */ + /* h[0] in r4 */ + "umull r4, r5, %[notLast], r4\n\t" + /* r[0] * h[2] */ + /* h[2] in r6 */ + "umull r6, r7, %[notLast], r6\n\t" + /* r[0] * h[4] */ + /* h[4] in r8 */ + "mul r8, %[notLast], r8\n\t" + /* r[0] * h[1] */ + "ldr %[len], [lr, #4]\n\t" + "mov r12, %[ctx]\n\t" + "umlal r5, r12, %[notLast], %[len]\n\t" + /* r[0] * h[3] */ + "ldr %[len], [lr, #12]\n\t" + "adds r6, r6, r12\n\t" + "adc r7, r7, %[ctx]\n\t" + "umlal r7, r8, %[notLast], %[len]\n\t" + /* r[1] * h[0] */ + "ldr %[notLast], [%[m], #4]\n\t" + "ldr %[len], [lr]\n\t" + "mov r12, %[ctx]\n\t" + "umlal r5, r12, %[notLast], %[len]\n\t" + /* r[1] * h[1] */ + "ldr %[len], [lr, #4]\n\t" + "adds r6, r6, r12\n\t" + "adc r12, %[ctx], %[ctx]\n\t" + "umlal r6, r12, %[notLast], %[len]\n\t" + /* r[1] * h[2] */ + "ldr %[len], [lr, #8]\n\t" + "adds r7, r7, r12\n\t" + "adc r12, %[ctx], %[ctx]\n\t" + "umlal r7, r12, %[notLast], %[len]\n\t" + /* r[1] * h[3] */ + "ldr %[len], [lr, #12]\n\t" + "adds r8, r8, r12\n\t" + "adc r9, %[ctx], %[ctx]\n\t" + "umlal r8, r9, %[notLast], %[len]\n\t" + /* r[1] * h[4] */ + "ldr %[len], [lr, #16]\n\t" + "mla r9, %[notLast], %[len], r9\n\t" + /* r[2] * h[0] */ + "ldr %[notLast], [%[m], #8]\n\t" + "ldr %[len], [lr]\n\t" + "mov r12, %[ctx]\n\t" + "umlal r6, r12, %[notLast], %[len]\n\t" + /* r[2] * h[1] */ + "ldr %[len], [lr, #4]\n\t" + "adds r7, r7, r12\n\t" + "adc r12, %[ctx], %[ctx]\n\t" + "umlal r7, r12, %[notLast], %[len]\n\t" + /* r[2] * h[2] */ + "ldr %[len], [lr, #8]\n\t" + "adds r8, r8, r12\n\t" + "adc r12, %[ctx], %[ctx]\n\t" + "umlal r8, r12, %[notLast], %[len]\n\t" + /* r[2] * h[3] */ + "ldr %[len], [lr, #12]\n\t" + "adds r9, r9, r12\n\t" + "adc r10, %[ctx], %[ctx]\n\t" + "umlal r9, r10, %[notLast], %[len]\n\t" + /* r[2] * h[4] */ + "ldr %[len], [lr, #16]\n\t" + "mla r10, %[notLast], %[len], r10\n\t" + /* r[3] * h[0] */ + "ldr %[notLast], [%[m], #12]\n\t" + "ldr %[len], [lr]\n\t" + "mov r12, %[ctx]\n\t" + "umlal r7, r12, %[notLast], %[len]\n\t" + /* r[3] * h[1] */ + "ldr %[len], [lr, #4]\n\t" + "adds r8, r8, r12\n\t" + "adc r12, %[ctx], %[ctx]\n\t" + "umlal r8, r12, %[notLast], %[len]\n\t" + /* r[3] * h[2] */ + "ldr %[len], [lr, #8]\n\t" + "adds r9, r9, r12\n\t" + "adc r10, r10, %[ctx]\n\t" + "umlal r9, r10, %[notLast], %[len]\n\t" + /* r[3] * h[3] */ + "ldr %[len], [lr, #12]\n\t" + "mov r11, %[ctx]\n\t" + "umlal r10, r11, %[notLast], %[len]\n\t" + /* r[3] * h[4] */ + "ldr %[len], [lr, #16]\n\t" + "mov r12, %[ctx]\n\t" + "mla r11, %[notLast], %[len], r11\n\t" +#else + "ldm %[m], {%[ctx], %[m], %[len], %[notLast]}\n\t" + /* r[0] * h[0] */ + "umull r10, r11, %[ctx], r4\n\t" + /* r[1] * h[0] */ + "umull r12, r7, %[m], r4\n\t" + /* r[0] * h[1] */ + "umaal r11, r12, %[ctx], r5\n\t" + /* r[2] * h[0] */ + "umull r8, r9, %[len], r4\n\t" + /* r[1] * h[1] */ + "umaal r12, r8, %[m], r5\n\t" + /* r[0] * h[2] */ + "umaal r12, r7, %[ctx], r6\n\t" + /* r[3] * h[0] */ + "umaal r8, r9, %[notLast], r4\n\t" + "stm sp, {r10, r11, r12}\n\t" + /* r[2] * h[1] */ + "umaal r7, r8, %[len], r5\n\t" + /* Replace h[0] with h[3] */ + "ldr r4, [lr, #12]\n\t" + /* r[1] * h[2] */ + "umull r10, r11, %[m], r6\n\t" + /* r[2] * h[2] */ + "umaal r8, r9, %[len], r6\n\t" + /* r[0] * h[3] */ + "umaal r7, r10, %[ctx], r4\n\t" + /* r[3] * h[1] */ + "umaal r8, r11, %[notLast], r5\n\t" + /* r[1] * h[3] */ + "umaal r8, r10, %[m], r4\n\t" + /* r[3] * h[2] */ + "umaal r9, r11, %[notLast], r6\n\t" + /* r[2] * h[3] */ + "umaal r9, r10, %[len], r4\n\t" + /* Replace h[1] with h[4] */ + "ldr r5, [lr, #16]\n\t" + /* r[3] * h[3] */ + "umaal r10, r11, %[notLast], r4\n\t" + "mov r12, #0\n\t" + /* r[0] * h[4] */ + "umaal r8, r12, %[ctx], r5\n\t" + /* r[1] * h[4] */ + "umaal r9, r12, %[m], r5\n\t" + /* r[2] * h[4] */ + "umaal r10, r12, %[len], r5\n\t" + /* r[3] * h[4] */ + "umaal r11, r12, %[notLast], r5\n\t" + /* DONE */ + "ldm sp, {r4, r5, r6}\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + /* r12 will be zero because r is masked. */ + /* Load length */ + "ldr %[len], [sp, #20]\n\t" + /* Reduce mod 2^130 - 5 */ + "bic %[notLast], r8, #3\n\t" + "and r8, r8, #3\n\t" + "adds r4, r4, %[notLast]\n\t" + "lsr %[notLast], %[notLast], #2\n\t" + "adcs r5, r5, r9\n\t" + "orr %[notLast], %[notLast], r9, LSL #30\n\t" + "adcs r6, r6, r10\n\t" + "lsr r9, r9, #2\n\t" + "adcs r7, r7, r11\n\t" + "orr r9, r9, r10, LSL #30\n\t" + "adc r8, r8, r12\n\t" + "lsr r10, r10, #2\n\t" + "adds r4, r4, %[notLast]\n\t" + "orr r10, r10, r11, LSL #30\n\t" + "adcs r5, r5, r9\n\t" + "lsr r11, r11, #2\n\t" + "adcs r6, r6, r10\n\t" + "adcs r7, r7, r11\n\t" + "adc r8, r8, r12\n\t" + /* Sub 16 from length. */ + "subs %[len], %[len], #16\n\t" + /* Store length. */ + "str %[len], [sp, #20]\n\t" + /* Loop again if more message to do. */ + "bgt L_poly1305_arm32_16_loop_%=\n\t" + "stm lr, {r4, r5, r6, r7, r8}\n\t" + "\n" + "L_poly1305_arm32_16_done_%=: \n\t" + "add sp, sp, #28\n\t" + : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), [notLast] "+r" (notLast) + : + : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + ); +} + +static const uint32_t L_poly1305_arm32_clamp[] = { + 0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc, +}; + +void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) +{ + register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; + register const byte* key asm ("r1") = (const byte*)key_p; + register uint32_t* L_poly1305_arm32_clamp_c asm ("r2") = (uint32_t*)&L_poly1305_arm32_clamp; + + __asm__ __volatile__ ( + /* Load mask. */ + "mov lr, %[L_poly1305_arm32_clamp]\n\t" + "ldm lr, {r6, r7, r8, r12}\n\t" + /* Load and cache padding. */ + "ldr r2, [%[key], #16]\n\t" + "ldr r3, [%[key], #20]\n\t" + "ldr r4, [%[key], #24]\n\t" + "ldr r5, [%[key], #28]\n\t" + "add lr, %[ctx], #36\n\t" + "stm lr, {r2, r3, r4, r5}\n\t" + /* Load, mask and store r. */ + "ldr r2, [%[key]]\n\t" + "ldr r3, [%[key], #4]\n\t" + "ldr r4, [%[key], #8]\n\t" + "ldr r5, [%[key], #12]\n\t" + "and r2, r2, r6\n\t" + "and r3, r3, r7\n\t" + "and r4, r4, r8\n\t" + "and r5, r5, r12\n\t" + "add lr, %[ctx], #0\n\t" + "stm lr, {r2, r3, r4, r5}\n\t" + /* h (accumulator) = 0 */ + "eor r6, r6, r6\n\t" + "eor r7, r7, r7\n\t" + "eor r8, r8, r8\n\t" + "eor r12, r12, r12\n\t" + "add lr, %[ctx], #16\n\t" + "eor r5, r5, r5\n\t" + "stm lr, {r5, r6, r7, r8, r12}\n\t" + /* Zero leftover */ + "str r5, [%[ctx], #52]\n\t" + : [ctx] "+r" (ctx), [key] "+r" (key), [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) + : + : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + ); +} + +void poly1305_final(Poly1305* ctx_p, byte* mac_p) +{ + register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; + register byte* mac asm ("r1") = (byte*)mac_p; + + __asm__ __volatile__ ( + "add r9, %[ctx], #16\n\t" + "ldm r9, {r4, r5, r6, r7, r8}\n\t" + /* Add 5 and check for h larger than p. */ + "adds r2, r4, #5\n\t" + "adcs r2, r5, #0\n\t" + "adcs r2, r6, #0\n\t" + "adcs r2, r7, #0\n\t" + "adc r2, r8, #0\n\t" + "sub r2, r2, #4\n\t" + "lsr r2, r2, #31\n\t" + "sub r2, r2, #1\n\t" + "and r2, r2, #5\n\t" + /* Add 0/5 to h. */ + "adds r4, r4, r2\n\t" + "adcs r5, r5, #0\n\t" + "adcs r6, r6, #0\n\t" + "adc r7, r7, #0\n\t" + /* Add padding */ + "add r9, %[ctx], #36\n\t" + "ldm r9, {r2, r3, r12, lr}\n\t" + "adds r4, r4, r2\n\t" + "adcs r5, r5, r3\n\t" + "adcs r6, r6, r12\n\t" + "adc r7, r7, lr\n\t" + /* Store MAC */ + "str r4, [%[mac]]\n\t" + "str r5, [%[mac], #4]\n\t" + "str r6, [%[mac], #8]\n\t" + "str r7, [%[mac], #12]\n\t" + /* Zero out h. */ + "eor r4, r4, r4\n\t" + "eor r5, r5, r5\n\t" + "eor r6, r6, r6\n\t" + "eor r7, r7, r7\n\t" + "eor r8, r8, r8\n\t" + "add r9, %[ctx], #16\n\t" + "stm r9, {r4, r5, r6, r7, r8}\n\t" + /* Zero out r. */ + "add r9, %[ctx], #0\n\t" + "stm r9, {r4, r5, r6, r7}\n\t" + /* Zero out padding. */ + "add r9, %[ctx], #36\n\t" + "stm r9, {r4, r5, r6, r7}\n\t" + : [ctx] "+r" (ctx), [mac] "+r" (mac) + : + : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + ); +} + +#endif /* HAVE_POLY1305 */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* WOLFSSL_ARMASM */ + +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 76629726f..6077a88b3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -32,6 +32,8 @@ #ifdef WOLFSSL_ARMASM #if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) #ifndef WOLFSSL_ARMASM_INLINE +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_ARMASM_NO_NEON .text .type L_sha3_arm2_neon_rt, %object .size L_sha3_arm2_neon_rt, 192 @@ -85,60 +87,6 @@ L_sha3_arm2_neon_rt: .word 0x0 .word 0x80008008 .word 0x80000000 - .text - .type L_sha3_arm2_rt, %object - .size L_sha3_arm2_rt, 192 - .align 4 -L_sha3_arm2_rt: - .word 0x1 - .word 0x0 - .word 0x8082 - .word 0x0 - .word 0x808a - .word 0x80000000 - .word 0x80008000 - .word 0x80000000 - .word 0x808b - .word 0x0 - .word 0x80000001 - .word 0x0 - .word 0x80008081 - .word 0x80000000 - .word 0x8009 - .word 0x80000000 - .word 0x8a - .word 0x0 - .word 0x88 - .word 0x0 - .word 0x80008009 - .word 0x0 - .word 0x8000000a - .word 0x0 - .word 0x8000808b - .word 0x0 - .word 0x8b - .word 0x80000000 - .word 0x8089 - .word 0x80000000 - .word 0x8003 - .word 0x80000000 - .word 0x8002 - .word 0x80000000 - .word 0x80 - .word 0x80000000 - .word 0x800a - .word 0x0 - .word 0x8000000a - .word 0x80000000 - .word 0x80008081 - .word 0x80000000 - .word 0x8080 - .word 0x80000000 - .word 0x80000001 - .word 0x0 - .word 0x80008008 - .word 0x80000000 -#ifndef WOLFSSL_ARMASM_NO_NEON .text .align 4 .globl BlockSha3 @@ -407,6 +355,59 @@ L_sha3_arm32_neon_begin: .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_ARMASM_NO_NEON */ #ifdef WOLFSSL_ARMASM_NO_NEON + .text + .type L_sha3_arm2_rt, %object + .size L_sha3_arm2_rt, 192 + .align 4 +L_sha3_arm2_rt: + .word 0x1 + .word 0x0 + .word 0x8082 + .word 0x0 + .word 0x808a + .word 0x80000000 + .word 0x80008000 + .word 0x80000000 + .word 0x808b + .word 0x0 + .word 0x80000001 + .word 0x0 + .word 0x80008081 + .word 0x80000000 + .word 0x8009 + .word 0x80000000 + .word 0x8a + .word 0x0 + .word 0x88 + .word 0x0 + .word 0x80008009 + .word 0x0 + .word 0x8000000a + .word 0x0 + .word 0x8000808b + .word 0x0 + .word 0x8b + .word 0x80000000 + .word 0x8089 + .word 0x80000000 + .word 0x8003 + .word 0x80000000 + .word 0x8002 + .word 0x80000000 + .word 0x80 + .word 0x80000000 + .word 0x800a + .word 0x0 + .word 0x8000000a + .word 0x80000000 + .word 0x80008081 + .word 0x80000000 + .word 0x8080 + .word 0x80000000 + .word 0x80000001 + .word 0x0 + .word 0x80008008 + .word 0x80000000 .text .align 4 .globl BlockSha3 @@ -2391,6 +2392,7 @@ L_sha3_arm32_begin: pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* WOLFSSL_SHA3 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index 6d2efa1b0..1a54d8af3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -51,6 +51,8 @@ #define __asm__ __asm #define __volatile__ volatile #endif /* __KEIL__ */ +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_ARMASM_NO_NEON static const uint64_t L_sha3_arm2_neon_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, @@ -66,29 +68,12 @@ static const uint64_t L_sha3_arm2_neon_rt[] = { 0x0000000080000001UL, 0x8000000080008008UL, }; -static const uint64_t L_sha3_arm2_rt[] = { - 0x0000000000000001UL, 0x0000000000008082UL, - 0x800000000000808aUL, 0x8000000080008000UL, - 0x000000000000808bUL, 0x0000000080000001UL, - 0x8000000080008081UL, 0x8000000000008009UL, - 0x000000000000008aUL, 0x0000000000000088UL, - 0x0000000080008009UL, 0x000000008000000aUL, - 0x000000008000808bUL, 0x800000000000008bUL, - 0x8000000000008089UL, 0x8000000000008003UL, - 0x8000000000008002UL, 0x8000000000000080UL, - 0x000000000000800aUL, 0x800000008000000aUL, - 0x8000000080008081UL, 0x8000000000008080UL, - 0x0000000080000001UL, 0x8000000080008008UL, -}; - #include -#ifndef WOLFSSL_ARMASM_NO_NEON void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt; - register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt; __asm__ __volatile__ ( "sub sp, sp, #16\n\t" @@ -348,16 +333,31 @@ void BlockSha3(word64* state_p) "vst1.8 {d20-d23}, [%[state]]!\n\t" "vst1.8 {d24}, [%[state]]\n\t" "add sp, sp, #16\n\t" - : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) + : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) : - : "memory", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc" + : "memory", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc" ); } #endif /* WOLFSSL_ARMASM_NO_NEON */ +#ifdef WOLFSSL_ARMASM_NO_NEON +static const uint64_t L_sha3_arm2_rt[] = { + 0x0000000000000001UL, 0x0000000000008082UL, + 0x800000000000808aUL, 0x8000000080008000UL, + 0x000000000000808bUL, 0x0000000080000001UL, + 0x8000000080008081UL, 0x8000000000008009UL, + 0x000000000000008aUL, 0x0000000000000088UL, + 0x0000000080008009UL, 0x000000008000000aUL, + 0x000000008000808bUL, 0x800000000000008bUL, + 0x8000000000008089UL, 0x8000000000008003UL, + 0x8000000000008002UL, 0x8000000000000080UL, + 0x000000000000800aUL, 0x800000008000000aUL, + 0x8000000080008081UL, 0x8000000000008080UL, + 0x0000000080000001UL, 0x8000000080008008UL, +}; + #include -#ifdef WOLFSSL_ARMASM_NO_NEON void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; @@ -2348,6 +2348,7 @@ void BlockSha3(word64* state_p) } #endif /* WOLFSSL_ARMASM_NO_NEON */ +#endif /* WOLFSSL_SHA3 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ #endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c index c7de0a265..b5b516705 100644 --- a/wolfcrypt/src/port/arm/armv8-chacha.c +++ b/wolfcrypt/src/port/arm/armv8-chacha.c @@ -29,7 +29,7 @@ #include -#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON) +#if defined(WOLFSSL_ARMASM) #ifdef HAVE_CHACHA #include @@ -73,15 +73,43 @@ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. */ -int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) +int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter) { +#ifndef __aarch64__ + int ret = 0; +#ifdef CHACHA_AEAD_TEST + word32 i; + + printf("NONCE : "); + if (iv != NULL) { + for (i = 0; i < CHACHA_IV_BYTES; i++) { + printf("%02x", iv[i]); + } + } + printf("\n\n"); +#endif + + /* Validate parameters. */ + if ((ctx == NULL) || (iv == NULL)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* No unused bytes to XOR into input. */ + ctx->left = 0; + + /* Set counter and IV into state. */ + wc_chacha_setiv(ctx->X, iv, counter); + } + + return ret; +#else word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */ #ifdef CHACHA_AEAD_TEST word32 i; printf("NONCE : "); for (i = 0; i < CHACHA_IV_BYTES; i++) { - printf("%02x", inIv[i]); + printf("%02x", iv[i]); } printf("\n\n"); #endif @@ -89,7 +117,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) if (ctx == NULL) return BAD_FUNC_ARG; - XMEMCPY(temp, inIv, CHACHA_IV_BYTES); + XMEMCPY(temp, iv, CHACHA_IV_BYTES); ctx->left = 0; ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */ @@ -98,18 +126,54 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */ return 0; +#endif } +#ifdef __aarch64__ /* "expand 32-byte k" as unsigned 32 byte */ static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; /* "expand 16-byte k" as unsigned 16 byte */ static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; +#endif /** * Key setup. 8 word iv (nonce) */ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) { +#ifndef __aarch64__ + int ret = 0; + +#ifdef CHACHA_AEAD_TEST + printf("ChaCha key used :\n"); + if (key != NULL) { + word32 i; + for (i = 0; i < keySz; i++) { + printf("%02x", key[i]); + if ((i % 8) == 7) + printf("\n"); + } + } + printf("\n\n"); +#endif + + /* Validate parameters. */ + if ((ctx == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) && + (keySz != CHACHA_MAX_KEY_SZ )) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ctx->left = 0; + + wc_chacha_setkey(ctx->X, key, keySz); + } + + return ret; +#else const word32* constants; const byte* k; @@ -169,8 +233,10 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) ctx->left = 0; return 0; +#endif } +#ifndef WOLFSSL_ARMASM_NO_NEON static const word32 L_chacha20_neon_inc_first_word[] = { 0x1, 0x0, @@ -2815,7 +2881,6 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m, } - /** * Encrypt a stream of bytes */ @@ -2862,40 +2927,68 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); } } +#endif /** * API to encrypt/decrypt a message of any size. */ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, - word32 msglen) + word32 len) { +#ifdef WOLFSSL_ARMASM_NO_NEON + int ret = 0; + + if ((ctx == NULL) || (output == NULL) || (input == NULL)) { + ret = BAD_FUNC_ARG; + } + + /* Handle left over bytes from last block. */ + if ((ret == 0) && (len > 0) && (ctx->left > 0)) { + byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left; + word32 l = min(len, ctx->left); + + wc_chacha_use_over(over, output, input, l); + + ctx->left -= l; + input += l; + output += l; + len -= l; + } + + if ((ret == 0) && (len != 0)) { + wc_chacha_crypt_bytes(ctx, output, input, len); + } + + return ret; +#else if (ctx == NULL || output == NULL || input == NULL) return BAD_FUNC_ARG; /* handle left overs */ - if (msglen > 0 && ctx->left > 0) { + if (len > 0 && ctx->left > 0) { byte* out; word32 i; out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; - for (i = 0; i < msglen && i < ctx->left; i++) { + for (i = 0; i < len && i < ctx->left; i++) { output[i] = (byte)(input[i] ^ out[i]); } ctx->left -= i; - msglen -= i; + len -= i; output += i; input += i; } - if (msglen == 0) { + if (len == 0) { return 0; } - wc_Chacha_encrypt_bytes(ctx, input, output, msglen); + wc_Chacha_encrypt_bytes(ctx, input, output, len); return 0; +#endif } #endif /* HAVE_CHACHA */ -#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */ +#endif /* WOLFSSL_ARMASM */ diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c index 4d838c703..9527bbd9d 100644 --- a/wolfcrypt/src/port/arm/armv8-poly1305.c +++ b/wolfcrypt/src/port/arm/armv8-poly1305.c @@ -32,7 +32,6 @@ #include #ifdef WOLFSSL_ARMASM -#ifdef __aarch64__ #ifdef HAVE_POLY1305 #include @@ -49,6 +48,8 @@ #include #endif +#ifdef __aarch64__ + static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx, const unsigned char *m, size_t bytes) { @@ -1118,6 +1119,127 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) return 0; } -#endif /* HAVE_POLY1305 */ +#else +#ifdef __thumb__ +/* Process 16 bytes of message at a time. + * + * @param [in] ctx Poly1305 context. + * @param [in] m Message to process. + * @param [in] bytes Length of message in bytes. + */ +void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m, + size_t bytes) +{ + poly1305_blocks_thumb2_16(ctx, m, bytes, 1); +} + +/* Process 16 bytes of message. + * + * @param [in] ctx Poly1305 context. + * @param [in] m Message to process. + */ +void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m) +{ + poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1); +} +#else +/* Process 16 bytes of message at a time. + * + * @param [in] ctx Poly1305 context. + * @param [in] m Message to process. + * @param [in] bytes Length of message in bytes. + */ +void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char* m, size_t bytes) +{ + poly1305_blocks_arm32_16(ctx, m, bytes, 1); +} + +/* Process 16 bytes of message. + * + * @param [in] ctx Poly1305 context. + * @param [in] m Message to process. + */ +void poly1305_block_arm32(Poly1305* ctx, const unsigned char* m) +{ + poly1305_blocks_arm32_16(ctx, m, POLY1305_BLOCK_SIZE, 1); +} +#endif + +/* Set the key for the Poly1305 operation. + * + * @param [in] ctx Poly1305 context. + * @param [in] key Key data to use. + * @param [in] keySz Size of key in bytes. Must be 32. + * @return 0 on success. + * @return BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32. + */ +int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) +{ + int ret = 0; + +#ifdef CHACHA_AEAD_TEST + word32 k; + printf("Poly key used:\n"); + if (key != NULL) { + for (k = 0; k < keySz; k++) { + printf("%02x", key[k]); + if ((k+1) % 8 == 0) + printf("\n"); + } + } + printf("\n"); +#endif + + /* Validate parameters. */ + if ((ctx == NULL) || (key == NULL) || (keySz != 32)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + poly1305_set_key(ctx, key); + } + + return ret; +} + +/* Finalize the Poly1305 operation calculating the MAC. + * + * @param [in] ctx Poly1305 context. + * @param [in] mac Buffer to hold the MAC. Myst be at least 16 bytes long. + * @return 0 on success. + * @return BAD_FUNC_ARG when ctx or mac is NULL. + */ +int wc_Poly1305Final(Poly1305* ctx, byte* mac) +{ + int ret = 0; + + /* Validate parameters. */ + if ((ctx == NULL) || (mac == NULL)) { + ret = BAD_FUNC_ARG; + } + + /* Process the remaining partial block - last block. */ + if (ret == 0) { + if (ctx->leftover) { + size_t i = ctx->leftover; + ctx->buffer[i++] = 1; + for (; i < POLY1305_BLOCK_SIZE; i++) { + ctx->buffer[i] = 0; + } + #ifdef __thumb__ + poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, + 0); + #else + poly1305_blocks_arm32_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0); + #endif + } + + poly1305_final(ctx, mac); + } + + return ret; +} + #endif /* __aarch64__ */ +#endif /* HAVE_POLY1305 */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index 42e71aee5..db4e5dd66 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -107,12 +107,18 @@ WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, word32 counter); #endif -#if defined(WOLFSSL_ARMASM) && defined(__thumb__) +#if defined(WOLFSSL_ARMASM) + +#ifndef __aarch64__ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter); void wc_chacha_setkey(word32* x, const byte* key, word32 keySz); +#endif + +#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(__thumb__) void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len); void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len); +#endif #endif diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index bcc48a629..70ed1efa8 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -98,7 +98,7 @@ typedef struct Poly1305 { word64 leftover; unsigned char buffer[POLY1305_BLOCK_SIZE]; unsigned char finished; -#elif defined(WOLFSSL_ARMASM) && defined(__thumb__) +#elif defined(WOLFSSL_ARMASM) word32 r[4]; word32 h[5]; word32 pad[4]; @@ -147,16 +147,16 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz); -#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) +#if defined(__aarch64__ ) #define poly1305_blocks poly1305_blocks_aarch64 #define poly1305_block poly1305_block_aarch64 void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, size_t bytes); void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m); -#endif - -#if defined(__thumb__ ) && defined(WOLFSSL_ARMASM) +#else +#if defined(__thumb__) #define poly1305_blocks poly1305_blocks_thumb2 #define poly1305_block poly1305_block_thumb2 @@ -166,9 +166,20 @@ void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m); void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m, word32 len, int notLast); +#else +#define poly1305_blocks poly1305_blocks_arm32 +#define poly1305_block poly1305_block_arm32 + +void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes); +void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m); + +void poly1305_blocks_arm32_16(Poly1305* ctx, const unsigned char* m, word32 len, + int notLast); +#endif void poly1305_set_key(Poly1305* ctx, const byte* key); void poly1305_final(Poly1305* ctx, byte* mac); #endif +#endif /* WOLFSSL_ARMASM */ #if defined(WOLFSSL_RISCV_ASM) #define poly1305_blocks poly1305_blocks_riscv64 From 32ebaea1584f872d183529a4dd87bdc45b21f987 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:31:31 -0600 Subject: [PATCH 063/325] add uintptr_t to config.h fixing curl cmake build error --- CMakeLists.txt | 4 +++- cmake/config.in | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d5dd2796e..a581df814 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -131,6 +131,7 @@ check_type_size("__uint128_t" __UINT128_T) check_type_size("long long" SIZEOF_LONG_LONG) check_type_size("long" SIZEOF_LONG) check_type_size("time_t" SIZEOF_TIME_T) +check_type_size("uintptr_t" HAVE_UINTPTR_T) # By default, HAVE___UINT128_T gets defined as TRUE, # but we want it as 1. @@ -419,16 +420,17 @@ if(WOLFSSL_CURL) set(WOLFSSL_MD4 "yes") set(WOLFSSL_DES3 "yes") set(WOLFSSL_ALPN "yes") + set(WOLFSSL_WOLFSSH "yes") set(WOLFSSL_OPENSSLEXTRA "yes") set(WOLFSSL_CRL "yes") set(WOLFSSL_OCSP "yes") set(WOLFSSL_OCSPSTAPLING "yes") set(WOLFSSL_OCSPSTAPLING_V2 "yes") + # Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2) set(WOLFSSL_SNI "yes") set(WOLFSSL_ALT_CERT_CHAINS "yes") set(WOLFSSL_IP_ALT_NAME "yes") set(WOLFSSL_SESSION_TICKET "yes") - set(WOLFSSL_WOLFSSH "yes") list(APPEND WOLFSSL_DEFINITIONS "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB") endif() diff --git a/cmake/config.in b/cmake/config.in index d1b61aa14..f2524e41e 100644 --- a/cmake/config.in +++ b/cmake/config.in @@ -46,6 +46,9 @@ /* Define to 1 if the system has the type `__uint128_t'. */ #cmakedefine HAVE___UINT128_T @HAVE___UINT128_T@ +/* Define to 1 if the system has the type `uintptr_t'. */ +#cmakedefine HAVE_UINTPTR_T @HAVE_UINTPTR_T@ + /* Define to the full name of this package. */ #define PACKAGE_NAME "@CMAKE_PROJECT_NAME@" From 6414cf61a7107a55d90e8b758526f57409360952 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 26 Sep 2024 13:18:06 -0700 Subject: [PATCH 064/325] Update comments for new flags in settings.h --- wolfssl/wolfcrypt/settings.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 07c4f746b..32730d879 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3576,11 +3576,17 @@ extern void uITRON4_free(void *p) ; #define KEEP_PEER_CERT #endif +/* Always copy certificate(s) from SSL CTX to each SSL object on creation, + * if this is not defined then each SSL object shares a pointer to the + * original certificate buffer owned by the SSL CTX. */ #if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT) #undef WOLFSSL_COPY_CERT #define WOLFSSL_COPY_CERT #endif +/* Always copy private key from SSL CTX to each SSL object on creation, + * if this is not defined then each SSL object shares a pointer to the + * original key buffer owned by the SSL CTX. */ #if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY) #undef WOLFSSL_COPY_KEY #define WOLFSSL_COPY_KEY From 794f0d8d19c4ebb854f373e929201036e8aaada2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 27 Sep 2024 00:27:20 -0500 Subject: [PATCH 065/325] src/pk.c: add missing "keySz = padded_keySz" in _DH_compute_key() ct cleanup path. wolfcrypt/src/wc_kyber_poly.c: add SAVE_VECTOR_REGISTERS2()...RESTORE_VECTOR_REGISTERS() wrappers for AVX2 implementations. src/bio.c and src/ssl.c: add several missing WC_NO_ERR_TRACE()s, and tweak several returns to generate error traces. --- src/bio.c | 19 ++++++--- src/pk.c | 1 + src/ssl.c | 2 +- wolfcrypt/src/wc_kyber_poly.c | 80 +++++++++++++++++++++++------------ 4 files changed, 70 insertions(+), 32 deletions(-) diff --git a/src/bio.c b/src/bio.c index e8e66597e..2921e5a98 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1332,7 +1332,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { WOLFSSL_BIO* front = bio; - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr"); @@ -1358,7 +1358,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio = bio->prev; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } #ifdef OPENSSL_ALL @@ -2231,7 +2234,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -2600,7 +2606,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); @@ -2613,7 +2619,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl) diff --git a/src/pk.c b/src/pk.c index e99ef80a0..f515bfeed 100644 --- a/src/pk.c +++ b/src/pk.c @@ -8792,6 +8792,7 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, XMEMMOVE(key, key + (padded_keySz - keySz), padded_keySz - keySz); XMEMSET(key, 0, padded_keySz - keySz); + keySz = padded_keySz; } } } diff --git a/src/ssl.c b/src/ssl.c index e0101e062..e2e040bfc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11447,7 +11447,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_BIO* bio = NULL; WOLFSSL_X509 *cert = NULL; WOLFSSL_X509_NAME *nameCopy = NULL; - unsigned long err = WOLFSSL_FAILURE; + unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 4321f1a05..492d159a8 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -1236,8 +1236,9 @@ void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_keygen_avx2(priv, pub, e, a, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1314,8 +1315,9 @@ void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v, const sword16* m, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_encapsulate_avx2(pub, bp, v, at, sp, ep, epp, m, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1365,8 +1367,9 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, const sword16* v, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decapsulate_avx2(priv, mp, bp, v, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1569,8 +1572,9 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -1582,8 +1586,9 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -2058,8 +2063,9 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -2105,8 +2111,9 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -2376,8 +2383,9 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k2_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2394,8 +2402,9 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k3_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2412,8 +2421,9 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k4_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3213,8 +3223,9 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3236,8 +3247,9 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3255,8 +3267,9 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); #else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3317,8 +3330,9 @@ int kyber_cmp(const byte* a, const byte* b, int sz) int fail; #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { fail = kyber_cmp_avx2(a, b, sz); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3555,8 +3569,9 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp) void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_10_avx2(r, v, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3648,8 +3663,9 @@ static void kyber_vec_compress_11_c(byte* r, sword16* v) void kyber_vec_compress_11(byte* r, sword16* v) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_11_avx2(r, v, 4); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3746,8 +3762,9 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b, unsigned int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_10_avx2(v, b, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3829,8 +3846,9 @@ static void kyber_vec_decompress_11_c(sword16* v, const unsigned char* b) void kyber_vec_decompress_11(sword16* v, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_11_avx2(v, b, 4); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3979,8 +3997,9 @@ static void kyber_compress_4_c(byte* b, sword16* p) void kyber_compress_4(byte* b, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_4_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4052,8 +4071,9 @@ static void kyber_compress_5_c(byte* b, sword16* p) void kyber_compress_5(byte* b, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_5_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4112,8 +4132,9 @@ static void kyber_decompress_4_c(sword16* p, const unsigned char* b) void kyber_decompress_4(sword16* p, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_4_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4186,8 +4207,9 @@ static void kyber_decompress_5_c(sword16* p, const unsigned char* b) void kyber_decompress_5(sword16* p, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_5_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4253,8 +4275,9 @@ static void kyber_from_msg_c(sword16* p, const byte* msg) void kyber_from_msg(sword16* p, const byte* msg) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_from_msg_avx2(p, msg); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4342,9 +4365,10 @@ static void kyber_to_msg_c(byte* msg, sword16* p) void kyber_to_msg(byte* msg, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { /* Convert the polynomial into a array of bytes (message). */ kyber_to_msg_avx2(msg, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4414,7 +4438,7 @@ static void kyber_from_bytes_c(sword16* p, const byte* b, int k) void kyber_from_bytes(sword16* p, const byte* b, int k) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { int i; for (i = 0; i < k; i++) { @@ -4422,6 +4446,8 @@ void kyber_from_bytes(sword16* p, const byte* b, int k) p += KYBER_N; b += KYBER_POLY_SIZE; } + + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -4473,7 +4499,7 @@ static void kyber_to_bytes_c(byte* b, sword16* p, int k) void kyber_to_bytes(byte* b, sword16* p, int k) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { int i; for (i = 0; i < k; i++) { @@ -4481,6 +4507,8 @@ void kyber_to_bytes(byte* b, sword16* p, int k) p += KYBER_N; b += KYBER_POLY_SIZE; } + + RESTORE_VECTOR_REGISTERS(); } else #endif From 60c249960232856bdc7f19cabc9eb39a197448ba Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 27 Sep 2024 17:15:17 -0500 Subject: [PATCH 066/325] wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE; wolfcrypt/src/aes.c: * when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT; * in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate()); wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data; wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address". --- wolfcrypt/src/aes.c | 13 +++++- wolfcrypt/src/misc.c | 46 ++++++++++++++++++ wolfcrypt/src/wc_kyber_poly.c | 88 ++++++++++++++++------------------- wolfssl/wolfcrypt/misc.h | 8 ++++ wolfssl/wolfcrypt/types.h | 2 + 5 files changed, 107 insertions(+), 50 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 4c9a8d181..e76f66f13 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4759,7 +4759,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #ifdef WC_C_DYNAMIC_FALLBACK -#define VECTOR_REGISTERS_PUSH { \ +#define VECTOR_REGISTERS_PUSH { \ int orig_use_aesni = aes->use_aesni; \ if (aes->use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) { \ aes->use_aesni = 0; \ @@ -4774,6 +4774,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } \ WC_DO_NOTHING +#elif defined(SAVE_VECTOR_REGISTERS2_DOES_NOTHING) + +#define VECTOR_REGISTERS_PUSH { \ + WC_DO_NOTHING + +#define VECTOR_REGISTERS_POP \ + } \ + WC_DO_NOTHING + #else #define VECTOR_REGISTERS_PUSH { \ @@ -9796,7 +9805,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( ASSERT_SAVED_VECTOR_REGISTERS(); /* Hash in A, the Authentication Data */ - ret = AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL)); + ret = AesGcmAadUpdate_aesni(aes, a, aSz, cSz > 0); if (ret != 0) return ret; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 7a9bcb02c..e4b53d91f 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -211,6 +211,52 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) +WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) + return *(word64 *)in; + else { + word64 out; + XMEMCPY(&out, in, sizeof(word64)); + return out; + } +} + +WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) + *(word64 *)out = in; + else { + XMEMCPY(out, &in, sizeof(word64)); + } + return in; +} + +WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in, + size_t count) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) { + const word64 *in_word64 = (const word64 *)in; + while (count-- > 0) + *out++ = *in_word64++; + } + else { + XMEMCPY(out, in, count * sizeof(word64)); + } +} + +WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in, + size_t count) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) { + word64 *out_word64 = (word64 *)out; + while (count-- > 0) + *out_word64++ = *in++; + } + else { + XMEMCPY(out, in, count * sizeof(word64)); + } +} WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y) { diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 492d159a8..4514ad317 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -67,6 +67,13 @@ #ifdef WOLFSSL_WC_KYBER +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + /* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */ extern volatile sword16 kyber_opt_blocker; @@ -1560,14 +1567,11 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) a += 4 * KYBER_N; } - state[0] = ((word64*)seed)[0]; - state[1] = ((word64*)seed)[1]; - state[2] = ((word64*)seed)[2]; - state[3] = ((word64*)seed)[3]; + readUnalignedWords64(state, seed, 4); /* Transposed value same as not. */ state[4] = 0x1f0000 + (2 << 8) + 2; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[20] = 0x8000000000000000UL; + state[20] = W64LIT(0x8000000000000000); for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); @@ -1748,14 +1752,11 @@ static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) a += 3 * KYBER_N; - state[0] = ((word64*)seed)[0]; - state[1] = ((word64*)seed)[1]; - state[2] = ((word64*)seed)[2]; - state[3] = ((word64*)seed)[3]; + readUnalignedWords64(state, seed, 4); /* Transposed value same as not. */ state[4] = 0x1f0000 + (1 << 8) + 1; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[20] = 0x8000000000000000UL; + state[20] = W64LIT(0x8000000000000000); BlockSha3(state); p = (byte*)state; ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); @@ -1899,14 +1900,11 @@ static int kyber_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed) a += 3 * KYBER_N; } - state[0] = ((word64*)seed)[0]; - state[1] = ((word64*)seed)[1]; - state[2] = ((word64*)seed)[2]; - state[3] = ((word64*)seed)[3]; + readUnalignedWords64(state, seed, 4); /* Transposed value same as not. */ state[4] = 0x1f0000 + (3 << 8) + 3; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[20] = 0x8000000000000000UL; + state[20] = W64LIT(0x8000000000000000); BlockSha3(state); p = (byte*)state; ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); @@ -2047,18 +2045,15 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, const byte* key) { #ifdef USE_INTEL_SPEEDUP - int i; word64 state[25]; (void)shake256; - for (i = 0; i < KYBER_SYM_SZ / 8; i++) { - state[i] = ((word64*)key)[i]; - } + readUnalignedWords64(state, key, KYBER_SYM_SZ / sizeof(word64)); state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ]; XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0, (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64)); - state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); @@ -2098,15 +2093,12 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) { word64 state[25]; - int i; - int len64 = seedLen / 8; + word32 len64 = seedLen / 8; - for (i = 0; i < len64; i++) { - state[i] = ((word64*)seed)[i]; - } + readUnalignedWords64(state, seed, len64); state[len64] = 0x1f; XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); - state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); @@ -2136,15 +2128,12 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) { word64 state[25]; - int i; - int len64 = seedLen / 8; + word32 len64 = seedLen / 8; - for (i = 0; i < len64; i++) { - state[i] = ((word64*)seed)[i]; - } + readUnalignedWords64(state, seed, len64); state[len64] = 0x1f; XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); - state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); BlockSha3(state); XMEMCPY(out, state, outLen); @@ -2199,10 +2188,11 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, i = 0; for (j = 0; j < minJ; j += 6) { /* Use 48 bits (6 bytes) as four 12-bit integers. */ - sword16 v0 = (*(word64*)r) & 0xfff; - sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; - sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; - sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; p[i] = v0 & (0 - (v0 < KYBER_Q)); i += v0 < KYBER_Q; @@ -2219,10 +2209,11 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, if (j < rLen) { for (; (i + 4 < len) && (j < rLen); j += 6) { /* Use 48 bits (6 bytes) as four 12-bit integers. */ - sword16 v0 = (*(word64*)r) & 0xfff; - sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; - sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; - sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; p[i] = v0; i += v0 < KYBER_Q; @@ -2238,10 +2229,11 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, } for (; (i < len) && (j < rLen); j += 6) { /* Use 48 bits (6 bytes) as four 12-bit integers. */ - sword16 v0 = (*(word64*)r) & 0xfff; - sword16 v1 = ((*(word64*)r) >> 12) & 0xfff; - sword16 v2 = ((*(word64*)r) >> 24) & 0xfff; - sword16 v3 = ((*(word64*)r) >> 36) & 0xfff; + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; /* Reject first 12-bit integer if greater than or equal to q. */ if (v0 < KYBER_Q) { @@ -2511,9 +2503,9 @@ static void kyber_cbd_eta2(sword16* p, const byte* r) #endif /* Take the next 8 bytes, little endian, as a 64 bit value. */ #ifdef BIG_ENDIAN_ORDER - word64 t = ByteReverseWord64(*(word64*)r); + word64 t = ByteReverseWord64(readUnalignedWord64(r)); #else - word64 t = *(word64*)r; + word64 t = readUnalignedWord64(r); #endif word64 d; /* Add second bits to first. */ @@ -3023,7 +3015,7 @@ static void kyber_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o) state[3] = ((word64*)seed)[3]; state[4] = 0x1f00 + o; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[16] = 0x8000000000000000UL; + state[16] = W64LIT(0x8000000000000000); BlockSha3(state); XMEMCPY(rand , state, SHA3_256_BYTES); BlockSha3(state); @@ -3083,7 +3075,7 @@ static void kyber_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o) /* Transposed value same as not. */ state[4] = 0x1f00 + o; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[16] = 0x8000000000000000UL; + state[16] = W64LIT(0x8000000000000000); BlockSha3(state); } diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index cc068db44..9acc31b12 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -76,6 +76,14 @@ int ConstantCompare(const byte* a, const byte* b, int length); #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL +word64 readUnalignedWord64(const byte *in); +WOLFSSL_LOCAL +word64 writeUnalignedWord64(void *out, word64 in); +WOLFSSL_LOCAL +void readUnalignedWords64(word64 *out, const byte *in, size_t count); +WOLFSSL_LOCAL +void writeUnalignedWords64(byte *out, const word64 *in, size_t count); +WOLFSSL_LOCAL word64 rotlFixed64(word64 x, word64 y); WOLFSSL_LOCAL word64 rotrFixed64(word64 x, word64 y); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6ff073622..217772297 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1729,9 +1729,11 @@ typedef struct w64wrapper { #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 + #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING #endif #ifndef CAN_SAVE_VECTOR_REGISTERS #define CAN_SAVE_VECTOR_REGISTERS() 1 + #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE #endif #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING From e4301bc5547b5bb6cc65d467859b79f8344d23eb Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 26 Sep 2024 22:15:46 +1000 Subject: [PATCH 067/325] ARM32 generated files: fix line lengths Generated ARM32 assembly files no longer have lines with more than 80 characters. --- src/include.am | 6 - wolfcrypt/src/port/arm/armv8-32-aes-asm.S | 3 +- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 190 +++++++++++------ wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 3 +- .../src/port/arm/armv8-32-chacha-asm_c.c | 39 ++-- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 3 +- .../src/port/arm/armv8-32-curve25519_c.c | 201 ++++++++++-------- .../src/port/arm/armv8-32-poly1305-asm.S | 3 +- .../src/port/arm/armv8-32-poly1305-asm_c.c | 29 ++- wolfcrypt/src/port/arm/armv8-32-sha256-asm.S | 3 +- .../src/port/arm/armv8-32-sha256-asm_c.c | 26 ++- wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 3 +- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 24 ++- wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 3 +- .../src/port/arm/armv8-32-sha512-asm_c.c | 26 ++- wolfcrypt/src/port/arm/armv8-chacha.c | 2 +- 16 files changed, 346 insertions(+), 218 deletions(-) diff --git a/src/include.am b/src/include.am index dbda409a2..fa182f6ad 100644 --- a/src/include.am +++ b/src/include.am @@ -164,13 +164,11 @@ if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM if BUILD_ARMASM_NEON -if !BUILD_ARMASM_CRYPTO if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S endif !BUILD_ARMASM_INLINE -endif !BUILD_ARMASM_CRYPTO else if BUILD_ARMASM if BUILD_ARMASM_INLINE @@ -336,13 +334,11 @@ if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM if BUILD_ARMASM_NEON -if !BUILD_ARMASM_CRYPTO if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S endif !BUILD_ARMASM_INLINE -endif !BUILD_ARMASM_CRYPTO else if BUILD_ARMASM if BUILD_ARMASM_INLINE @@ -701,7 +697,6 @@ if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM if BUILD_ARMASM_NEON -if !BUILD_ARMASM_CRYPTO if BUILD_ARMASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -709,7 +704,6 @@ else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S endif !BUILD_ARMASM_INLINE -endif !BUILD_ARMASM_CRYPTO else if BUILD_ARMASM if BUILD_ARMASM_INLINE diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index 345f19408..553acadc2 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S + * ruby ./aes/aes.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index f8ba89ac0..c21fbea52 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c + * ruby ./aes/aes.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c */ #ifdef HAVE_CONFIG_H @@ -123,7 +124,9 @@ static const uint32_t L_AES_ARM32_td_data[] = { }; #endif /* HAVE_AES_DECRYPT */ -#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) static const uint32_t L_AES_ARM32_te_data[] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, @@ -191,15 +194,19 @@ static const uint32_t L_AES_ARM32_te_data[] = { 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, }; -#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data; #endif /* HAVE_AES_DECRYPT */ -#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data; -#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -void AES_invert_key(unsigned char* ks, word32 rounds); +void AES_invert_key(unsigned char* ks_p, word32 rounds_p); void AES_invert_key(unsigned char* ks_p, word32 rounds_p) { register unsigned char* ks asm ("r0") = (unsigned char*)ks_p; @@ -401,9 +408,12 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) "str r8, [%[ks]], #4\n\t" "subs r11, r11, #1\n\t" "bne L_AES_invert_key_mix_loop_%=\n\t" - : [ks] "+r" (ks), [rounds] "+r" (rounds), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) + : [ks] "+r" (ks), [rounds] "+r" (rounds), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); } @@ -411,17 +421,20 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) static const uint32_t L_AES_ARM32_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1b000000, 0x36000000, + 0x1b000000, 0x36000000 }; -void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks); -void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char* ks_p) +void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, + unsigned char* ks_p); +void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, + unsigned char* ks_p) { register const unsigned char* key asm ("r0") = (const unsigned char*)key_p; register word32 len asm ("r1") = (word32)len_p; register unsigned char* ks asm ("r2") = (unsigned char*)ks_p; register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te; - register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = (uint32_t*)&L_AES_ARM32_rcon; + register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = + (uint32_t*)&L_AES_ARM32_rcon; __asm__ __volatile__ ( "mov r8, %[L_AES_ARM32_te]\n\t" @@ -922,14 +935,18 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char "bne L_AES_set_encrypt_key_loop_128_%=\n\t" "\n" "L_AES_set_encrypt_key_end_%=: \n\t" - : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) + : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) : - : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" ); } -void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks); -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p) +void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, + const uint32_t* ks_p); +void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, + const uint32_t* ks_p) { register const uint32_t* te asm ("r0") = (const uint32_t*)te_p; register int nr asm ("r1") = (int)nr_p; @@ -1573,23 +1590,27 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) + : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } -#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data; -void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr); -void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p) +void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p); +void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_te_ecb; + register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = + (uint32_t*)L_AES_ARM32_te_ecb; __asm__ __volatile__ ( "mov lr, %[in]\n\t" @@ -1822,17 +1843,23 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "\n" "L_AES_ECB_encrypt_end_%=: \n\t" "pop {%[ks]}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) : - : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11" ); } -#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_CBC static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data; -void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p) +void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* iv_p); +void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* iv_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; @@ -1840,7 +1867,8 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_cbc; + register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = + (uint32_t*)L_AES_ARM32_te_cbc; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -2088,17 +2116,23 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "L_AES_CBC_encrypt_end_%=: \n\t" "pop {%[ks], r9}\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) : - : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); } #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data; -void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p) +void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* ctr_p); +void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* ctr_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; @@ -2106,7 +2140,8 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_ctr; + register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = + (uint32_t*)L_AES_ARM32_te_ctr; __asm__ __volatile__ ( "mov r12, r4\n\t" @@ -2356,16 +2391,19 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) : - : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); } #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC) -void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4); +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) +void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p); void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) { register const uint32_t* td asm ("r0") = (const uint32_t*)td_p; @@ -3009,9 +3047,9 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) + : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -3052,16 +3090,20 @@ static const unsigned char L_AES_ARM32_td4[] = { }; #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr); -void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p) +void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p); +void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r6") = (unsigned char*)&L_AES_ARM32_td4; + register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = + (uint32_t*)L_AES_ARM32_td_ecb; + register unsigned char* L_AES_ARM32_td4_c asm ("r6") = + (unsigned char*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3291,16 +3333,22 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "bne L_AES_ECB_decrypt_loop_block_128_%=\n\t" "\n" "L_AES_ECB_decrypt_end_%=: \n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : - : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); } #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_CBC -void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p) +void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* iv_p); +void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* iv_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; @@ -3308,8 +3356,10 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r7") = (unsigned char*)&L_AES_ARM32_td4; + register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = + (uint32_t*)L_AES_ARM32_td_ecb; + register unsigned char* L_AES_ARM32_td4_c asm ("r7") = + (unsigned char*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3923,9 +3973,12 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "\n" "L_AES_CBC_decrypt_end_%=: \n\t" "pop {%[ks]-r4}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : - : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11" ); } @@ -3940,14 +3993,18 @@ static const uint32_t L_GCM_gmult_len_r[] = { 0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000, }; -void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned char* data, unsigned long len); -void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned char* data_p, unsigned long len_p) +void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, + const unsigned char* data_p, unsigned long len_p); +void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, + const unsigned char* data_p, unsigned long len_p) { register unsigned char* x asm ("r0") = (unsigned char*)x_p; register const unsigned char** m asm ("r1") = (const unsigned char**)m_p; - register const unsigned char* data asm ("r2") = (const unsigned char*)data_p; + register const unsigned char* data asm ("r2") = + (const unsigned char*)data_p; register unsigned long len asm ("r3") = (unsigned long)len_p; - register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = (uint32_t*)&L_GCM_gmult_len_r; + register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = + (uint32_t*)&L_GCM_gmult_len_r; __asm__ __volatile__ ( "mov lr, %[L_GCM_gmult_len_r]\n\t" @@ -4521,15 +4578,21 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned "subs %[len], %[len], #16\n\t" "add %[data], %[data], #16\n\t" "bne L_GCM_gmult_len_start_block_%=\n\t" - : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) + : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), + [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) : - : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); } static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data; -void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p) +void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* ctr_p); +void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, + unsigned long len_p, const unsigned char* ks_p, int nr_p, + unsigned char* ctr_p) { register const unsigned char* in asm ("r0") = (const unsigned char*)in_p; register unsigned char* out asm ("r1") = (unsigned char*)out_p; @@ -4537,7 +4600,8 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_gcm; + register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = + (uint32_t*)L_AES_ARM32_te_gcm; __asm__ __volatile__ ( "mov r12, r4\n\t" @@ -4778,9 +4842,11 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) : - : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S index 77ec21908..b19bf515c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./chacha/chacha.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S + * ruby ./chacha/chacha.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index 8c80fc4ad..201cf2ee3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./chacha/chacha.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c + * ruby ./chacha/chacha.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c */ #ifdef HAVE_CONFIG_H @@ -72,9 +73,9 @@ void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p) "rev lr, lr\n\t" #endif /* BIG_ENDIAN_ORDER */ "stm r3, {r4, r12, lr}\n\t" - : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) + : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) : - : "memory", "r3", "r12", "lr", "r4", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4" ); } @@ -88,7 +89,8 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) register word32* x asm ("r0") = (word32*)x_p; register const byte* key asm ("r1") = (const byte*)key_p; register word32 keySz asm ("r2") = (word32)keySz_p; - register uint32_t* L_chacha_arm32_constants_c asm ("r3") = (uint32_t*)&L_chacha_arm32_constants; + register uint32_t* L_chacha_arm32_constants_c asm ("r3") = + (uint32_t*)&L_chacha_arm32_constants; __asm__ __volatile__ ( "subs %[keySz], %[keySz], #16\n\t" @@ -119,14 +121,16 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) "\n" "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t" "stm %[x], {r4, r5, r12, lr}\n\t" - : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) + : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), + [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) : - : "memory", "r12", "lr", "r4", "r5", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5" ); } #ifdef WOLFSSL_ARMASM_NO_NEON -void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len_p) +void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, + word32 len_p) { register ChaCha* ctx asm ("r0") = (ChaCha*)ctx_p; register byte* c asm ("r1") = (byte*)c_p; @@ -176,7 +180,7 @@ void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len "strd r6, r7, [sp, #24]\n\t" #endif /* Load x[0]..x[12] into registers. */ - "ldm lr, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t" + "ldm lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t" /* 10x 2 full rounds to perform. */ "mov lr, #10\n\t" "str lr, [sp, #48]\n\t" @@ -414,9 +418,9 @@ void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len /* Store in over field of ChaCha. */ "ldr lr, [sp, #32]\n\t" "add r12, lr, #0x44\n\t" - "stm r12!, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" - "ldm sp, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" - "stm r12, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t" + "stm r12!, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" + "stm r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "ldr %[m], [sp, #40]\n\t" "ldr %[len], [sp, #44]\n\t" @@ -482,13 +486,15 @@ void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len "\n" "L_chacha_arm32_crypt_done_%=: \n\t" "add sp, sp, #52\n\t" - : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) + : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); } -void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, word32 len_p) +void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, + word32 len_p) { register byte* over asm ("r0") = (byte*)over_p; register byte* output asm ("r1") = (byte*)output_p; @@ -553,9 +559,10 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, word3 "b L_chacha_arm32_over_byte_loop_%=\n\t" "\n" "L_chacha_arm32_over_done_%=: \n\t" - : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), [len] "+r" (len) + : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), + [len] "+r" (len) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index 69cb22e4e..bf8daeec0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S + * ruby ./x25519/x25519.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 09ef2eb43..d00916ec6 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c + * ruby ./x25519/x25519.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c */ #ifdef HAVE_CONFIG_H @@ -282,7 +283,7 @@ void fe_add_sub_op() /* Done Add-Sub */ : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -324,7 +325,7 @@ void fe_sub_op() /* Done Sub */ : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -336,9 +337,10 @@ void fe_sub(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_sub_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -381,7 +383,7 @@ void fe_add_op() /* Done Add */ : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -393,9 +395,10 @@ void fe_add(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_add_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -427,9 +430,9 @@ void fe_frombytes(fe out_p, const unsigned char* in_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [in] "+r" (in) + : [out] "+r" (out), [in] "+r" (in) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -471,9 +474,9 @@ void fe_tobytes(unsigned char* out_p, const fe n_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [n] "+r" (n) + : [out] "+r" (out), [n] "+r" (n) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12" ); } @@ -494,7 +497,7 @@ void fe_1(fe n_p) "stm %[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" : [n] "+r" (n) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -515,7 +518,7 @@ void fe_0(fe n_p) "stm %[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" : [n] "+r" (n) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -574,9 +577,9 @@ void fe_copy(fe r_p, const fe a_p) #else "strd r4, r5, [%[r], #24]\n\t" #endif - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5" ); } @@ -601,9 +604,9 @@ void fe_neg(fe r_p, const fe a_p) "sbcs r4, lr, r4\n\t" "sbc r5, r12, r5\n\t" "stm %[r]!, {r2, r3, r4, r5}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr" ); } @@ -645,7 +648,8 @@ int fe_isnonzero(const fe a_p) "orr %[a], r2, r4\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r12" ); return (uint32_t)(size_t)a; } @@ -671,7 +675,7 @@ int fe_isnegative(const fe a_p) "eor %[a], %[a], r1\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5" ); return (uint32_t)(size_t)a; } @@ -2405,9 +2409,10 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #else "strd r8, r9, [%[r], #88]\n\t" #endif - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", + "r11", "r12", "lr" ); } @@ -2525,9 +2530,10 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) "and r7, r7, lr\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" "sub %[base], %[base], %[b]\n\t" - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -2914,7 +2920,7 @@ void fe_mul_op() "add sp, sp, #40\n\t" : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -3057,7 +3063,7 @@ void fe_mul_op() "add sp, sp, #16\n\t" : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -3070,9 +3076,10 @@ void fe_mul(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_mul_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -3349,7 +3356,7 @@ void fe_sq_op() "add sp, sp, #0x44\n\t" : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -3478,7 +3485,7 @@ void fe_sq_op() "stm lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" : : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -3490,9 +3497,10 @@ void fe_sq(fe r_p, const fe a_p) __asm__ __volatile__ ( "bl fe_sq_op\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10", "r11" ); } @@ -3562,9 +3570,10 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); } @@ -3620,9 +3629,10 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); } @@ -4010,9 +4020,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "bl fe_mul_op\n\t" "mov r0, #0\n\t" "add sp, sp, #0xbc\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -4323,9 +4334,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "mov r0, #0\n\t" "add sp, sp, #0xc0\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -4497,9 +4509,10 @@ void fe_invert(fe r_p, const fe a_p) "ldr %[a], [sp, #132]\n\t" "ldr %[r], [sp, #128]\n\t" "add sp, sp, #0x88\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" ); } @@ -4817,9 +4830,9 @@ void fe_sq2(fe r_p, const fe a_p) "ldr r0, [sp, #64]\n\t" "stm r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -4996,9 +5009,9 @@ void fe_sq2(fe r_p, const fe a_p) "stm r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "mov r0, r12\n\t" "mov r1, lr\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "lr", "cc" + : "memory", "cc", "lr" ); } @@ -5167,9 +5180,10 @@ void fe_pow22523(fe r_p, const fe a_p) "ldr %[a], [sp, #100]\n\t" "ldr %[r], [sp, #96]\n\t" "add sp, sp, #0x68\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : - : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" ); } @@ -5197,9 +5211,10 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x40\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : - : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" ); } @@ -5232,9 +5247,10 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x60\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : - : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" ); } @@ -5279,9 +5295,10 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p) "mov r1, r0\n\t" "bl fe_sub_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5365,9 +5382,10 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r1, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5452,9 +5470,10 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5539,9 +5558,10 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5626,9 +5646,10 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #0x40\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -6408,7 +6429,8 @@ void sc_reduce(byte* s_p) "add sp, sp, #56\n\t" : [s] "+r" (s) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); } @@ -7059,7 +7081,8 @@ void sc_reduce(byte* s_p) "add sp, sp, #56\n\t" : [s] "+r" (s) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); } @@ -7076,7 +7099,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) __asm__ __volatile__ ( "sub sp, sp, #0x50\n\t" "add lr, sp, #0x44\n\t" - "stm lr, {%[s], %[a], %[c]}\n\t" + "stm lr, {r0, r1, r3}\n\t" "mov %[s], #0\n\t" "ldr r12, [%[a]]\n\t" /* A[0] * B[0] */ @@ -7402,24 +7425,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "adc r10, %[s], #0\n\t" "umlal r9, r10, r12, lr\n\t" "add lr, sp, #32\n\t" - "stm lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t" + "stm lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "mov %[s], sp\n\t" /* Add c to a * b */ "ldr lr, [sp, #76]\n\t" - "ldm %[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" - "ldm lr!, {%[a], r10, r11, r12}\n\t" + "ldm %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" + "ldm lr!, {r1, r10, r11, r12}\n\t" "adds %[b], %[b], %[a]\n\t" "adcs %[c], %[c], r10\n\t" "adcs r4, r4, r11\n\t" "adcs r5, r5, r12\n\t" - "ldm lr!, {%[a], r10, r11, r12}\n\t" + "ldm lr!, {r1, r10, r11, r12}\n\t" "adcs r6, r6, %[a]\n\t" "adcs r7, r7, r10\n\t" "adcs r8, r8, r11\n\t" "adcs r9, r9, r12\n\t" "mov %[a], r9\n\t" - "stm %[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" - "ldm %[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" + "stm %[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" + "ldm %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" "adcs %[b], %[b], #0\n\t" "adcs %[c], %[c], #0\n\t" "adcs r4, r4, #0\n\t" @@ -7918,7 +7941,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "mov r12, sp\n\t" /* Load bits 252-376 */ "add r12, r12, #28\n\t" - "ldm r12, {%[a], %[b], %[c], r4, r5}\n\t" + "ldm r12, {r1, r2, r3, r4, r5}\n\t" "lsl r5, r5, #4\n\t" "orr r5, r5, r4, lsr #28\n\t" "lsl r4, r4, #4\n\t" @@ -8097,7 +8120,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "sbcs r9, r9, r5\n\t" "sbc %[a], %[a], %[a]\n\t" "sub %[s], %[s], #16\n\t" - "ldm %[s], {%[b], %[c], r4, r5}\n\t" + "ldm %[s], {r2, r3, r4, r5}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r10, #0x5c\n\t" "lsl r10, r10, #8\n\t" @@ -8199,9 +8222,10 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12", "lr" ); } @@ -8216,9 +8240,9 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) __asm__ __volatile__ ( "sub sp, sp, #0x50\n\t" "add lr, sp, #0x44\n\t" - "stm lr, {%[s], %[a], %[c]}\n\t" + "stm lr, {r0, r1, r3}\n\t" "mov lr, %[b]\n\t" - "ldm %[a], {%[s], %[a], %[b], %[c]}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[s], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -8263,7 +8287,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, %[c], r7\n\t" - "ldm %[s], {%[s], %[a], %[b], %[c]}\n\t" + "ldm %[s], {r0, r1, r2, r3}\n\t" "str r6, [sp, #64]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -8315,24 +8339,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "umaal r9, r10, %[c], lr\n\t" "mov %[c], r12\n\t" "add lr, sp, #32\n\t" - "stm lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t" + "stm lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "mov %[s], sp\n\t" /* Add c to a * b */ "ldr lr, [sp, #76]\n\t" - "ldm %[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" - "ldm lr!, {%[a], r10, r11, r12}\n\t" + "ldm %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" + "ldm lr!, {r1, r10, r11, r12}\n\t" "adds %[b], %[b], %[a]\n\t" "adcs %[c], %[c], r10\n\t" "adcs r4, r4, r11\n\t" "adcs r5, r5, r12\n\t" - "ldm lr!, {%[a], r10, r11, r12}\n\t" + "ldm lr!, {r1, r10, r11, r12}\n\t" "adcs r6, r6, %[a]\n\t" "adcs r7, r7, r10\n\t" "adcs r8, r8, r11\n\t" "adcs r9, r9, r12\n\t" "mov %[a], r9\n\t" - "stm %[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" - "ldm %[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t" + "stm %[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" + "ldm %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" "adcs %[b], %[b], #0\n\t" "adcs %[c], %[c], #0\n\t" "adcs r4, r4, #0\n\t" @@ -8738,7 +8762,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "mov r12, sp\n\t" /* Load bits 252-376 */ "add r12, r12, #28\n\t" - "ldm r12, {%[a], %[b], %[c], r4, r5}\n\t" + "ldm r12, {r1, r2, r3, r4, r5}\n\t" "lsl r5, r5, #4\n\t" "orr r5, r5, r4, lsr #28\n\t" "lsl r4, r4, #4\n\t" @@ -8881,7 +8905,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "sbcs r9, r9, r5\n\t" "sbc %[a], %[a], %[a]\n\t" "sub %[s], %[s], #16\n\t" - "ldm %[s], {%[b], %[c], r4, r5}\n\t" + "ldm %[s], {r2, r3, r4, r5}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r10, #0x5c\n\t" "lsl r10, r10, #8\n\t" @@ -8983,9 +9007,10 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12", "lr" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index ffbd7b270..d7225828f 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./poly1305/poly1305.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S + * ruby ./poly1305/poly1305.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index 287129357..da604101b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./poly1305/poly1305.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c + * ruby ./poly1305/poly1305.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c */ #ifdef HAVE_CONFIG_H @@ -54,7 +55,8 @@ #ifdef HAVE_POLY1305 #include -void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, int notLast_p) +void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, + int notLast_p) { register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; register const byte* m asm ("r1") = (const byte*)m_p; @@ -66,7 +68,7 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, in "cmp %[len], #0\n\t" "beq L_poly1305_arm32_16_done_%=\n\t" "add lr, sp, #12\n\t" - "stm lr, {%[ctx], %[m], %[len], %[notLast]}\n\t" + "stm lr, {r0, r1, r2, r3}\n\t" /* Get h pointer */ "add lr, %[ctx], #16\n\t" "ldm lr, {r4, r5, r6, r7, r8}\n\t" @@ -187,7 +189,7 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, in "mov r12, %[ctx]\n\t" "mla r11, %[notLast], %[len], r11\n\t" #else - "ldm %[m], {%[ctx], %[m], %[len], %[notLast]}\n\t" + "ldm %[m], {r0, r1, r2, r3}\n\t" /* r[0] * h[0] */ "umull r10, r11, %[ctx], r4\n\t" /* r[1] * h[0] */ @@ -270,9 +272,11 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, in "\n" "L_poly1305_arm32_16_done_%=: \n\t" "add sp, sp, #28\n\t" - : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), [notLast] "+r" (notLast) + : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), + [notLast] "+r" (notLast) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); } @@ -284,7 +288,8 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) { register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; register const byte* key asm ("r1") = (const byte*)key_p; - register uint32_t* L_poly1305_arm32_clamp_c asm ("r2") = (uint32_t*)&L_poly1305_arm32_clamp; + register uint32_t* L_poly1305_arm32_clamp_c asm ("r2") = + (uint32_t*)&L_poly1305_arm32_clamp; __asm__ __volatile__ ( /* Load mask. */ @@ -318,9 +323,10 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) "stm lr, {r5, r6, r7, r8, r12}\n\t" /* Zero leftover */ "str r5, [%[ctx], #52]\n\t" - : [ctx] "+r" (ctx), [key] "+r" (key), [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) + : [ctx] "+r" (ctx), [key] "+r" (key), + [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); } @@ -373,9 +379,10 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) /* Zero out padding. */ "add r9, %[ctx], #36\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [ctx] "+r" (ctx), [mac] "+r" (mac) + : [ctx] "+r" (ctx), [mac] "+r" (mac) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index 14a1ec48f..bcbf3273a 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S + * ruby ./sha2/sha256.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 391075340..0a2e15e9b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c + * ruby ./sha2/sha256.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c */ #ifdef HAVE_CONFIG_H @@ -74,13 +75,14 @@ static const uint32_t L_SHA256_transform_len_k[] = { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, }; -void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len); +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p); void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) { register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_len_k; + register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = + (uint32_t*)&L_SHA256_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -1732,9 +1734,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "add %[data], %[data], #0x40\n\t" "bne L_SHA256_transform_len_begin_%=\n\t" "add sp, sp, #0xc0\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -1761,13 +1765,14 @@ static const uint32_t L_SHA256_transform_neon_len_k[] = { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, }; -void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len); +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p); void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) { register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_neon_len_k; + register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = + (uint32_t*)&L_SHA256_transform_neon_len_k; __asm__ __volatile__ ( "sub sp, sp, #24\n\t" @@ -2794,9 +2799,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "str r10, [sp, #8]\n\t" "bne L_SHA256_transform_neon_len_begin_%=\n\t" "add sp, sp, #24\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", + "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", + "d10", "d11" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 6077a88b3..7d2c60a89 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S + * ruby ./sha3/sha3.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index 1a54d8af3..832aac1cb 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c + * ruby ./sha3/sha3.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c */ #ifdef HAVE_CONFIG_H @@ -73,7 +74,8 @@ static const uint64_t L_sha3_arm2_neon_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt; + register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = + (uint64_t*)&L_sha3_arm2_neon_rt; __asm__ __volatile__ ( "sub sp, sp, #16\n\t" @@ -333,9 +335,13 @@ void BlockSha3(word64* state_p) "vst1.8 {d20-d23}, [%[state]]!\n\t" "vst1.8 {d24}, [%[state]]\n\t" "add sp, sp, #16\n\t" - : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) + : [state] "+r" (state), + [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) : - : "memory", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc" + : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", + "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", + "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", + "d26", "d27", "d28", "d29", "d30", "d31" ); } @@ -361,12 +367,11 @@ static const uint64_t L_sha3_arm2_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt; - register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt; + register uint64_t* L_sha3_arm2_rt_c asm ("r1") = + (uint64_t*)&L_sha3_arm2_rt; __asm__ __volatile__ ( "sub sp, sp, #0xcc\n\t" - "mov r1, %[L_sha3_arm2_rt]\n\t" "mov r2, #12\n\t" "\n" "L_sha3_arm32_begin_%=: \n\t" @@ -2341,9 +2346,10 @@ void BlockSha3(word64* state_p) "subs r2, r2, #1\n\t" "bne L_sha3_arm32_begin_%=\n\t" "add sp, sp, #0xcc\n\t" - : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) + : [state] "+r" (state), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" ); } diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 4dbfeafad..1df40cfc8 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S + * ruby ./sha2/sha512.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S */ #ifdef HAVE_CONFIG_H diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index b59668d12..eaaa6c7e8 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -21,7 +21,8 @@ /* Generated using (from wolfssl): * cd ../scripts - * ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c + * ruby ./sha2/sha512.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c */ #ifdef HAVE_CONFIG_H @@ -98,13 +99,14 @@ static const uint64_t L_SHA512_transform_len_k[] = { 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL, }; -void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len); +void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p); void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) { register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_len_k; + register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = + (uint64_t*)&L_SHA512_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -7601,9 +7603,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "bne L_SHA512_transform_len_begin_%=\n\t" "eor r0, r0, r0\n\t" "add sp, sp, #0xc0\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -7654,13 +7658,14 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = { 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL, }; -void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len); +void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p); void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) { register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_neon_len_k; + register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = + (uint64_t*)&L_SHA512_transform_neon_len_k; __asm__ __volatile__ ( /* Load digest into working vars */ @@ -9151,9 +9156,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "subs %[len], %[len], #0x80\n\t" "sub r3, r3, #0x280\n\t" "bne L_SHA512_transform_neon_len_begin_%=\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) : - : "memory", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15", "cc" + : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", + "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", + "q10", "q11", "q12", "q13", "q14", "q15" ); } diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c index b5b516705..5b1fd5baa 100644 --- a/wolfcrypt/src/port/arm/armv8-chacha.c +++ b/wolfcrypt/src/port/arm/armv8-chacha.c @@ -166,7 +166,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) ret = BAD_FUNC_ARG; } - if (ret == 0) { + if (ret == 0) { ctx->left = 0; wc_chacha_setkey(ctx->X, key, keySz); From bb67069e4a031aa9d45179286a1f578b7b4a88ed Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 30 Sep 2024 22:05:26 +1000 Subject: [PATCH 068/325] Kyber original: fix to work Encapsulate the message (hash of rand) for original. Final of FIPS 203 uses rand. --- wolfcrypt/src/wc_kyber.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c index 8e56bcc0e..a53091c61 100644 --- a/wolfcrypt/src/wc_kyber.c +++ b/wolfcrypt/src/wc_kyber.c @@ -630,7 +630,11 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, if (ret == 0) { /* Encapsulate the message using the key and the seed (coins). */ +#ifdef WOLFSSL_KYBER_ORIGINAL + ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); +#else ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); +#endif } #ifdef WOLFSSL_KYBER_ORIGINAL From 65853a41b9f3f28ffd367331279419767bf64c6b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 30 Sep 2024 23:19:49 -0500 Subject: [PATCH 069/325] fixes, coddling, and suppressions for clang-tidy complaints: examples/pem/pem.c: fix stdio stream leaks. src/ssl.c and src/ssl_load.c: suppress concurrency-mt-unsafe around getenv(). getenv() is threadsafe as long as no threads putenv() or setenv(). wolfssl/openssl/asn1.h: add parentheses to fix bugprone-macro-parentheses in ASN1_EX_TEMPLATE_TYPE(), and suppress misfiring bugprone-macro-parentheses around IMPLEMENT_ASN1_FUNCTIONS(). --- examples/pem/pem.c | 7 +++++++ src/ssl.c | 6 +++++- src/ssl_load.c | 8 +++++--- wolfssl/openssl/asn1.h | 8 ++++---- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/examples/pem/pem.c b/examples/pem/pem.c index a58314d6d..8d2659d40 100644 --- a/examples/pem/pem.c +++ b/examples/pem/pem.c @@ -1024,6 +1024,13 @@ int main(int argc, char* argv[]) if (ret < 0) { fprintf(stderr, "%s\n", wc_GetErrorString(ret)); } + + if (in_file != stdin) + (void)fclose(in_file); + + if (out_file != stdout) + (void)fclose(out_file); + return (ret == 0) ? 0 : 1; } diff --git a/src/ssl.c b/src/ssl.c index e2e040bfc..2b47d3c6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23984,7 +23984,7 @@ int wolfSSL_RAND_seed(const void* seed, int len) */ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) { -#if !defined(NO_FILESYSTEM) && defined(XGETENV) +#if !defined(NO_FILESYSTEM) && defined(XGETENV) && !defined(NO_GETENV) char* rt; WOLFSSL_ENTER("wolfSSL_RAND_file_name"); @@ -23995,6 +23995,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) XMEMSET(fname, 0, len); +/* // NOLINTBEGIN(concurrency-mt-unsafe) */ if ((rt = XGETENV("RANDFILE")) != NULL) { if (len > XSTRLEN(rt)) { XMEMCPY(fname, rt, XSTRLEN(rt)); @@ -24004,6 +24005,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) rt = NULL; } } +/* // NOLINTEND(concurrency-mt-unsafe) */ /* $RANDFILE was not set or is too large, check $HOME */ if (rt == NULL) { @@ -24011,6 +24013,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) WOLFSSL_MSG("Environment variable RANDFILE not set"); +/* // NOLINTBEGIN(concurrency-mt-unsafe) */ if ((rt = XGETENV("HOME")) == NULL) { #ifdef XALTHOMEVARNAME if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) { @@ -24023,6 +24026,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) return NULL; #endif } +/* // NOLINTEND(concurrency-mt-unsafe) */ if (len > XSTRLEN(rt) + XSTRLEN(ap)) { fname[0] = '\0'; diff --git a/src/ssl_load.c b/src/ssl_load.c index f20de2c34..0361edbdf 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5099,7 +5099,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) { int ret; -#ifdef XGETENV +#if defined(XGETENV) && !defined(NO_GETENV) char* certDir = NULL; char* certFile = NULL; word32 flags = 0; @@ -5109,7 +5109,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); -#ifdef XGETENV +#if defined(XGETENV) && !defined(NO_GETENV) + /* // NOLINTBEGIN(concurrency-mt-unsafe) */ certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; @@ -5133,6 +5134,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) ret = 0; } } + /* // NOLINTEND(concurrency-mt-unsafe) */ else #endif @@ -5157,7 +5159,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) #endif } -#ifdef XGETENV +#if defined(XGETENV) && !defined(NO_GETENV) XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 9ae07986f..5fbb726c5 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -270,8 +270,8 @@ typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM; (WolfsslAsn1FreeCb)member_type##_free, \ (WolfsslAsn1i2dCb)i2d_##member_type, \ (WolfsslAsn1d2iCb)d2i_##member_type, \ - 0, flags & ASN1_TFLG_TAG_MASK ? tag : -1, 0, \ - !!(flags & ASN1_TFLG_EXPLICIT), TRUE } + 0, (flags) & ASN1_TFLG_TAG_MASK ? (tag) : -1, 0, \ + !!((flags) & ASN1_TFLG_EXPLICIT), TRUE } WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl); WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj, @@ -282,7 +282,7 @@ WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len, const WOLFSSL_ASN1_ITEM* item); /* Need function declaration otherwise compiler complains */ -/* // NOLINTBEGIN(readability-named-parameter) */ +/* // NOLINTBEGIN(readability-named-parameter,bugprone-macro-parentheses) */ #define IMPLEMENT_ASN1_FUNCTIONS(type) \ type *type##_new(void); \ type *type##_new(void){ \ @@ -303,7 +303,7 @@ WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len, return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \ &type##_template_data); \ } -/* // NOLINTEND(readability-named-parameter) */ +/* // NOLINTEND(readability-named-parameter,bugprone-macro-parentheses) */ #endif /* OPENSSL_ALL */ From 7e69c2049bfa2ca129a3441aea050bbbf9a90d83 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 1 Oct 2024 06:45:37 +0000 Subject: [PATCH 070/325] dtls cid: address reviewer's comments --- src/ssl.c | 10 +++++++++- src/tls.c | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 98f1b80f2..c65d6ecc6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4850,7 +4850,7 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; - if (ssl->version.major == SSLv3_MAJOR || ssl->version.major == DTLS_MAJOR) { + if (ssl->version.major == SSLv3_MAJOR) { switch (ssl->version.minor) { case SSLv3_MINOR : return WOLFSSL_SSLV3; @@ -4862,6 +4862,13 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) return WOLFSSL_TLSV1_2; case TLSv1_3_MINOR : return WOLFSSL_TLSV1_3; + default: + break; + } + } +#ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { case DTLS_MINOR : return WOLFSSL_DTLSV1; case DTLSv1_2_MINOR : @@ -4872,6 +4879,7 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) break; } } +#endif /* WOLFSSL_DTLS */ return VERSION_ERROR; } diff --git a/src/tls.c b/src/tls.c index 71f1c3e81..ab77cc268 100644 --- a/src/tls.c +++ b/src/tls.c @@ -913,8 +913,8 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) (word32)digestSz); if (ret == 0) ret = wc_HashFinal(&hash, hashType, mac); + wc_HashFree(&hash, hashType); } - wc_HashFree(&hash, hashType); return ret; } From 75a676bc7ee2c6f88f107348c695e15f21e67385 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 1 Oct 2024 03:19:31 -0700 Subject: [PATCH 071/325] Espressif _thread_local_start and _thread_local_end fix --- wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 7cea73bda..443438f70 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -93,8 +93,11 @@ extern wc_ptr_t _heap_start[]; extern wc_ptr_t _heap_end[]; extern wc_ptr_t _rtc_data_start[]; extern wc_ptr_t _rtc_data_end[]; -extern void* _thread_local_start; -extern void* _thread_local_end; + +#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 + extern void* _thread_local_start; + extern void* _thread_local_end; +#endif /* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */ #define MEM_MAP_IO_START ((void*)(0x3FF00000)) @@ -186,7 +189,9 @@ int sdk_init_meminfo(void) { sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */ sdk_log_meminfo(mem_map_io, MEM_MAP_IO_START, MEM_MAP_IO_END); +#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 sdk_log_meminfo(thread_local, _thread_local_start, _thread_local_end); +#endif sdk_log_meminfo(data, _data_start, _data_end); sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); sdk_log_meminfo(bss, _bss_start, _bss_end); From 3193ecb2c3537568433216d6b595295c667b3933 Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Tue, 1 Oct 2024 15:07:59 +0200 Subject: [PATCH 072/325] fixed Wconversion in the api.c file --- tests/api.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 6d3cc4043..563f477af 100644 --- a/tests/api.c +++ b/tests/api.c @@ -73076,7 +73076,7 @@ static int test_wolfSSL_OBJ_sn(void) #if !defined(NO_BIO) static word32 TXT_DB_hash(const WOLFSSL_STRING *s) { - return lh_strhash(s[3]); + return (word32)lh_strhash(s[3]); } static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b) @@ -73124,7 +73124,8 @@ static int test_wolfSSL_TXT_DB(void) BIO_free(bio); /* Test index */ - ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash, + ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, + (wolf_sk_hash_cb)(long unsigned int)TXT_DB_hash, (wolf_lh_compare_cb)TXT_DB_cmp), 1); ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = "12DA"; From 666e658398e4593e79dd8410f8acff15f53bcc51 Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Tue, 1 Oct 2024 16:28:31 +0200 Subject: [PATCH 073/325] trailing spaces and overlong lines fixes --- src/tls.c | 5 +++-- src/tls13.c | 12 ++++++++---- tests/api.c | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/tls.c b/src/tls.c index 7774a85cb..2cf9fee42 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1020,7 +1020,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, if (ret != 0) return ret; ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz - - WOLFSSL_TLS_HMAC_INNER_SZ)); + WOLFSSL_TLS_HMAC_INNER_SZ)); if (ret != 0) return ret; } @@ -1278,7 +1278,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #endif { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, - (sz + hashSz + (word32)padSz + 1), (int)hashSz, myInner); + (sz + hashSz + (word32)padSz + 1), + (int)hashSz, myInner); } #else ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, diff --git a/src/tls13.c b/src/tls13.c index 2c772ed59..2b266d837 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7604,7 +7604,8 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) /* This handshake message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - (int)(idx - RECORD_HEADER_SZ), handshake, 1, 0, 0); + (int)(idx - RECORD_HEADER_SZ), + handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -8701,7 +8702,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) { /* This message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, - output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ), handshake, 1, + output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ), + handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -9152,7 +9154,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* !NO_RSA */ #ifdef HAVE_ECC if (ssl->hsType == DYNAMIC_TYPE_ECC) { - args->sigLen = (word32)args->sendSz - args->idx - HASH_SIG_SIZE - + args->sigLen = (word32)args->sendSz - args->idx - + HASH_SIG_SIZE - VERIFY_HEADER; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (ssl->buffers.keyType != sm2_sa_algo) @@ -10868,7 +10871,8 @@ static int SendTls13Finished(WOLFSSL* ssl) input = output + Dtls13GetRlHeaderLength(ssl, 1); #endif /* WOLFSSL_DTLS13 */ - AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz, finished, ssl); + AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz, + finished, ssl); #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ssl->options.side == WOLFSSL_CLIENT_END) { diff --git a/tests/api.c b/tests/api.c index 563f477af..ddb242192 100644 --- a/tests/api.c +++ b/tests/api.c @@ -73124,7 +73124,7 @@ static int test_wolfSSL_TXT_DB(void) BIO_free(bio); /* Test index */ - ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, + ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)(long unsigned int)TXT_DB_hash, (wolf_lh_compare_cb)TXT_DB_cmp), 1); ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); From a04871f153f1726944ee18c1d752e98216bfc398 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 1 Oct 2024 16:03:37 -0500 Subject: [PATCH 074/325] examples/pem/pem.c: fix double-free introduced in 65853a41b9; configure.ac and src/include.am: add ENABLED_ARM_THUMB, BUILD_ARM_THUMB, BUILD_ARM_NONTHUMB, ENABLED_ARM_64, BUILD_ARM_64, ENABLED_ARM_32. and BUILD_ARM_32, and use them to gate building of ARM asm files, to fix "ISO C forbids an empty translation unit" warnings (the warning only affects inline asm files, but the gating is deployed more widely). --- configure.ac | 13 ++++ examples/pem/pem.c | 63 +++++++++------ src/include.am | 188 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 234 insertions(+), 30 deletions(-) diff --git a/configure.ac b/configure.ac index 82ad48364..f9122fb6e 100644 --- a/configure.ac +++ b/configure.ac @@ -2985,6 +2985,7 @@ then AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" ENABLED_ARMASM_CRYPTO=yes ENABLED_ARMASM_NEON=yes + ENABLED_ARM_64=yes # Check for and set -mstrict-align compiler flag # Used to set assumption that Aarch64 systems will not handle @@ -3010,6 +3011,7 @@ then ENABLED_ARMASM_CRYPTO=no ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=yes + ENABLED_ARM_32=yes AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon]) if test "$ENABLED_FIPS" != "no" || test "$HAVE_FIPS_VERSION_MAJOR" -ge 5; @@ -3028,6 +3030,8 @@ then ENABLED_ARMASM_CRYPTO=no ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=no + ENABLED_ARM_THUMB=yes + ENABLED_ARM_32=yes AC_MSG_NOTICE([32bit ARMv7-m found]) if test "$ENABLED_FIPS" != "no" || test "$HAVE_FIPS_VERSION_MAJOR" -ge 5; @@ -3044,6 +3048,7 @@ then ENABLED_ARMASM_CRYPTO=no ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=no + ENABLED_ARM_32=yes AC_MSG_NOTICE([32bit ARMv6 found]) ;; armv4*) @@ -3052,6 +3057,7 @@ then ENABLED_ARMASM_CRYPTO=no ENABLED_AESGCM_STREAM=no # not yet implemented ENABLED_ARMASM_NEON=no + ENABLED_ARM_32=yes AC_MSG_NOTICE([32bit ARMv4 found]) ;; *) @@ -3060,6 +3066,7 @@ then AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" ENABLED_ARMASM_CRYPTO=yes ENABLED_ARMASM_NEON=yes + ENABLED_ARM_32=yes AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]) ;; esac @@ -8357,6 +8364,7 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" ENABLED_SP_ARM_CORTEX_ASM=yes + ENABLED_ARM_THUMB=yes ;; *armv6*) if test "$ENABLED_ARMASM" = "no"; then @@ -8935,6 +8943,7 @@ case $host_cpu in *arm*) if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6" + ENABLED_ARM_THUMB=yes else if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5" @@ -9755,6 +9764,10 @@ AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"]) +AM_CONDITIONAL([BUILD_ARM_THUMB],[test "$ENABLED_ARM_THUMB" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) +AM_CONDITIONAL([BUILD_ARM_NONTHUMB],[test "$ENABLED_ARM_THUMB" != "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) +AM_CONDITIONAL([BUILD_ARM_32],[test "$ENABLED_ARM_32" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) +AM_CONDITIONAL([BUILD_ARM_64],[test "$ENABLED_ARM_64" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"]) AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"]) AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"]) diff --git a/examples/pem/pem.c b/examples/pem/pem.c index 8d2659d40..75ea0222d 100644 --- a/examples/pem/pem.c +++ b/examples/pem/pem.c @@ -127,8 +127,6 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen) /* Set data to new pointer. */ data = p; } - /* Done with file. */ - fclose(fp); } if (data != NULL) { @@ -161,8 +159,6 @@ static int WriteFile(FILE* fp, const char* data, word32 len) fprintf(stderr, "Failed to write\n"); ret = 1; } - /* Close file. */ - fclose(fp); return ret; } @@ -766,7 +762,8 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No type string provided\n"); - return 1; + ret = 1; + goto out; } type_str = argv[0]; } @@ -776,16 +773,19 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); - return 1; + ret = 1; + goto out; } if (in_file != stdin) { fprintf(stderr, "At most one input file can be supplied.\n"); - return 1; + ret = 1; + goto out; } in_file = fopen(argv[0], "r"); if (in_file == NULL) { fprintf(stderr, "File not able to be read: %s\n", argv[0]); - return 1; + ret = 1; + goto out; } } /* Name of output file. */ @@ -794,7 +794,8 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); - return 1; + ret = 1; + goto out; } out_name = argv[0]; } @@ -805,7 +806,8 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); - return 1; + ret = 1; + goto out; } offset = (word32)strtoul(argv[0], NULL, 10); } @@ -817,7 +819,8 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No password provided\n"); - return 1; + ret = 1; + goto out; } info.passwd_cb = password_from_userdata; info.passwd_userdata = argv[0]; @@ -846,10 +849,12 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No PBE version provided\n"); - return 1; + ret = 1; + goto out; } if (StringToPbeVer(argv[0], &pbe_ver) != 0) { - return 1; + ret = 1; + goto out; } } /* PBE algorithm. */ @@ -859,10 +864,12 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No PBE provided\n"); - return 1; + ret = 1; + goto out; } if (StringToPbe(argv[0], &pbe) != 0) { - return 1; + ret = 1; + goto out; } } /* PBES2 algorithm. */ @@ -872,10 +879,12 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No PBE algorithm provided\n"); - return 1; + ret = 1; + goto out; } if (StringToPbeAlg(argv[0], &pbe_alg) != 0) { - return 1; + ret = 1; + goto out; } } /* Number of PBE iterations. */ @@ -885,7 +894,8 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); - return 1; + ret = 1; + goto out; } iterations = (unsigned int)strtoul(argv[0], NULL, 10); } @@ -896,13 +906,15 @@ int main(int argc, char* argv[]) argv++; if (argc == 0) { fprintf(stderr, "No salt size provided\n"); - return 1; + ret = 1; + goto out; } salt_sz = (unsigned int)strtoul(argv[0], NULL, 10); if (salt_sz > SALT_MAX_LEN) { fprintf(stderr, "Salt size must be no bigger than %d: %d\n", SALT_MAX_LEN, salt_sz); - return 1; + ret = 1; + goto out; } } #endif /* WOLFSSL_ENCRYPTED_KEYS !NO_PWDBASED */ @@ -918,12 +930,14 @@ int main(int argc, char* argv[]) else if ((strcmp(argv[0], "-?") == 0) || (strcmp(argv[0], "--help") == 0)) { Usage(); - return 0; + ret = 0; + goto out; } else { fprintf(stderr, "Bad option: %s\n", argv[0]); Usage(); - return 1; + ret = 1; + goto out; } /* Move on to next command line argument. */ @@ -1005,6 +1019,7 @@ int main(int argc, char* argv[]) } } +out: /* Dispose of allocated data. */ if (der != NULL) { wc_FreeDer(&der); @@ -1025,10 +1040,10 @@ int main(int argc, char* argv[]) fprintf(stderr, "%s\n", wc_GetErrorString(ret)); } - if (in_file != stdin) + if ((in_file != stdin) && (in_file != NULL)) (void)fclose(in_file); - if (out_file != stdout) + if ((out_file != stdout) && (out_file != NULL)) (void)fclose(out_file); return (ret == 0) ? 0 : 1; diff --git a/src/include.am b/src/include.am index bb710b1cb..8e1f16f89 100644 --- a/src/include.am +++ b/src/include.am @@ -172,11 +172,19 @@ endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM endif !BUILD_ARMASM_NEON @@ -211,11 +219,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S +endif endif !BUILD_ARMASM_INLINE else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c @@ -248,11 +264,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S +endif endif !BUILD_ARMASM_INLINE else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c @@ -277,11 +301,19 @@ endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM_NEON if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM if BUILD_RISCV_ASM @@ -342,11 +374,19 @@ endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM endif !BUILD_ARMASM_NEON @@ -377,11 +417,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S +endif endif !BUILD_ARMASM_INLINE else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c @@ -412,11 +460,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S +endif endif !BUILD_ARMASM_INLINE else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c @@ -439,11 +495,19 @@ endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM_NEON if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM if BUILD_RISCV_ASM @@ -489,13 +553,29 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519. endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +endif +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +endif else +if BUILD_ARM_NONTHUMB +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +endif endif !BUILD_ARMASM_INLINE endif !BUILD_ARMASM_NEON endif BUILD_ARMASM @@ -599,11 +679,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S +endif endif !BUILD_ARMASM_INLINE else if !BUILD_X86_ASM @@ -698,20 +786,36 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c endif BUILD_ARMASM if BUILD_ARMASM_NEON if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S +endif endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM endif !BUILD_ARMASM_NEON @@ -762,11 +866,19 @@ else if BUILD_ARMASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S +endif endif !BUILD_ARMASM_INLINE else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c @@ -793,11 +905,19 @@ endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM_NEON if BUILD_ARMASM if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S +endif endif !BUILD_ARMASM_INLINE endif BUILD_ARMASM if BUILD_RISCV_ASM @@ -915,14 +1035,26 @@ if !BUILD_FIPS_RAND if BUILD_POLY1305 if BUILD_ARMASM +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c +endif if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S +endif endif !BUILD_ARMASM_INLINE endif if BUILD_RISCV_ASM @@ -996,14 +1128,26 @@ endif if BUILD_CHACHA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c if BUILD_ARMASM +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c +endif if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c +endif else +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +endif +if BUILD_ARM_THUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S +endif endif !BUILD_ARMASM_INLINE else if BUILD_RISCV_ASM @@ -1099,21 +1243,45 @@ if BUILD_ARMASM if !BUILD_FIPS_V6 if BUILD_ARMASM_NEON if BUILD_ARMASM_INLINE +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +endif else +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM_INLINE +if BUILD_ARM_NONTHUMB +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +endif +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +endif else +if BUILD_ARM_NONTHUMB +if BUILD_ARM_32 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +endif +if BUILD_ARM_64 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +endif endif !BUILD_ARMASM_INLINE endif !BUILD_ARMASM_NEON endif !BUILD_FIPS_V6 @@ -1145,11 +1313,19 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519. endif !BUILD_ARMASM_INLINE else if BUILD_ARMASM_INLINE -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c +endif else -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +if BUILD_ARM_NONTHUMB src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S +endif +if BUILD_ARM_THUMB +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S +endif endif !BUILD_ARMASM_INLINE endif !BUILD_ARMASM_NEON else From 1690ad7366d67fc84b389e9368406180e726953c Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 1 Oct 2024 21:57:53 -0400 Subject: [PATCH 075/325] acert: correct XFREE call. --- src/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/x509.c b/src/x509.c index 759e1fc6f..be1d36f2b 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7355,7 +7355,7 @@ void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509) /* Finally memset and free x509 acert structure. */ XMEMSET(x509, 0, sizeof(*x509)); - XFREE(x509, x509->heap, NULL); + XFREE(x509, NULL, DYNAMIC_TYPE_X509_ACERT); return; } From 50bbdbbe4206edbfd77b1fb92f0c193c42cf2f17 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 25 Sep 2024 22:07:08 +1000 Subject: [PATCH 076/325] Dilithium: Final and draft available in one build Make draft version of ML-DSA compiled in with final. Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for the level to get the draft implementation. --- tests/api.c | 870 +++++++++++++++++++++++++++++++-- wolfcrypt/src/asn.c | 495 ++++++++++++++----- wolfcrypt/src/dilithium.c | 570 ++++++++++++++++----- wolfcrypt/test/test.c | 94 +++- wolfssl/wolfcrypt/asn.h | 6 + wolfssl/wolfcrypt/asn_public.h | 6 + wolfssl/wolfcrypt/dilithium.h | 43 ++ 7 files changed, 1759 insertions(+), 325 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0e8ae3a81..f0b4b600b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32875,7 +32875,6 @@ static int test_wc_dilithium_sign_vfy(void) { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) dilithium_key* key; @@ -33100,6 +33099,754 @@ static int test_wc_dilithium_check_key(void) #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +static const unsigned char ml_dsa_public_der[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + 0x30, 0x82, 0x05, 0x32, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x11, 0x03, 0x82, 0x05, 0x21, 0x00, + 0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48, + 0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16, + 0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64, + 0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7, + 0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5, + 0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC, + 0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14, + 0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA, + 0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA, + 0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A, + 0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7, + 0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6, + 0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7, + 0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F, + 0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA, + 0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40, + 0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37, + 0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A, + 0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F, + 0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15, + 0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89, + 0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0, + 0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC, + 0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76, + 0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76, + 0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D, + 0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00, + 0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8, + 0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F, + 0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC, + 0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54, + 0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80, + 0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4, + 0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4, + 0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB, + 0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F, + 0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6, + 0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9, + 0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA, + 0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00, + 0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29, + 0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79, + 0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F, + 0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80, + 0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64, + 0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7, + 0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61, + 0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61, + 0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50, + 0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD, + 0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21, + 0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38, + 0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45, + 0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14, + 0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD, + 0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9, + 0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65, + 0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3, + 0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9, + 0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38, + 0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F, + 0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5, + 0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0, + 0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04, + 0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC, + 0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27, + 0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76, + 0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35, + 0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC, + 0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6, + 0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F, + 0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED, + 0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C, + 0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55, + 0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3, + 0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F, + 0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA, + 0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA, + 0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D, + 0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35, + 0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13, + 0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4, + 0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C, + 0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A, + 0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95, + 0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B, + 0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42, + 0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB, + 0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF, + 0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6, + 0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19, + 0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B, + 0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1, + 0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE, + 0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79, + 0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51, + 0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5, + 0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63, + 0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96, + 0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA, + 0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92, + 0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F, + 0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18, + 0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24, + 0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF, + 0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4, + 0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3, + 0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD, + 0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF, + 0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61, + 0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F, + 0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13, + 0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70, + 0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42, + 0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A, + 0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D, + 0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86, + 0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39, + 0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99, + 0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85, + 0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7, + 0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3, + 0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29, + 0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA, + 0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6, + 0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F, + 0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC, + 0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03, + 0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09, + 0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF, + 0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD, + 0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1, + 0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8, + 0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60, + 0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF, + 0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F, + 0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60, + 0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA, + 0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC, + 0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34, + 0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99, + 0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF, + 0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D, + 0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D, + 0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55, + 0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE, + 0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54, + 0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68, + 0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B, + 0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15, + 0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF, + 0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED, + 0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2, + 0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98, + 0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2, + 0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F, + 0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02, + 0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51, + 0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3, + 0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A, + 0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E, + 0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4, + 0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F, + 0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34 +#elif !defined(WOLFSSL_NO_ML_DSA_65) + 0x30, 0x82, 0x07, 0xb2, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x12, 0x03, 0x82, 0x07, 0xa1, 0x00, + 0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35, + 0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52, + 0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC, + 0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C, + 0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC, + 0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A, + 0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8, + 0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D, + 0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1, + 0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D, + 0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89, + 0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49, + 0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95, + 0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F, + 0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3, + 0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C, + 0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51, + 0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56, + 0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06, + 0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F, + 0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06, + 0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6, + 0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18, + 0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB, + 0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19, + 0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65, + 0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A, + 0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1, + 0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8, + 0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A, + 0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8, + 0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B, + 0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13, + 0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28, + 0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81, + 0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00, + 0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1, + 0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18, + 0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80, + 0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47, + 0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09, + 0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD, + 0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C, + 0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD, + 0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5, + 0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2, + 0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F, + 0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09, + 0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F, + 0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC, + 0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC, + 0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20, + 0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91, + 0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D, + 0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29, + 0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47, + 0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92, + 0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7, + 0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2, + 0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24, + 0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7, + 0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35, + 0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7, + 0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD, + 0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE, + 0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25, + 0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1, + 0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45, + 0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E, + 0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE, + 0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45, + 0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E, + 0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54, + 0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04, + 0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E, + 0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48, + 0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D, + 0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C, + 0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC, + 0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73, + 0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B, + 0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA, + 0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88, + 0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE, + 0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB, + 0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45, + 0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01, + 0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D, + 0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79, + 0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44, + 0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1, + 0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04, + 0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E, + 0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23, + 0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38, + 0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02, + 0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49, + 0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD, + 0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF, + 0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6, + 0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB, + 0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7, + 0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49, + 0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62, + 0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA, + 0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28, + 0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3, + 0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12, + 0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3, + 0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB, + 0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97, + 0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B, + 0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C, + 0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B, + 0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C, + 0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80, + 0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64, + 0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B, + 0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3, + 0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73, + 0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2, + 0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C, + 0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5, + 0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A, + 0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02, + 0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8, + 0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76, + 0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25, + 0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C, + 0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE, + 0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69, + 0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB, + 0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33, + 0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99, + 0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1, + 0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04, + 0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA, + 0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74, + 0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13, + 0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B, + 0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31, + 0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE, + 0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9, + 0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E, + 0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47, + 0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9, + 0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B, + 0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB, + 0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45, + 0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC, + 0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8, + 0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A, + 0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14, + 0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60, + 0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B, + 0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71, + 0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39, + 0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5, + 0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0, + 0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C, + 0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02, + 0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66, + 0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2, + 0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7, + 0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44, + 0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13, + 0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A, + 0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF, + 0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46, + 0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2, + 0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE, + 0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27, + 0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D, + 0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75, + 0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09, + 0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D, + 0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C, + 0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5, + 0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78, + 0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6, + 0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7, + 0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5, + 0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A, + 0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3, + 0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39, + 0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14, + 0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7, + 0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1, + 0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C, + 0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB, + 0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F, + 0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B, + 0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32, + 0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45, + 0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69, + 0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87, + 0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D, + 0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7, + 0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A, + 0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5, + 0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6, + 0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA, + 0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41, + 0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66, + 0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31, + 0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82, + 0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72, + 0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA, + 0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D, + 0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9, + 0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3, + 0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1, + 0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36, + 0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D, + 0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F, + 0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4, + 0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C, + 0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A, + 0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF, + 0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0, + 0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A, + 0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B, + 0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76, + 0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8, + 0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA, + 0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3, + 0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F, + 0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4, + 0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50, + 0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E, + 0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72, + 0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47, + 0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52, + 0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0, + 0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A, + 0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A, + 0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD, + 0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF, + 0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B, + 0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8, + 0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66, + 0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55, + 0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE, + 0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED +#else + 0x30, 0x82, 0x0a, 0x32, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x13, 0x03, 0x82, 0x0a, 0x21, 0x00, + 0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF, + 0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4, + 0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA, + 0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00, + 0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5, + 0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19, + 0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41, + 0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF, + 0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A, + 0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B, + 0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96, + 0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18, + 0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4, + 0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39, + 0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E, + 0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76, + 0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D, + 0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24, + 0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08, + 0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9, + 0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E, + 0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28, + 0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5, + 0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06, + 0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B, + 0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92, + 0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D, + 0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20, + 0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87, + 0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17, + 0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C, + 0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5, + 0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2, + 0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34, + 0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B, + 0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9, + 0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8, + 0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E, + 0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35, + 0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7, + 0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C, + 0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74, + 0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7, + 0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1, + 0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9, + 0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97, + 0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2, + 0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB, + 0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D, + 0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1, + 0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4, + 0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE, + 0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32, + 0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61, + 0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26, + 0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3, + 0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43, + 0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2, + 0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA, + 0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F, + 0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4, + 0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45, + 0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F, + 0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A, + 0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95, + 0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B, + 0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07, + 0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92, + 0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C, + 0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60, + 0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F, + 0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2, + 0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9, + 0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85, + 0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55, + 0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71, + 0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00, + 0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD, + 0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D, + 0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20, + 0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF, + 0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55, + 0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5, + 0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6, + 0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B, + 0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2, + 0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A, + 0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82, + 0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B, + 0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00, + 0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B, + 0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7, + 0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1, + 0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C, + 0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67, + 0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8, + 0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95, + 0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC, + 0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A, + 0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D, + 0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF, + 0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE, + 0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79, + 0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35, + 0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E, + 0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC, + 0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD, + 0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9, + 0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3, + 0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA, + 0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A, + 0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88, + 0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85, + 0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE, + 0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F, + 0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B, + 0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33, + 0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71, + 0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1, + 0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08, + 0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00, + 0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F, + 0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43, + 0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82, + 0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8, + 0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25, + 0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8, + 0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26, + 0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B, + 0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0, + 0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E, + 0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11, + 0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F, + 0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16, + 0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17, + 0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50, + 0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E, + 0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF, + 0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E, + 0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80, + 0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8, + 0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10, + 0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95, + 0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1, + 0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60, + 0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2, + 0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE, + 0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C, + 0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA, + 0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E, + 0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61, + 0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E, + 0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87, + 0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8, + 0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82, + 0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A, + 0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41, + 0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87, + 0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59, + 0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63, + 0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94, + 0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78, + 0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B, + 0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89, + 0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63, + 0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24, + 0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F, + 0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36, + 0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F, + 0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8, + 0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6, + 0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1, + 0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED, + 0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC, + 0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA, + 0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC, + 0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31, + 0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB, + 0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40, + 0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A, + 0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47, + 0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C, + 0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90, + 0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1, + 0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5, + 0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42, + 0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61, + 0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79, + 0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75, + 0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A, + 0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A, + 0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07, + 0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51, + 0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0, + 0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5, + 0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA, + 0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C, + 0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87, + 0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6, + 0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8, + 0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB, + 0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD, + 0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49, + 0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0, + 0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8, + 0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB, + 0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6, + 0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0, + 0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62, + 0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B, + 0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87, + 0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F, + 0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE, + 0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B, + 0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1, + 0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93, + 0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD, + 0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F, + 0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F, + 0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78, + 0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09, + 0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE, + 0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4, + 0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC, + 0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D, + 0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22, + 0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C, + 0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4, + 0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98, + 0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22, + 0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2, + 0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71, + 0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7, + 0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04, + 0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E, + 0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B, + 0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D, + 0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF, + 0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6, + 0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB, + 0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5, + 0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3, + 0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46, + 0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D, + 0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2, + 0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C, + 0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C, + 0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C, + 0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C, + 0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA, + 0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16, + 0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53, + 0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31, + 0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2, + 0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C, + 0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86, + 0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85, + 0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24, + 0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44, + 0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68, + 0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06, + 0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93, + 0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2, + 0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0, + 0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7, + 0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04, + 0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17, + 0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14, + 0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A, + 0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C, + 0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A, + 0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2, + 0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46, + 0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D, + 0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C, + 0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32, + 0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA, + 0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B, + 0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C, + 0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E, + 0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00, + 0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55, + 0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A, + 0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E, + 0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29, + 0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33, + 0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B, + 0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D, + 0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61, + 0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42, + 0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4, + 0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF, + 0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87, + 0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2, + 0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2, + 0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5, + 0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42, + 0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8, + 0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C, + 0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68, + 0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB, + 0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1, + 0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5, + 0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE, + 0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4, + 0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77, + 0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98, + 0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A, + 0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D, + 0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97, + 0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79, + 0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA, + 0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97, + 0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33, + 0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58, + 0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61, + 0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C, + 0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6, + 0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B, + 0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55, + 0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55, + 0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65, + 0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53, + 0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9 +#endif + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT static const unsigned char dilithium_public_der[] = { #ifndef WOLFSSL_NO_ML_DSA_44 0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b, @@ -33848,6 +34595,7 @@ static const unsigned char dilithium_public_der[] = { #endif }; #endif +#endif static int test_wc_dilithium_public_der_decode(void) { @@ -33871,9 +34619,21 @@ static int test_wc_dilithium_public_der_decode(void) ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); #else ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(ml_dsa_public_der, &idx, key, + (word32)sizeof(ml_dsa_public_der)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + idx = 0; +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); #endif ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key, (word32)sizeof(dilithium_public_der)), 0); +#endif wc_dilithium_free(key); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -33900,19 +34660,19 @@ static int test_wc_dilithium_der(void) #ifndef WOLFSSL_NO_ML_DSA_44 pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; - pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 24; - privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 30; - keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 34; + pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 32; #elif !defined(WOLFSSL_NO_ML_DSA_65) pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; - pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 24; - privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 30; - keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 34; + pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 32; #else pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; - pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 24; - privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 30; - keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 34; + pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 32; #endif key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -34089,7 +34849,6 @@ static int test_wc_dilithium_make_key_from_seed(void) #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) dilithium_key* key; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 static const byte seed_44[] = { 0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99, @@ -36294,15 +37053,15 @@ static int test_wc_dilithium_make_key_from_seed(void) 0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7 }; #endif /* WOLFSSL_NO_ML_DSA_87 */ -#else +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 - static const byte seed_44[] = { + static const byte seed_44_draft[] = { 0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47, 0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35, 0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24, 0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69 }; - static const byte pk_44[] = { + static const byte pk_44_draft[] = { 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, @@ -36468,7 +37227,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04, 0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17 }; - static const byte sk_44[] = { + static const byte sk_44_draft[] = { 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, @@ -36792,13 +37551,13 @@ static int test_wc_dilithium_make_key_from_seed(void) }; #endif /* !WOLFSSL_NO_ML_DSA_44 */ #ifndef WOLFSSL_NO_ML_DSA_65 - static const byte seed_65[] = { + static const byte seed_65_draft[] = { 0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F, 0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7, 0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE, 0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B }; - static const byte pk_65[] = { + static const byte pk_65_draft[] = { 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, @@ -37044,7 +37803,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34, 0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18 }; - static const byte sk_65[] = { + static const byte sk_65_draft[] = { 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, @@ -37552,13 +38311,13 @@ static int test_wc_dilithium_make_key_from_seed(void) }; #endif /* WOLFSSL_NO_ML_DSA_65 */ #ifndef WOLFSSL_NO_ML_DSA_87 - static const byte seed_87[] = { + static const byte seed_87_draft[] = { 0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C, 0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B, 0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F, 0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8 }; - static const byte pk_87[] = { + static const byte pk_87_draft[] = { 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, @@ -37884,7 +38643,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E, 0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39 }; - static const byte sk_87[] = { + static const byte sk_87_draft[] = { 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, @@ -38514,18 +39273,36 @@ static int test_wc_dilithium_make_key_from_seed(void) ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0); ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_65 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0); ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_87 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0); ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0); +#endif #endif wc_dilithium_free(key); @@ -38538,8 +39315,7 @@ static int test_wc_dilithium_sig_kats(void) { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + !defined(WOLFSSL_DILITHIUM_NO_SIGN) dilithium_key* key; #ifndef WOLFSSL_NO_ML_DSA_44 static const byte sk_44[] = { @@ -43356,7 +44132,6 @@ static int test_wc_dilithium_verify_kats(void) !defined(WOLFSSL_DILITHIUM_NO_VERIFY) dilithium_key* key; int res; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 static const byte pk_44[] = { 0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37, @@ -45457,9 +46232,9 @@ static int test_wc_dilithium_verify_kats(void) 0x29, 0x2E, 0x36 }; #endif -#else +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 - static const byte pk_44[] = { + static const byte pk_44_draft[] = { 0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96, 0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9, 0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C, @@ -45625,7 +46400,7 @@ static int test_wc_dilithium_verify_kats(void) 0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9, 0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4 }; - static const byte msg_44[] = { + static const byte msg_44_draft[] = { 0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B, 0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA, 0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A, @@ -45643,7 +46418,7 @@ static int test_wc_dilithium_verify_kats(void) 0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D, 0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D }; - static const byte sig_44[] = { + static const byte sig_44_draft[] = { 0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1, 0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17, 0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5, @@ -45950,7 +46725,7 @@ static int test_wc_dilithium_verify_kats(void) }; #endif #ifndef WOLFSSL_NO_ML_DSA_65 - static const byte pk_65[] = { + static const byte pk_65_draft[] = { 0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52, 0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83, 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, @@ -46196,7 +46971,7 @@ static int test_wc_dilithium_verify_kats(void) 0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34, 0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6 }; - static const byte msg_65[] = { + static const byte msg_65_draft[] = { 0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F, 0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37, 0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44, @@ -46226,7 +47001,7 @@ static int test_wc_dilithium_verify_kats(void) 0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2, 0x8E, 0x99, 0xBB }; - static const byte sig_65[] = { + static const byte sig_65_draft[] = { 0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30, 0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96, 0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90, @@ -46644,7 +47419,7 @@ static int test_wc_dilithium_verify_kats(void) }; #endif #ifndef WOLFSSL_NO_ML_DSA_87 - static const byte pk_87[] = { + static const byte pk_87_draft[] = { 0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1, 0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D, 0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21, @@ -46970,12 +47745,12 @@ static int test_wc_dilithium_verify_kats(void) 0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12, 0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12 }; - static const byte msg_87[] = { + static const byte msg_87_draft[] = { 0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77, 0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89, 0xC4, 0xC3, 0xED, 0x36 }; - static const byte sig_87[] = { + static const byte sig_87_draft[] = { 0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA, 0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06, 0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB, @@ -47574,6 +48349,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44, (word32)sizeof(msg_44), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44_draft, + (word32)sizeof(pk_44_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft, + (word32)sizeof(sig_44_draft), msg_44_draft, + (word32)sizeof(msg_44_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_65 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); @@ -47582,6 +48366,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65, (word32)sizeof(msg_65), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65_draft, + (word32)sizeof(pk_65_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft, + (word32)sizeof(sig_65_draft), msg_65_draft, + (word32)sizeof(msg_65_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_87 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); @@ -47590,6 +48383,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87, (word32)sizeof(msg_87), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87_draft, + (word32)sizeof(pk_87_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft, + (word32)sizeof(sig_87_draft), msg_87_draft, + (word32)sizeof(msg_87_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif wc_dilithium_free(key); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bea4c89d0..334bb8d5f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4233,6 +4233,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FACON */ #ifdef HAVE_DILITHIUM +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte sigDilithium_Level2Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; @@ -4244,6 +4245,19 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte sigDilithium_Level5Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; +#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + + /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */ + static const byte sigMlDsa_Level2Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 17}; + + /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */ + static const byte sigMlDsa_Level3Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 18}; + + /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */ + static const byte sigMlDsa_Level5Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 19}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4307,6 +4321,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte keyDilithium_Level2Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; @@ -4318,6 +4333,19 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte keyDilithium_Level5Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; +#endif + + /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */ + static const byte keyMlDsa_Level2Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 17}; + + /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */ + static const byte keyMlDsa_Level3Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 18}; + + /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */ + static const byte keyMlDsa_Level5Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 19}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4861,7 +4889,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(sigFalcon_Level5Oid); break; #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM + #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case CTC_DILITHIUM_LEVEL2: oid = sigDilithium_Level2Oid; *oidSz = sizeof(sigDilithium_Level2Oid); @@ -4874,7 +4903,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = sigDilithium_Level5Oid; *oidSz = sizeof(sigDilithium_Level5Oid); break; - #endif /* HAVE_DILITHIUM */ + #endif + case CTC_ML_DSA_LEVEL2: + oid = sigMlDsa_Level2Oid; + *oidSz = sizeof(sigMlDsa_Level2Oid); + break; + case CTC_ML_DSA_LEVEL3: + oid = sigMlDsa_Level3Oid; + *oidSz = sizeof(sigMlDsa_Level3Oid); + break; + case CTC_ML_DSA_LEVEL5: + oid = sigMlDsa_Level5Oid; + *oidSz = sizeof(sigMlDsa_Level5Oid); + break; + #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case CTC_SPHINCS_FAST_LEVEL1: oid = sigSphincsFast_Level1Oid; @@ -4972,7 +5014,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(keyFalcon_Level5Oid); break; #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM + #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: oid = keyDilithium_Level2Oid; *oidSz = sizeof(keyDilithium_Level2Oid); @@ -4985,7 +5028,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = keyDilithium_Level5Oid; *oidSz = sizeof(keyDilithium_Level5Oid); break; - #endif /* HAVE_DILITHIUM */ + #endif + case ML_DSA_LEVEL2k: + oid = keyMlDsa_Level2Oid; + *oidSz = sizeof(keyMlDsa_Level2Oid); + break; + case ML_DSA_LEVEL3k: + oid = keyMlDsa_Level3Oid; + *oidSz = sizeof(keyMlDsa_Level3Oid); + break; + case ML_DSA_LEVEL5k: + oid = keyMlDsa_Level5Oid; + *oidSz = sizeof(keyMlDsa_Level5Oid); + break; + #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1k: oid = keySphincsFast_Level1Oid; @@ -7712,9 +7768,15 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((ks == DILITHIUM_LEVEL2k) || - (ks == DILITHIUM_LEVEL3k) || - (ks == DILITHIUM_LEVEL5k)) { + if ((ks == ML_DSA_LEVEL2k) || + (ks == ML_DSA_LEVEL3k) || + (ks == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (ks == DILITHIUM_LEVEL2k) + || (ks == DILITHIUM_LEVEL3k) + || (ks == DILITHIUM_LEVEL5k) + #endif + ) { #ifdef WOLFSSL_SMALL_STACK dilithium_key* key_pair = NULL; #else @@ -7736,15 +7798,27 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return ret; } - if (ks == DILITHIUM_LEVEL2k) { - ret = wc_dilithium_set_level(key_pair, 2); + + if (ks == ML_DSA_LEVEL2k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44); + } + else if (ks == ML_DSA_LEVEL3k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65); + } + else if (ks == ML_DSA_LEVEL5k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87); + } + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (ks == DILITHIUM_LEVEL2k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44_DRAFT); } else if (ks == DILITHIUM_LEVEL3k) { - ret = wc_dilithium_set_level(key_pair, 3); + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65_DRAFT); } else if (ks == DILITHIUM_LEVEL5k) { - ret = wc_dilithium_set_level(key_pair, 5); + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87_DRAFT); } + #endif if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -8230,31 +8304,28 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, if (wc_dilithium_init(dilithium) != 0) { tmpIdx = 0; - if (wc_dilithium_set_level(dilithium, 2) - == 0) { + if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL2k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL2k; } else { WOLFSSL_MSG("Not Dilithium Level 2 DER key"); } } - else if (wc_dilithium_set_level(dilithium, 3) - == 0) { + else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL3k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL3k; } else { WOLFSSL_MSG("Not Dilithium Level 3 DER key"); } } - else if (wc_dilithium_set_level(dilithium, 5) - == 0) { + else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL5k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL5k; } else { WOLFSSL_MSG("Not Dilithium Level 5 DER key"); @@ -12744,16 +12815,15 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: - cert->pkCurveOID = DILITHIUM_LEVEL2k; - ret = StoreKey(cert, source, &srcIdx, maxIdx); - break; case DILITHIUM_LEVEL3k: - cert->pkCurveOID = DILITHIUM_LEVEL3k; - ret = StoreKey(cert, source, &srcIdx, maxIdx); - break; case DILITHIUM_LEVEL5k: - cert->pkCurveOID = DILITHIUM_LEVEL5k; + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + cert->pkCurveOID = cert->keyOID; ret = StoreKey(cert, source, &srcIdx, maxIdx); break; #endif /* HAVE_DILITHIUM */ @@ -16114,9 +16184,14 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) || (algoOID == FALCON_LEVEL5k) #endif #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT || (algoOID == DILITHIUM_LEVEL2k) || (algoOID == DILITHIUM_LEVEL3k) || (algoOID == DILITHIUM_LEVEL5k) + #endif + || (algoOID == ML_DSA_LEVEL2k) + || (algoOID == ML_DSA_LEVEL3k) + || (algoOID == ML_DSA_LEVEL5k) #endif #ifdef HAVE_SPHINCS || (algoOID == SPHINCS_FAST_LEVEL1k) @@ -16475,9 +16550,14 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: wc_dilithium_free(sigCtx->key.dilithium); XFREE(sigCtx->key.dilithium, sigCtx->heap, DYNAMIC_TYPE_DILITHIUM); @@ -16649,9 +16729,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, break; #endif #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case CTC_DILITHIUM_LEVEL2: case CTC_DILITHIUM_LEVEL3: case CTC_DILITHIUM_LEVEL5: + #endif + case CTC_ML_DSA_LEVEL2: + case CTC_ML_DSA_LEVEL3: + case CTC_ML_DSA_LEVEL5: /* Hashes done in signing operation. */ break; #endif @@ -17103,83 +17188,55 @@ static int ConfirmSignature(SignatureCtx* sigCtx, #if defined(HAVE_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ !defined(WOLFSSL_DILITHIUM_NO_ASN1) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: - { - word32 idx = 0; - sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); - if (sigCtx->key.dilithium == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); - } - if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { - goto exit_cs; - } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 2)) - < 0) { - goto exit_cs; - } - if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, - sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 2"); - goto exit_cs; - } - break; - } case DILITHIUM_LEVEL3k: - { - word32 idx = 0; - sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); - if (sigCtx->key.dilithium == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); - } - if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { - goto exit_cs; - } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 3)) - < 0) { - goto exit_cs; - } - if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, - sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 3"); - goto exit_cs; - } - break; - } case DILITHIUM_LEVEL5k: + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: { word32 idx = 0; + int level; + if (keyOID == ML_DSA_LEVEL2k) { + level = WC_ML_DSA_44; + } + else if (keyOID == ML_DSA_LEVEL3k) { + level = WC_ML_DSA_65; + } + else if (keyOID == ML_DSA_LEVEL5k) { + level = WC_ML_DSA_87; + } + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (keyOID == DILITHIUM_LEVEL2k) { + level = WC_ML_DSA_44_DRAFT; + } + else if (keyOID == DILITHIUM_LEVEL3k) { + level = WC_ML_DSA_65_DRAFT; + } + else if (keyOID == DILITHIUM_LEVEL5k) { + level = WC_ML_DSA_87_DRAFT; + } + #endif sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); + sigCtx->key.dilithium = (dilithium_key*)XMALLOC( + sizeof(dilithium_key), sigCtx->heap, + DYNAMIC_TYPE_DILITHIUM); if (sigCtx->key.dilithium == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { + sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 5)) - < 0) { + if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium, + level)) < 0) { goto exit_cs; } if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 5"); + WOLFSSL_MSG("ASN Key import error Dilithium"); goto exit_cs; } break; @@ -17509,6 +17566,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: @@ -17518,6 +17576,15 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->key.dilithium); break; } + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + { + ret = wc_dilithium_verify_ctx_msg(sig, sigSz, NULL, 0, buf, + bufSz, &sigCtx->verify, sigCtx->key.dilithium); + break; + } #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) case SPHINCS_FAST_LEVEL1k: @@ -17712,39 +17779,22 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: - { - if (sigCtx->verify == 1) { - ret = 0; - } - else { - WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match"); - ret = ASN_SIG_CONFIRM_E; - } - break; - } case DILITHIUM_LEVEL3k: - { - if (sigCtx->verify == 1) { - ret = 0; - } - else { - WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match"); - ret = ASN_SIG_CONFIRM_E; - } - break; - } case DILITHIUM_LEVEL5k: - { + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: if (sigCtx->verify == 1) { ret = 0; } else { - WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match"); + WOLFSSL_MSG("DILITHIUM Verify didn't match"); ret = ASN_SIG_CONFIRM_E; } break; - } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1k: @@ -24720,12 +24770,20 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----"; wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----"; wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----"; + #endif + wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----"; + wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----"; + wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; @@ -24876,6 +24934,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_TYPE: if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV; if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV; @@ -24891,6 +24950,22 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV; ret = 0; break; + #endif + case ML_DSA_LEVEL2_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL2_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL2_PRIV; + ret = 0; + break; + case ML_DSA_LEVEL3_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL3_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL3_PRIV; + ret = 0; + break; + case ML_DSA_LEVEL5_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL5_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL5_PRIV; + ret = 0; + break; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1_TYPE: @@ -28782,9 +28857,14 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_KEY: case DILITHIUM_LEVEL3_KEY: case DILITHIUM_LEVEL5_KEY: + #endif + case ML_DSA_LEVEL2_KEY: + case ML_DSA_LEVEL3_KEY: + case ML_DSA_LEVEL5_KEY: ret = wc_Dilithium_PublicKeyToDer(dilithiumKey, output, (word32)outLen, 1); if (ret <= 0) { @@ -29606,9 +29686,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || - (cert->keyType == DILITHIUM_LEVEL3_KEY) || - (cert->keyType == DILITHIUM_LEVEL5_KEY)) { + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { if (dilithiumKey == NULL) return PUBLIC_KEY_E; @@ -30149,9 +30235,23 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && dilithiumKey) { word32 outSz = sigSz; - ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng); - if (ret == 0) - ret = outSz; + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { + ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, + rng); + if (ret == 0) + ret = outSz; + } + else + #endif + { + ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig, + &outSz, dilithiumKey, rng); + if (ret == 0) + ret = outSz; + } } #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) @@ -30386,12 +30486,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = FALCON_LEVEL5_KEY; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -30481,15 +30601,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) { + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -30794,12 +30931,20 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -31101,9 +31246,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || - (cert->keyType == DILITHIUM_LEVEL3_KEY) || - (cert->keyType == DILITHIUM_LEVEL5_KEY)) { + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { if (dilithiumKey == NULL) return PUBLIC_KEY_E; der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey, @@ -31455,12 +31606,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = FALCON_LEVEL5_KEY; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -31551,15 +31722,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) { + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -31771,12 +31959,20 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -31917,9 +32113,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, case FALCON_LEVEL5_TYPE: falconKey = (falcon_key*)key; break; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_TYPE: case DILITHIUM_LEVEL3_TYPE: case DILITHIUM_LEVEL5_TYPE: +#endif + case ML_DSA_LEVEL2_TYPE: + case ML_DSA_LEVEL3_TYPE: + case ML_DSA_LEVEL5_TYPE: dilithiumKey = (dilithium_key*)key; break; case SPHINCS_FAST_LEVEL1_TYPE: @@ -32020,12 +32221,20 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -32199,12 +32408,20 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key) falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -32252,12 +32469,20 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key) falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index da465efcc..06c6fcc2b 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -292,6 +292,44 @@ static const wc_dilithium_params dilithium_params[] = { PARAMS_ML_DSA_87_Z_ENC_SIZE, PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, #endif +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +#ifndef WOLFSSL_NO_ML_DSA_44 + { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L, + PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS, + PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA, + PARAMS_ML_DSA_44_LAMBDA, + PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2, + PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE, + PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE, + PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE, + PARAMS_ML_DSA_44_Z_ENC_SIZE, + PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L, + PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS, + PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA, + PARAMS_ML_DSA_65_LAMBDA, + PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2, + PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE, + PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE, + PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE, + PARAMS_ML_DSA_65_Z_ENC_SIZE, + PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L, + PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS, + PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA, + PARAMS_ML_DSA_87_LAMBDA, + PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2, + PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE, + PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE, + PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE, + PARAMS_ML_DSA_87_Z_ENC_SIZE, + PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, +#endif +#endif }; /* Number of ML-DSA parameter sets compiled in. */ #define DILITHIUM_PARAMS_CNT \ @@ -354,9 +392,6 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data, return ret; } -#if !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) || \ - (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ - !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) /* 256-bit hash using SHAKE-256. * * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) @@ -394,9 +429,7 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1, return ret; } -#endif -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) /* 256-bit hash of context and message using SHAKE-256. * @@ -586,7 +619,6 @@ static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen) return ret; } #endif -#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ #ifndef WOLFSSL_DILITHIUM_SMALL /* 128-bit hash using SHAKE-128. @@ -2772,8 +2804,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, * @return 0 on success. * @return Negative on hash error. */ -static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, - word32 seedLen, byte tau, sword32* c, byte* block) +static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block) { int ret = 0; unsigned int k; @@ -2786,14 +2818,18 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, XMEMSET(c, 0, DILITHIUM_POLY_SIZE); /* Generate a block of data from seed. */ -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - ret = dilithium_shake256(shake256, seed, seedLen, block, - DILITHIUM_GEN_C_BLOCK_BYTES); -#else - (void)seedLen; - ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, - DILITHIUM_GEN_C_BLOCK_BYTES); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (level >= WC_ML_DSA_DRAFT) { + ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } + else #endif + { + (void)level; + ret = dilithium_shake256(shake256, seed, seedLen, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } } if (ret == 0) { /* Copy first 8 bytes of first hash block as random sign bits. */ @@ -2850,8 +2886,8 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, - word32 seedLen, byte tau, sword32* c, void* heap) +static int dilithium_sample_in_ball(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap) { int ret = 0; #if defined(WOLFSSL_SMALL_STACK) @@ -2871,8 +2907,8 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, #endif if (ret == 0) { - ret = dilithium_sample_in_ball_ex(shake256, seed, seedLen, tau, c, - block); + ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau, + c, block); } #if defined(WOLFSSL_SMALL_STACK) @@ -5478,9 +5514,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) sword32* s2 = NULL; sword32* t = NULL; byte* pub_seed = key->k; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT byte kl[2]; -#endif /* Allocate memory for large intermediates. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A @@ -5541,19 +5575,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif if (ret == 0) { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - kl[0] = params->k; - kl[1] = params->l; - /* Step 1: Create public seed, private seed and K from seed. - * Step 9; Alg 24, Step 1: Public seed is placed into private key. */ - ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, - pub_seed, DILITHIUM_SEEDS_SZ); -#else - /* Step 2: Create public seed, private seed and K from seed. - * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ - ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, - DILITHIUM_SEEDS_SZ); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else #endif + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } } if (ret == 0) { /* Step 7; Alg 22 Step 1: Copy public seed into public key. */ @@ -5637,9 +5677,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) byte* pub_seed = key->k; unsigned int r; unsigned int s; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT byte kl[2]; -#endif /* Allocate memory for large intermediates. */ if (ret == 0) { @@ -5668,19 +5706,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) } if (ret == 0) { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - kl[0] = params->k; - kl[1] = params->l; - /* Step 1: Create public seed, private seed and K from seed. - * Step 9; Alg 24, Step 1: Public seed is placed into private key. */ - ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, - pub_seed, DILITHIUM_SEEDS_SZ); -#else - /* Step 2: Create public seed, private seed and K from seed. - * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ - ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, - DILITHIUM_SEEDS_SZ); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else #endif + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } } if (ret == 0) { byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; @@ -6150,8 +6194,8 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, - params->lambda / 4, params->tau, c, key->heap); + ret = dilithium_sample_in_ball(params->level, &key->shake, + commit, params->lambda / 4, params->tau, c, key->heap); } if (ret == 0) { sword32 hi; @@ -6561,8 +6605,9 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball_ex(&key->shake, commit, - params->lambda / 4, params->tau, c, blocks); + ret = dilithium_sample_in_ball_ex(params->level, + &key->shake, commit, params->lambda / 4, params->tau, c, + blocks); } if (ret == 0) { /* Step 18: NTT(c). */ @@ -6739,7 +6784,6 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, #endif } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a message with the key and a seed. * * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) @@ -6790,7 +6834,6 @@ static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key, return ret; } -#endif /* Sign a message with the key and a seed. * @@ -6840,7 +6883,6 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a message with the key and a random number generator. * * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) @@ -6904,7 +6946,6 @@ static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng, return ret; } -#endif /* Sign a message with the key and a random number generator. * @@ -6967,7 +7008,6 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a pre-hashed message with the key and a seed. * * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH) @@ -7088,7 +7128,6 @@ static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng, return ret; } -#endif #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ @@ -7268,8 +7307,8 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, } if ((ret == 0) && valid) { /* Step 9: Compute c from commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, params->lambda / 4, - params->tau, c, key->heap); + ret = dilithium_sample_in_ball(params->level, &key->shake, commit, + params->lambda / 4, params->tau, c, key->heap); } if ((ret == 0) && valid) { /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ @@ -7386,10 +7425,10 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, /* Step 9: Compute c from first 256 bits of commit. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_sample_in_ball_ex(&key->shake, commit, + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, params->lambda / 4, params->tau, c, key->block); #else - ret = dilithium_sample_in_ball_ex(&key->shake, commit, + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, params->lambda / 4, params->tau, c, block); #endif } @@ -7553,7 +7592,6 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, #endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify signature of message using public key. * * @param [in, out] key Dilithium key. @@ -7599,7 +7637,6 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx, return ret; } -#endif /* Verify signature of message using public key. * @@ -7644,7 +7681,6 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify signature of message using public key. * * @param [in, out] key Dilithium key. @@ -7699,7 +7735,6 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, return ret; } -#endif #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ #elif defined(HAVE_LIBOQS) @@ -7779,18 +7814,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, /* check and set up out length */ if (ret == 0) { if ((key->level == WC_ML_DSA_44) && - (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL2_SIG_SIZE; + (*sigLen < ML_DSA_LEVEL2_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL2_SIG_SIZE; ret = BUFFER_E; } else if ((key->level == WC_ML_DSA_65) && - (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL3_SIG_SIZE; + (*sigLen < ML_DSA_LEVEL3_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL3_SIG_SIZE; ret = BUFFER_E; } else if ((key->level == WC_ML_DSA_87) && - (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL5_SIG_SIZE; + (*sigLen < ML_DSA_LEVEL5_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL5_SIG_SIZE; ret = BUFFER_E; } localOutLen = *sigLen; @@ -7945,7 +7980,6 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif #ifndef WOLFSSL_DILITHIUM_NO_SIGN -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message using the dilithium private key. * * ctx [in] Context of signature. @@ -8002,7 +8036,6 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, return ret; } -#endif /* Sign the message using the dilithium private key. * @@ -8054,7 +8087,6 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message hash using the dilithium private key. * * ctx [in] Context of signature. @@ -8145,7 +8177,6 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, return ret; } -#endif /* Sign the message using the dilithium private key. * @@ -8183,7 +8214,6 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message using the dilithium private key. * * ctx [in] Context of signature. @@ -8230,11 +8260,9 @@ int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen, return ret; } -#endif #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -8278,7 +8306,6 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, return ret; } -#endif /* Verify the message using the dilithium public key. * @@ -8330,7 +8357,6 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -8377,7 +8403,6 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, return ret; } -#endif #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ /* Initialize the dilithium private/public key. @@ -8498,8 +8523,17 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) if (key == NULL) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) && - (level != WC_ML_DSA_87)) { + if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) || + (level == WC_ML_DSA_87))) { + /* Nothing to do. */ + } +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) || + (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) { + /* Nothing to do. */ + } +#endif + else { ret = BAD_FUNC_ARG; } @@ -8532,7 +8566,7 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) #endif /* WOLFSSL_WC_DILITHIUM */ /* Store level and indicate public and private key are not set. */ - key->level = level; + key->level = level % WC_ML_DSA_DRAFT; key->pubKeySet = 0; key->prvKeySet = 0; } @@ -8607,15 +8641,30 @@ int wc_dilithium_size(dilithium_key* key) int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_KEY_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_KEY_SIZE; + } } return ret; @@ -8633,15 +8682,29 @@ int wc_dilithium_priv_size(dilithium_key* key) int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE; } + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_PRV_KEY_SIZE; + } } return ret; @@ -8680,15 +8743,30 @@ int wc_dilithium_pub_size(dilithium_key* key) int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_PUB_KEY_SIZE; + } } return ret; @@ -8726,15 +8804,30 @@ int wc_dilithium_sig_size(dilithium_key* key) int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_SIG_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_SIG_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_SIG_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_SIG_SIZE; + } } return ret; @@ -8947,7 +9040,11 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) if (ret == 0) { /* Get length passed in for checking. */ inLen = *outLen; - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -8955,7 +9052,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -8963,7 +9060,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -8971,6 +9068,32 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } + else + #endif + if (key->level == WC_ML_DSA_44) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL2_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL3_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL5_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9009,24 +9132,48 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) ret = BAD_FUNC_ARG; } if (ret == 0) { - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } + else + #endif + if (key->level == WC_ML_DSA_44) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL2_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL3_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL5_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9109,9 +9256,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, #endif /* Validate parameters. */ - if ((privSz != DILITHIUM_LEVEL2_KEY_SIZE) && - (privSz != DILITHIUM_LEVEL3_KEY_SIZE) && - (privSz != DILITHIUM_LEVEL5_KEY_SIZE)) { + if ((privSz != ML_DSA_LEVEL2_KEY_SIZE) && + (privSz != ML_DSA_LEVEL3_KEY_SIZE) && + (privSz != ML_DSA_LEVEL5_KEY_SIZE)) { ret = BAD_FUNC_ARG; } @@ -9277,15 +9424,30 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, if (ret == 0) { inLen = *outLen; /* check and set up out length */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { *outLen = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { *outLen = DILITHIUM_LEVEL3_KEY_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { *outLen = DILITHIUM_LEVEL5_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + *outLen = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + *outLen = ML_DSA_LEVEL3_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + *outLen = ML_DSA_LEVEL5_KEY_SIZE; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9370,15 +9532,30 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9392,24 +9569,48 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, } if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ - if ((key->level == WC_ML_DSA_44) && + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if ((key->params->level == WC_ML_DSA_44_DRAFT) && (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if ((key->level == WC_ML_DSA_65) && + else if ((key->params->level == WC_ML_DSA_65_DRAFT) && (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if ((key->level == WC_ML_DSA_87) && + else if ((key->params->level == WC_ML_DSA_87_DRAFT) && (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if ((key->level == WC_ML_DSA_44) && + (privKeyLen == ML_DSA_LEVEL2_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL2_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_65) && + (privKeyLen == ML_DSA_LEVEL3_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL3_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_87) && + (privKeyLen == ML_DSA_LEVEL5_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL5_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; + } } if (ret == 0) { @@ -9444,23 +9645,38 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, #if defined(WOLFSSL_DILITHIUM_NO_ASN1) #ifndef WOLFSSL_NO_ML_DSA_44 +static unsigned char ml_dsa_oid_44[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) static unsigned char dilithium_oid_44[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x04, 0x04 }; #endif +#endif #ifndef WOLFSSL_NO_ML_DSA_65 +static unsigned char ml_dsa_oid_65[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) static unsigned char dilithium_oid_65[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x06, 0x05 }; #endif +#endif #ifndef WOLFSSL_NO_ML_DSA_87 +static unsigned char ml_dsa_oid_87[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) static unsigned char dilithium_oid_87[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x08, 0x07 }; #endif +#endif static int dilitihium_get_der_length(const byte* input, word32* inOutIdx, int *length, word32 inSz) @@ -9577,15 +9793,30 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) /* Get OID sum for level. */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9597,27 +9828,54 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, } #else /* Get OID sum for level. */ + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else #ifndef WOLFSSL_NO_ML_DSA_44 - if (key->level == WC_ML_DSA_44) { + if (key->params->level == WC_ML_DSA_44_DRAFT) { oid = dilithium_oid_44; oidLen = (int)sizeof(dilithium_oid_44); } else #endif #ifndef WOLFSSL_NO_ML_DSA_65 - if (key->level == WC_ML_DSA_65) { + if (key->params->level == WC_ML_DSA_65_DRAFT) { oid = dilithium_oid_65; oidLen = (int)sizeof(dilithium_oid_65); } else #endif #ifndef WOLFSSL_NO_ML_DSA_87 - if (key->level == WC_ML_DSA_87) { + if (key->params->level == WC_ML_DSA_87_DRAFT) { oid = dilithium_oid_87; oidLen = (int)sizeof(dilithium_oid_87); } else #endif + #endif + #ifndef WOLFSSL_NO_ML_DSA_44 + if (key->level == WC_ML_DSA_44) { + oid = ml_dsa_oid_44; + oidLen = (int)sizeof(ml_dsa_oid_44); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + if (key->level == WC_ML_DSA_65) { + oid = ml_dsa_oid_65; + oidLen = (int)sizeof(ml_dsa_oid_65); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_87 + if (key->level == WC_ML_DSA_87) { + oid = ml_dsa_oid_87; + oidLen = (int)sizeof(ml_dsa_oid_87); + } + else + #endif { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9708,18 +9966,36 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, if (ret == 0) { /* Get OID and length for level. */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -9762,18 +10038,36 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len) /* Validate parameters and check public and private key set. */ if ((key != NULL) && key->prvKeySet && key->pubKeySet) { /* Create DER for level. */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p, DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p, DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p, DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k); } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, key->p, + ML_DSA_LEVEL2_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, key->p, + ML_DSA_LEVEL3_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, key->p, + ML_DSA_LEVEL5_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k); + } } return ret; @@ -9798,18 +10092,36 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len) /* Validate parameters and check private key set. */ if ((key != NULL) && key->prvKeySet) { /* Create DER for level. */ - if (key->level == WC_ML_DSA_44) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == WC_ML_DSA_65) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == WC_ML_DSA_87) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL5k); } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL5k); + } } return ret; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ca8094ea1..9c9208a2a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -42108,13 +42108,17 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, - (word32)sizeof(msg), &res, key); -#else - ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, - key); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (param >= WC_ML_DSA_DRAFT) { + ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), + &res, key); + } + else #endif + { + ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, + (word32)sizeof(msg), &res, key); + } if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (res != 1) @@ -42129,7 +42133,6 @@ out: static wc_test_ret_t dilithium_param_44_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04, 0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f, 0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc, @@ -42240,7 +42243,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c, 0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5, 0x70, 0x8d, 0x8b, 0x9c -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = { 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, @@ -42373,10 +42378,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77, 0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1, 0xfe, 0x4b -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4, 0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc, 0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68, @@ -42579,7 +42583,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f, 0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = { 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, @@ -42822,12 +42828,22 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46 -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig, (word32)sizeof(ml_dsa_44_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT, + ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key), + ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig)); + } +#endif + + return ret; } #endif @@ -42835,7 +42851,6 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) static wc_test_ret_t dilithium_param_65_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd, 0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6, 0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62, @@ -42999,7 +43014,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8, 0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0, 0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = { 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, @@ -43196,10 +43213,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27, 0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14, 0x1b, 0x10 -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38, 0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52, 0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6, @@ -43476,7 +43492,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = { 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, @@ -43808,12 +43826,22 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28 -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig, (word32)sizeof(ml_dsa_65_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT, + ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key), + ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig)); + } +#endif + + return ret; } #endif @@ -43821,7 +43849,6 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) static wc_test_ret_t dilithium_param_87_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e, 0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04, 0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87, @@ -44038,7 +44065,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2, 0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50, 0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = { 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, @@ -44299,10 +44328,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40, 0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95, 0x0a, 0x93 -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f, 0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b, 0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba, @@ -44689,7 +44717,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = { 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, @@ -45153,12 +45183,22 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig, (word32)sizeof(ml_dsa_87_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT, + ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key), + ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig)); + } +#endif + + return ret; } #endif #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index cc7073101..0ab2cb73f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1186,6 +1186,9 @@ enum Key_Sum { DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ + ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */ + ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */ + ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */ SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ @@ -2468,6 +2471,9 @@ enum cert_enums { DILITHIUM_LEVEL2_KEY = 18, DILITHIUM_LEVEL3_KEY = 19, DILITHIUM_LEVEL5_KEY = 20, + ML_DSA_LEVEL2_KEY = 21, + ML_DSA_LEVEL3_KEY = 22, + ML_DSA_LEVEL5_KEY = 23, SPHINCS_FAST_LEVEL1_KEY = 24, SPHINCS_FAST_LEVEL3_KEY = 25, SPHINCS_FAST_LEVEL5_KEY = 26, diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 83ef40eb4..50663e8fd 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -171,6 +171,9 @@ enum CertType { DILITHIUM_LEVEL2_TYPE, DILITHIUM_LEVEL3_TYPE, DILITHIUM_LEVEL5_TYPE, + ML_DSA_LEVEL2_TYPE, + ML_DSA_LEVEL3_TYPE, + ML_DSA_LEVEL5_TYPE, SPHINCS_FAST_LEVEL1_TYPE, SPHINCS_FAST_LEVEL3_TYPE, SPHINCS_FAST_LEVEL5_TYPE, @@ -223,6 +226,9 @@ enum Ctc_SigType { CTC_DILITHIUM_LEVEL2 = 218, CTC_DILITHIUM_LEVEL3 = 221, CTC_DILITHIUM_LEVEL5 = 225, + CTC_ML_DSA_LEVEL2 = 431, + CTC_ML_DSA_LEVEL3 = 432, + CTC_ML_DSA_LEVEL5 = 433, CTC_SPHINCS_FAST_LEVEL1 = 281, CTC_SPHINCS_FAST_LEVEL3 = 283, diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index 7f30679e5..eb68e2026 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -128,6 +128,26 @@ (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE) +#define ML_DSA_LEVEL2_KEY_SIZE 2560 +#define ML_DSA_LEVEL2_SIG_SIZE 2420 +#define ML_DSA_LEVEL2_PUB_KEY_SIZE 1312 +#define ML_DSA_LEVEL2_PRV_KEY_SIZE \ + (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE) + +#define ML_DSA_LEVEL3_KEY_SIZE 4032 +#define ML_DSA_LEVEL3_SIG_SIZE 3309 +#define ML_DSA_LEVEL3_PUB_KEY_SIZE 1952 +#define ML_DSA_LEVEL3_PRV_KEY_SIZE \ + (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE) + +#define ML_DSA_LEVEL5_KEY_SIZE 4896 +#define ML_DSA_LEVEL5_SIG_SIZE 4627 +#define ML_DSA_LEVEL5_PUB_KEY_SIZE 2592 +#define ML_DSA_LEVEL5_PRV_KEY_SIZE \ + (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE) + + + /* Modulus. */ #define DILITHIUM_Q 0x7fe001 /* Number of bits in modulus. */ @@ -496,6 +516,25 @@ #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) + +#define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key +#define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature +#define ML_DSA_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key +#define ML_DSA_LEVEL2_PRV_KEY_SIZE \ + (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE) + +#define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key +#define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature +#define ML_DSA_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key +#define ML_DSA_LEVEL3_PRV_KEY_SIZE \ + (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE) + +#define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key +#define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature +#define ML_DSA_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key +#define ML_DSA_LEVEL5_PRV_KEY_SIZE \ + (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE) + #endif #define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE @@ -760,10 +799,14 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#define WC_ML_DSA_DRAFT 10 #define WC_ML_DSA_44 2 #define WC_ML_DSA_65 3 #define WC_ML_DSA_87 5 +#define WC_ML_DSA_44_DRAFT (2 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_65_DRAFT (3 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_87_DRAFT (5 + WC_ML_DSA_DRAFT) #define DILITHIUM_ML_DSA_44_KEY_SIZE 2560 #define DILITHIUM_ML_DSA_44_SIG_SIZE 2420 From ea852c1c67863e6c44a896e23f9bcc60e67f7a0d Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Wed, 2 Oct 2024 17:21:50 +0200 Subject: [PATCH 077/325] missing argument --- src/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index b4e723a29..4fc15e53c 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1345,7 +1345,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, (sz + hashSz + (word32)padSz + 1), - (int)hashSz, myInner); + (int)hashSz, myInner, innerSz); } #else From cd6bea852b2d22c8489a6b1953c5ad8231932e2a Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 2 Oct 2024 09:54:48 -0700 Subject: [PATCH 078/325] Improve benchmark for Espressif devices --- wolfcrypt/benchmark/benchmark.c | 97 ++++++++++++++++++++++++++------- 1 file changed, 78 insertions(+), 19 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 60f500c43..3b2db7704 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -322,6 +322,11 @@ #error "Nano newlib formatting must not be enabled for benchmark" #endif #endif + #if ESP_IDF_VERSION_MAJOR >= 5 + #define TFMT "%lu" + #else + #define TFMT "%d" + #endif #ifdef configTICK_RATE_HZ /* Define CPU clock cycles per tick of FreeRTOS clock @@ -337,6 +342,27 @@ #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ #endif #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + /* This section is for pre-v5 ESP-IDF */ + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ + #else + /* TODO unsupported */ + #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */ + #endif #define CPU_TICK_CYCLES ( \ (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \ / configTICK_RATE_HZ \ @@ -354,9 +380,12 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) #include - #include "driver/gptimer.h" + #if ESP_IDF_VERSION_MAJOR >= 5 + #include + #endif #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG #define RESOLUTION_SCALE 100 + /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ static gptimer_handle_t esp_gptimer = NULL; static gptimer_config_t esp_timer_config = { .clk_src = GPTIMER_CLK_SRC_DEFAULT, @@ -375,6 +404,9 @@ #elif defined(CONFIG_IDF_TARGET_ESP8266) /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */ #include + #include + #include + #include #elif defined(CONFIG_IDF_TARGET_ESP32H2) /* TODO add ESP32-H2 benchmark support */ #else @@ -1446,10 +1478,16 @@ static const char* bench_result_words3[][5] = { thisTimerVal = thisTimerVal * RESOLUTION_SCALE; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ - thisVal = esp_cpu_get_cycle_count(); + #if ESP_IDF_VERSION_MAJOR >= 5 + thisVal = esp_cpu_get_cycle_count(); + #else + thisVal = cpu_hal_get_cycle_count(); + #endif #elif defined(CONFIG_IDF_TARGET_ESP32H2) thisVal = esp_cpu_get_cycle_count(); + #elif defined(CONFIG_IDF_TARGET_ESP8266) + thisVal = esp_timer_get_time(); #else /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa? * Calling current_time(1) to reset time causes thisVal overflow, @@ -1478,7 +1516,7 @@ static const char* bench_result_words3[][5] = { expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */ ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES); ESP_LOGV(TAG, "tickCount = %llu", tickCount); - ESP_LOGV(TAG, "last_tickCount = %u", last_tickCount); + ESP_LOGV(TAG, "last_tickCount = " TFMT, last_tickCount); ESP_LOGV(TAG, "tickDiff = %llu", tickDiff); ESP_LOGV(TAG, "expected_diff1 = %llu", expected_diff); } @@ -1514,9 +1552,16 @@ static const char* bench_result_words3[][5] = { /* double check expected diff calc */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) - * tickDiff / configTICK_RATE_HZ; - ESP_LOGI(TAG, "expected_diff2 = %llu", expected_diff); + #if defined(CONFIG_IDF_TARGET_ESP8266) + expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + #else + expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + + #endif + ESP_LOGI(TAG, "expected_diff2 = %llu", expected_diff); #endif if (expected_diff > UINT_MAX) { /* The number of cycles expected from FreeRTOS ticks is @@ -1540,7 +1585,7 @@ static const char* bench_result_words3[][5] = { ESP_LOGI(TAG, "expected_diff = %llu", expected_diff); ESP_LOGI(TAG, "tickBeginDiff = %llu", tickBeginDiff); - ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } #endif } @@ -1593,7 +1638,13 @@ static const char* bench_result_words3[][5] = { ESP_LOGI(TAG, "diffDiff = %llu", diffDiff); ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff); #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ - _esp_cpu_count_last = esp_cpu_get_cycle_count(); + + #if ESP_IDF_VERSION_MAJOR >= 5 + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif + ESP_LOGV(TAG, "_xthal_get_ccount_last = %llu", _esp_cpu_count_last); } #elif defined(CONFIG_IDF_TARGET_ESP32H2) @@ -2243,8 +2294,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start) #ifdef WOLFSSL_ESPIDF #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu, start=" FLT_FMT, - total_cycles, FLT_FMT_ARGS(*start) ); + ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu" + ", start=" FLT_FMT, + total_cycles, FLT_FMT_ARGS(*start) ); #endif BEGIN_ESP_CYCLES #else @@ -2264,12 +2316,14 @@ static WC_INLINE void bench_stats_start(int* count, double* start) static WC_INLINE int bench_stats_check(double start) { int ret = 0; - double this_current_time; + double this_current_time = 0.0; this_current_time = current_time(0); /* get the timestamp, no reset */ #if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF) - ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f", - this_current_time, start ); + #if defined(WOLFSSL_ESPIDF) + ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f", + this_current_time, start ); + #endif #endif ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC @@ -14179,8 +14233,13 @@ void bench_sphincsKeySign(byte level, byte optim) #ifdef __XTENSA__ _esp_cpu_count_last = xthal_get_ccount(); #else - esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); - _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #if ESP_IDF_VERSION_MAJOR >= 5 + esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + cpu_hal_set_cycle_count((uint32_t)0); + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif #endif } #endif @@ -14191,9 +14250,9 @@ void bench_sphincsKeySign(byte level, byte optim) typiclly in app_startup.c */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "tickCount = %d", tickCount); + ESP_LOGV(TAG, "tickCount = " TFMT, tickCount); if (tickCount == last_tickCount) { - ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount); + ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount); } if (tickCount < last_tickCount) { @@ -14203,13 +14262,13 @@ void bench_sphincsKeySign(byte level, byte optim) if (reset) { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount); + ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount); #endif last_tickCount = tickCount; } else { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount); + ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount); #endif } From 695914ed336d6c8c930860e3033f3766ed757122 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 3 Oct 2024 09:00:06 +1000 Subject: [PATCH 079/325] SP Maths: PowerPC ASM fix The instruction 'li' is a pseduo instruction for 'load immediate'. With some compilers, the immediate was interpretted R0[0]. Change to use XOR instead. --- wolfcrypt/src/sp_int.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index bb73fea2a..0f89d3151 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -3942,7 +3942,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, __asm__ __volatile__ ( \ "mulhwu %[h], %[a], %[b] \n\t" \ "mullw %[l], %[a], %[b] \n\t" \ - "li %[o], 0 \n\t" \ + "xor %[o], %[o], %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ : [a] "r" (va), [b] "r" (vb) \ ) @@ -4045,7 +4045,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, #define SP_ASM_SUBB(vl, vh, va) \ __asm__ __volatile__ ( \ "subfc %[l], %[a], %[l] \n\t" \ - "li 16, 0 \n\t" \ + "xor 16, 16, 16 \n\t" \ "subfe %[h], 16, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ : [a] "r" (va) \ From b81cc50a70fcefff0868d6e66b1308a00c13cf5b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 2 Oct 2024 19:19:39 -0500 Subject: [PATCH 080/325] src/internal.c: in ProcessReplyEx() in the verifyMessage case, refactor some gating/conditionalization around ATOMIC_USER, HAVE_ENCRYPT_THEN_MAC, atomicUser, and ssl->options.startedETMRead, to avoid "Logical disjunction always evaluates to true" from cppcheck incorrectLogicOperator (via multi-test cppcheck-force-source) (warned code introduced by 99a99e3d6e). --- src/internal.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index c66dfc4a3..c61dfb341 100644 --- a/src/internal.c +++ b/src/internal.c @@ -21730,16 +21730,19 @@ default: else #endif { -#ifdef HAVE_ENCRYPT_THEN_MAC - word16 startedETMRead = ssl->options.startedETMRead; -#else - word16 startedETMRead = 0; -#endif /* With atomicUser the callback should have already included * the mac in the padding size. The ETM callback doesn't do * this for some reason. */ - if (ssl->specs.cipher_type != aead && - (!atomicUser || startedETMRead)) { + if (ssl->specs.cipher_type != aead +#ifdef ATOMIC_USER + && (!atomicUser +#ifdef HAVE_ENCRYPT_THEN_MAC + || ssl->options.startedETMRead +#endif /* HAVE_ENCRYPT_THEN_MAC */ + ) +#endif /* !ATOMIC_USER */ + ) + { /* consider MAC as padding */ ssl->keys.padSz += MacSize(ssl); } From d2047986d9dcb7702510b1dc18ca9e6b4efed398 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 3 Jul 2024 17:30:34 +1000 Subject: [PATCH 081/325] Kyber ASM ARMv7E-M/ARMv7-M: added assembly code Improved performance by reworking kyber_ntt, kyber_invtt, kyber_basemul_mont, kyber_basemul_mont_add, kyber_rej_uniform_c to be in assembly. Replace WOLFSSL_SP_NO_UMAAL with WOLFSSL_ARM_ARCH_7M --- src/include.am | 9 + wolfcrypt/src/port/arm/thumb2-curve25519.S | 24 +- wolfcrypt/src/port/arm/thumb2-curve25519_c.c | 24 +- wolfcrypt/src/port/arm/thumb2-kyber-asm.S | 3903 +++++++++++++++++ wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c | 3851 ++++++++++++++++ wolfcrypt/src/port/arm/thumb2-poly1305-asm.S | 8 +- .../src/port/arm/thumb2-poly1305-asm_c.c | 8 +- wolfcrypt/src/sp_cortexm.c | 16 +- wolfcrypt/src/wc_kyber_poly.c | 32 +- wolfssl/wolfcrypt/wc_kyber.h | 16 + 10 files changed, 7843 insertions(+), 48 deletions(-) create mode 100644 wolfcrypt/src/port/arm/thumb2-kyber-asm.S create mode 100644 wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c diff --git a/src/include.am b/src/include.am index 8e1f16f89..ee33cd956 100644 --- a/src/include.am +++ b/src/include.am @@ -1192,6 +1192,15 @@ endif if BUILD_WC_KYBER src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c +if BUILD_ARMASM +if BUILD_ARM_THUMB +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm.S +endif !BUILD_ARMASM_INLINE +endif BUILD_ARM_THUMB +endif BUILD_ARMASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S index 42da2f45f..239203e48 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519.S +++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S @@ -1511,7 +1511,7 @@ fe_cmov_table: #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_mul_op @@ -2023,7 +2023,7 @@ fe_mul_op: POP {pc} /* Cycle Count = 239 */ .size fe_mul_op,.-fe_mul_op -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_mul @@ -2034,7 +2034,7 @@ fe_mul: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 24 */ .size fe_mul,.-fe_mul -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_sq_op @@ -2425,7 +2425,7 @@ fe_sq_op: POP {pc} /* Cycle Count = 179 */ .size fe_sq_op,.-fe_sq_op -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_sq @@ -2437,7 +2437,7 @@ fe_sq: /* Cycle Count = 24 */ .size fe_sq,.-fe_sq #ifdef HAVE_CURVE25519 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_mul121666 @@ -2524,7 +2524,7 @@ fe_mul121666: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 69 */ .size fe_mul121666,.-fe_mul121666 -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WC_NO_CACHE_RESISTANT .text .align 4 @@ -3466,7 +3466,7 @@ L_fe_invert8: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 292 */ .size fe_invert,.-fe_invert -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_sq2 @@ -3925,7 +3925,7 @@ fe_sq2: POP {pc} /* Cycle Count = 213 */ .size fe_sq2,.-fe_sq2 -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_pow22523 @@ -4535,7 +4535,7 @@ ge_sub: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 138 */ .size ge_sub,.-ge_sub -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl sc_reduce @@ -5258,9 +5258,9 @@ sc_reduce: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 502 */ .size sc_reduce,.-sc_reduce -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifdef HAVE_ED25519_SIGN -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl sc_muladd @@ -6470,7 +6470,7 @@ sc_muladd: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 752 */ .size sc_muladd,.-sc_muladd -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index 21ad67bac..d7ca98a6c 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -1667,7 +1667,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b) #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M void fe_mul_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul_op() @@ -2193,7 +2193,7 @@ void fe_mul_op() ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul(fe r_p, const fe a_p, const fe b_p) #else @@ -2214,7 +2214,7 @@ void fe_mul(fe r, const fe a, const fe b) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M void fe_sq_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq_op() @@ -2619,7 +2619,7 @@ void fe_sq_op() ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq(fe r_p, const fe a_p) #else @@ -2640,7 +2640,7 @@ void fe_sq(fe r, const fe a) } #ifdef HAVE_CURVE25519 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul121666(fe r_p, fe a_p) #else @@ -2745,7 +2745,7 @@ void fe_mul121666(fe r, fe a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WC_NO_CACHE_RESISTANT #ifndef WOLFSSL_NO_VAR_ASSIGN_REG int curve25519(byte* r_p, const byte* n_p, const byte* a_p) @@ -3907,7 +3907,7 @@ void fe_invert(fe r, const fe a) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq2(fe r_p, const fe a_p) #else @@ -4384,7 +4384,7 @@ void fe_sq2(fe r, const fe a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_pow22523(fe r_p, const fe a_p) #else @@ -5126,7 +5126,7 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void sc_reduce(byte* s_p) #else @@ -5865,9 +5865,9 @@ void sc_reduce(byte* s) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifdef HAVE_ED25519_SIGN -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else @@ -7099,7 +7099,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S new file mode 100644 index 000000000..93e0a53e9 --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S @@ -0,0 +1,3903 @@ +/* thumb2-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE + .thumb + .syntax unified +#ifdef WOLFSSL_WC_KYBER + .text + .type L_kyber_thumb2_ntt_zetas, %object + .size L_kyber_thumb2_ntt_zetas, 256 + .align 4 +L_kyber_thumb2_ntt_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_thumb2_ntt + .type kyber_thumb2_ntt, %function +kyber_thumb2_ntt: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + SUB sp, sp, #0x8 + ADR r1, L_kyber_thumb2_ntt_zetas +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r2, #0x10 +L_kyber_thumb2_ntt_loop_123: + STR r2, [sp] + LDRH lr, [r1, #2] + LDR r2, [r0] + LDR r3, [r0, #64] + LDR r4, [r0, #128] + LDR r5, [r0, #192] + LDR r6, [r0, #256] + LDR r7, [r0, #320] + LDR r8, [r0, #384] + LDR r9, [r0, #448] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r11, r12, r11, r6 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r6, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, lr, #0, #16 + ASR r6, r6, #16 + MUL r10, r11, r10 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r6 + SUB r6, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r6, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #0, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r5, r10 + SADD16 r5, r5, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #0, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r5, r11 + ADD r5, r5, r11 + SUB r11, r5, r10, LSR #16 + ADD r10, r5, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #4] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #8] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r11, r12, r11, r3 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r3, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, lr, #0, #16 + ASR r3, r3, #16 + MUL r10, r11, r10 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r3 + SUB r3, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r3, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r5 + SMULTT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #16, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #12] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r8, r10 + SADD16 r8, r8, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r8, r11 + ADD r8, r8, r11 + SUB r11, r8, r10, LSR #16 + ADD r10, r8, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #64] + STR r4, [r0, #128] + STR r5, [r0, #192] + STR r6, [r0, #256] + STR r7, [r0, #320] + STR r8, [r0, #384] + STR r9, [r0, #448] + LDR r2, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_123 +#else + BNE.N L_kyber_thumb2_ntt_loop_123 +#endif + SUB r0, r0, #0x40 + MOV r3, #0x0 +L_kyber_thumb2_ntt_loop_4_j: + STR r3, [sp, #4] + ADD lr, r1, r3, LSR #4 + MOV r2, #0x4 + LDR lr, [lr, #16] +L_kyber_thumb2_ntt_loop_4_i: + STR r2, [sp] + LDR r2, [r0] + LDR r3, [r0, #16] + LDR r4, [r0, #32] + LDR r5, [r0, #48] + LDR r6, [r0, #64] + LDR r7, [r0, #80] + LDR r8, [r0, #96] + LDR r9, [r0, #112] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #16] + STR r4, [r0, #32] + STR r5, [r0, #48] + STR r6, [r0, #64] + STR r7, [r0, #80] + STR r8, [r0, #96] + STR r9, [r0, #112] + LDRD r2, r3, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_4_i +#else + BNE.N L_kyber_thumb2_ntt_loop_4_i +#endif + ADD r3, r3, #0x40 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x70 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_4_j +#else + BNE.N L_kyber_thumb2_ntt_loop_4_j +#endif + SUB r0, r0, #0x200 + MOV r3, #0x0 +L_kyber_thumb2_ntt_loop_567: + ADD lr, r1, r3, LSR #3 + STR r3, [sp, #4] + LDRH lr, [lr, #32] + LDR r2, [r0] + LDR r3, [r0, #4] + LDR r4, [r0, #8] + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + LDR r9, [r0, #28] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r11, r12, r11, r6 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r6, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, lr, #0, #16 + ASR r6, r6, #16 + MUL r10, r11, r10 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r6 + SUB r6, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r6, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #0, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r5, r10 + SADD16 r5, r5, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #0, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r5, r11 + ADD r5, r5, r11 + SUB r11, r5, r10, LSR #16 + ADD r10, r5, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #2 + LDR lr, [lr, #64] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #128] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r11, r12, r11, r3 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r3, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, lr, #0, #16 + ASR r3, r3, #16 + MUL r10, r11, r10 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r3 + SUB r3, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r3, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r5 + SMULTT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #16, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #132] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r8, r10 + SADD16 r8, r8, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r8, r11 + ADD r8, r8, r11 + SUB r11, r8, r10, LSR #16 + ADD r10, r8, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf + MOV r12, #0xd01 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r6 + SMULWT r11, lr, r6 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r6, r6, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, r6, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r6, r11, LSL #16 + SUB r6, r6, r10 + LSR r11, r11, #16 + BFI r6, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r7 + SMULWT r11, lr, r7 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r7, r7, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, r7, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r7, r11, LSL #16 + SUB r7, r7, r10 + LSR r11, r11, #16 + BFI r7, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r8 + SMULWT r11, lr, r8 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r8, r8, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, r8, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r8, r11, LSL #16 + SUB r8, r8, r10 + LSR r11, r11, #16 + BFI r8, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r9 + SMULWT r11, lr, r9 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r9, r9, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, r9, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r9, r11, LSL #16 + SUB r9, r9, r10 + LSR r11, r11, #16 + BFI r9, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #4] + STR r4, [r0, #8] + STR r5, [r0, #12] + STR r6, [r0, #16] + STR r7, [r0, #20] + STR r8, [r0, #24] + STR r9, [r0, #28] + LDR r3, [sp, #4] + ADD r3, r3, #0x10 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x20 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_567 +#else + BNE.N L_kyber_thumb2_ntt_loop_567 +#endif + ADD sp, sp, #0x8 + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 1270 */ + .size kyber_thumb2_ntt,.-kyber_thumb2_ntt + .text + .type L_kyber_thumb2_invntt_zetas_inv, %object + .size L_kyber_thumb2_invntt_zetas_inv, 256 + .align 4 +L_kyber_thumb2_invntt_zetas_inv: + .short 0x6a5 + .short 0x70f + .short 0x5b4 + .short 0x943 + .short 0x922 + .short 0x91d + .short 0x134 + .short 0x6c + .short 0xb23 + .short 0x366 + .short 0x356 + .short 0x5e6 + .short 0x9e7 + .short 0x4fe + .short 0x5fa + .short 0x4a1 + .short 0x67b + .short 0x4a3 + .short 0xc25 + .short 0x36a + .short 0x537 + .short 0x83f + .short 0x88 + .short 0x4bf + .short 0xb81 + .short 0x5b9 + .short 0x505 + .short 0x7d7 + .short 0xa9f + .short 0xaa6 + .short 0x8b8 + .short 0x9d0 + .short 0x4b + .short 0x9c + .short 0xbb8 + .short 0xb5f + .short 0xba4 + .short 0x368 + .short 0xa7d + .short 0x636 + .short 0x8a2 + .short 0x25a + .short 0x736 + .short 0x309 + .short 0x93 + .short 0x87a + .short 0x9f7 + .short 0xf6 + .short 0x68c + .short 0x6db + .short 0x1cc + .short 0x123 + .short 0xeb + .short 0xc50 + .short 0xab6 + .short 0xb5b + .short 0xc98 + .short 0x6f3 + .short 0x99a + .short 0x4e3 + .short 0x9b6 + .short 0xad6 + .short 0xb53 + .short 0x44f + .short 0x4fb + .short 0xa5c + .short 0x429 + .short 0xb41 + .short 0x2d5 + .short 0x5e4 + .short 0x940 + .short 0x18e + .short 0x3b7 + .short 0xf7 + .short 0x58d + .short 0xc96 + .short 0x9c3 + .short 0x10f + .short 0x5a + .short 0x355 + .short 0x744 + .short 0xc83 + .short 0x48a + .short 0x652 + .short 0x29a + .short 0x140 + .short 0x8 + .short 0xafd + .short 0x608 + .short 0x11a + .short 0x72e + .short 0x50d + .short 0x90a + .short 0x228 + .short 0xa75 + .short 0x83a + .short 0x623 + .short 0xcd + .short 0xb66 + .short 0x606 + .short 0xaa1 + .short 0xa25 + .short 0x908 + .short 0x2a9 + .short 0x82 + .short 0x642 + .short 0x74f + .short 0x33d + .short 0xb82 + .short 0xbf9 + .short 0x52d + .short 0xac4 + .short 0x745 + .short 0x5c2 + .short 0x4b2 + .short 0x93f + .short 0xc4b + .short 0x6d8 + .short 0xa93 + .short 0xab + .short 0xc37 + .short 0xbe2 + .short 0x773 + .short 0x72c + .short 0x5ed + .short 0x167 + .short 0x2f6 + .short 0x5a1 + .text + .align 4 + .globl kyber_thumb2_invntt + .type kyber_thumb2_invntt, %function +kyber_thumb2_invntt: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + SUB sp, sp, #0x8 + ADR r1, L_kyber_thumb2_invntt_zetas_inv +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r3, #0x0 +L_kyber_thumb2_invntt_loop_765: + ADD lr, r1, r3, LSR #1 + STR r3, [sp, #4] + LDR r2, [r0] + LDR r3, [r0, #4] + LDR r4, [r0, #8] + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + LDR r9, [r0, #28] + LDR lr, [lr] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r3 + SADD16 r2, r2, r3 + SMULBT r3, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SUB r11, r2, r3 + ADD r12, r2, r3 + BFC r3, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r3 + ADD r2, r2, r3 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r3, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r5 + SADD16 r4, r4, r5 + SMULTT r5, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r4, r5 + ADD r12, r4, r5 + BFC r5, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r5 + ADD r4, r4, r5 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #4] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r7 + SADD16 r6, r6, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r6, r7 + ADD r12, r6, r7 + BFC r7, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r7 + ADD r6, r6, r7 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r8, r9 + SADD16 r8, r8, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r8, r9 + ADD r12, r8, r9 + BFC r9, #0, #16 + BFC r8, #0, #16 + SUB r10, r8, r9 + ADD r8, r8, r9 + BFI r10, r11, #0, #16 + BFI r8, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #2 + LDR lr, [lr, #128] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #3 + LDR lr, [lr, #192] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r6 + SADD16 r2, r2, r6 + SMULBT r6, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SUB r11, r2, r6 + ADD r12, r2, r6 + BFC r6, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r6 + ADD r2, r2, r6 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r6, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r7 + SADD16 r3, r3, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r3, r7 + ADD r12, r3, r7 + BFC r7, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r7 + ADD r3, r3, r7 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r8 + SADD16 r4, r4, r8 + SMULBT r8, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r4, r8 + ADD r12, r4, r8 + BFC r8, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r8 + ADD r4, r4, r8 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r5, r9 + SADD16 r5, r5, r9 + SMULBT r9, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r5, r9 + ADD r12, r5, r9 + BFC r9, #0, #16 + BFC r5, #0, #16 + SUB r10, r5, r9 + ADD r5, r5, r9 + BFI r10, r11, #0, #16 + BFI r5, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #4] + STR r4, [r0, #8] + STR r5, [r0, #12] + STR r6, [r0, #16] + STR r7, [r0, #20] + STR r8, [r0, #24] + STR r9, [r0, #28] + LDR r3, [sp, #4] + ADD r3, r3, #0x10 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x20 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_765 +#else + BNE.N L_kyber_thumb2_invntt_loop_765 +#endif + SUB r0, r0, #0x200 + MOV r3, #0x0 +L_kyber_thumb2_invntt_loop_4_j: + STR r3, [sp, #4] + ADD lr, r1, r3, LSR #4 + MOV r2, #0x4 + LDR lr, [lr, #224] +L_kyber_thumb2_invntt_loop_4_i: + STR r2, [sp] + LDR r2, [r0] + LDR r3, [r0, #16] + LDR r4, [r0, #32] + LDR r5, [r0, #48] + LDR r6, [r0, #64] + LDR r7, [r0, #80] + LDR r8, [r0, #96] + LDR r9, [r0, #112] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #16] + STR r4, [r0, #32] + STR r5, [r0, #48] + STR r6, [r0, #64] + STR r7, [r0, #80] + STR r8, [r0, #96] + STR r9, [r0, #112] + LDRD r2, r3, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_4_i +#else + BNE.N L_kyber_thumb2_invntt_loop_4_i +#endif + ADD r3, r3, #0x40 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x70 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_4_j +#else + BNE.N L_kyber_thumb2_invntt_loop_4_j +#endif + SUB r0, r0, #0x200 + MOV r2, #0x10 +L_kyber_thumb2_invntt_loop_321: + STR r2, [sp] + LDRH lr, [r1, #2] + LDR r2, [r0] + LDR r3, [r0, #64] + LDR r4, [r0, #128] + LDR r5, [r0, #192] + LDR r6, [r0, #256] + LDR r7, [r0, #320] + LDR r8, [r0, #384] + LDR r9, [r0, #448] + LDR lr, [r1, #240] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r3 + SADD16 r2, r2, r3 + SMULBT r3, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SUB r11, r2, r3 + ADD r12, r2, r3 + BFC r3, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r3 + ADD r2, r2, r3 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r3, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r5 + SADD16 r4, r4, r5 + SMULTT r5, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r4, r5 + ADD r12, r4, r5 + BFC r5, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r5 + ADD r4, r4, r5 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #244] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r7 + SADD16 r6, r6, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r6, r7 + ADD r12, r6, r7 + BFC r7, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r7 + ADD r6, r6, r7 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r8, r9 + SADD16 r8, r8, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r8, r9 + ADD r12, r8, r9 + BFC r9, #0, #16 + BFC r8, #0, #16 + SUB r10, r8, r9 + ADD r8, r8, r9 + BFI r10, r11, #0, #16 + BFI r8, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #248] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #252] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r6 + SADD16 r2, r2, r6 + SMULBT r6, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SUB r11, r2, r6 + ADD r12, r2, r6 + BFC r6, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r6 + ADD r2, r2, r6 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r6, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r7 + SADD16 r3, r3, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r3, r7 + ADD r12, r3, r7 + BFC r7, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r7 + ADD r3, r3, r7 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r8 + SADD16 r4, r4, r8 + SMULBT r8, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r4, r8 + ADD r12, r4, r8 + BFC r8, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r8 + ADD r4, r4, r8 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r5, r9 + SADD16 r5, r5, r9 + SMULBT r9, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r5, r9 + ADD r12, r5, r9 + BFC r9, #0, #16 + BFC r5, #0, #16 + SUB r10, r5, r9 + ADD r5, r5, r9 + BFI r10, r11, #0, #16 + BFI r5, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #254] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r2 + SMULBT r2, lr, r2 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r2 + SMLABB r2, r12, r11, r2 + PKHTB r2, r2, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r2, #0, #16 + MUL r10, r11, r10 + SBFX r2, r2, #16, #16 + MUL r2, r11, r2 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r2, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r2, r12, r11, r2 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r3, #0, #16 + MUL r10, r11, r10 + SBFX r3, r3, #16, #16 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r4, #0, #16 + MUL r10, r11, r10 + SBFX r4, r4, #16, #16 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r5, #0, #16 + MUL r10, r11, r10 + SBFX r5, r5, #16, #16 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r6, #0, #16 + MUL r10, r11, r10 + SBFX r6, r6, #16, #16 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r7, #0, #16 + MUL r10, r11, r10 + SBFX r7, r7, #16, #16 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r8, #0, #16 + MUL r10, r11, r10 + SBFX r8, r8, #16, #16 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r9, #0, #16 + MUL r10, r11, r10 + SBFX r9, r9, #16, #16 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #64] + STR r4, [r0, #128] + STR r5, [r0, #192] + STR r6, [r0, #256] + STR r7, [r0, #320] + STR r8, [r0, #384] + STR r9, [r0, #448] + LDR r2, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_321 +#else + BNE.N L_kyber_thumb2_invntt_loop_321 +#endif + ADD sp, sp, #0x8 + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 1629 */ + .size kyber_thumb2_invntt,.-kyber_thumb2_invntt + .text + .type L_kyber_thumb2_basemul_mont_zetas, %object + .size L_kyber_thumb2_basemul_mont_zetas, 256 + .align 4 +L_kyber_thumb2_basemul_mont_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_thumb2_basemul_mont + .type kyber_thumb2_basemul_mont, %function +kyber_thumb2_basemul_mont: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + ADR r3, L_kyber_thumb2_basemul_mont_zetas + ADD r3, r3, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r8, #0x0 +L_kyber_thumb2_basemul_mont_loop: + LDM r1!, {r4, r5} + LDM r2!, {r6, r7} + LDR lr, [r3, r8] + ADD r8, r8, #0x2 + PUSH {r8} + CMP r8, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTT r8, r4, r6 + SMULTT r10, r5, r7 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + RSB r11, lr, #0x0 + SMULBT r8, lr, r8 + SMULBT r10, r11, r10 + SMLABB r8, r4, r6, r8 + SMLABB r10, r5, r7, r10 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + SMULBT r9, r4, r6 + SMULBT r11, r5, r7 + SMLATB r9, r4, r6, r9 + SMLATB r11, r5, r7, r11 + SMULTB r6, r12, r9 + SMULTB r7, r12, r11 + SMLABB r9, r12, r6, r9 + SMLABB r11, r12, r7, r11 + PKHTB r4, r9, r8, ASR #16 + PKHTB r5, r11, r10, ASR #16 +#else + ASR r8, r4, #16 + ASR r10, r5, #16 + ASR r9, r6, #16 + ASR r11, r7, #16 + MUL r8, r8, r9 + MUL r10, r10, r11 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r8 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + RSB r11, lr, #0x0 + SBFX r9, lr, #0, #16 + SBFX r11, r11, #0, #16 + ASR r8, r8, #16 + ASR r10, r10, #16 + MUL r8, r9, r8 + MUL r10, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + SBFX r12, r6, #0, #16 + MLA r8, r9, r12, r8 + SBFX r12, r7, #0, #16 + MLA r10, r11, r12, r10 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r9 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + ASR r12, r6, #16 + MUL r9, r9, r12 + ASR r12, r7, #16 + MUL r11, r11, r12 + ASR r4, r4, #16 + ASR r5, r5, #16 + SBFX r12, r6, #0, #16 + MLA r9, r4, r12, r9 + SBFX r12, r7, #0, #16 + MLA r11, r5, r12, r11 + MOV r12, #0xcff + SBFX r6, r9, #0, #16 + SBFX r7, r11, #0, #16 + MUL r6, r12, r6 + MUL r7, r12, r7 + MOV r12, #0xd01 + SBFX r4, r6, #0, #16 + SBFX r5, r7, #0, #16 + MLA r9, r12, r4, r9 + MLA r11, r12, r5, r11 + BFC r9, #0, #16 + BFC r11, #0, #16 + ORR r4, r9, r8, LSR #16 + ORR r5, r11, r10, LSR #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r4, r5} + POP {r8} +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_basemul_mont_loop +#else + BNE.N L_kyber_thumb2_basemul_mont_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 146 */ + .size kyber_thumb2_basemul_mont,.-kyber_thumb2_basemul_mont + .text + .align 4 + .globl kyber_thumb2_basemul_mont_add + .type kyber_thumb2_basemul_mont_add, %function +kyber_thumb2_basemul_mont_add: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + ADR r3, L_kyber_thumb2_basemul_mont_zetas + ADD r3, r3, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r8, #0x0 +L_kyber_thumb2_basemul_mont_add_loop: + LDM r1!, {r4, r5} + LDM r2!, {r6, r7} + LDR lr, [r3, r8] + ADD r8, r8, #0x2 + PUSH {r8} + CMP r8, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTT r8, r4, r6 + SMULTT r10, r5, r7 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + RSB r11, lr, #0x0 + SMULBT r8, lr, r8 + SMULBT r10, r11, r10 + SMLABB r8, r4, r6, r8 + SMLABB r10, r5, r7, r10 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + SMULBT r9, r4, r6 + SMULBT r11, r5, r7 + SMLATB r9, r4, r6, r9 + SMLATB r11, r5, r7, r11 + SMULTB r6, r12, r9 + SMULTB r7, r12, r11 + SMLABB r9, r12, r6, r9 + SMLABB r11, r12, r7, r11 + LDM r0, {r4, r5} + PKHTB r9, r9, r8, ASR #16 + PKHTB r11, r11, r10, ASR #16 + SADD16 r4, r4, r9 + SADD16 r5, r5, r11 +#else + ASR r8, r4, #16 + ASR r10, r5, #16 + ASR r9, r6, #16 + ASR r11, r7, #16 + MUL r8, r8, r9 + MUL r10, r10, r11 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r8 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + RSB r11, lr, #0x0 + SBFX r9, lr, #0, #16 + SBFX r11, r11, #0, #16 + ASR r8, r8, #16 + ASR r10, r10, #16 + MUL r8, r9, r8 + MUL r10, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + SBFX r12, r6, #0, #16 + MLA r8, r9, r12, r8 + SBFX r12, r7, #0, #16 + MLA r10, r11, r12, r10 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r9 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + ASR r12, r6, #16 + MUL r9, r9, r12 + ASR r12, r7, #16 + MUL r11, r11, r12 + ASR r4, r4, #16 + ASR r5, r5, #16 + SBFX r12, r6, #0, #16 + MLA r9, r4, r12, r9 + SBFX r12, r7, #0, #16 + MLA r11, r5, r12, r11 + MOV r12, #0xcff + SBFX r6, r9, #0, #16 + SBFX r7, r11, #0, #16 + MUL r6, r12, r6 + MUL r7, r12, r7 + MOV r12, #0xd01 + SBFX r4, r6, #0, #16 + SBFX r5, r7, #0, #16 + MLA r9, r12, r4, r9 + MLA r11, r12, r5, r11 + LDM r0, {r4, r5} + BFC r9, #0, #16 + BFC r11, #0, #16 + ORR r9, r9, r8, LSR #16 + ORR r11, r11, r10, LSR #16 + ADD r8, r4, r9 + ADD r10, r5, r11 + BFC r9, #0, #16 + BFC r11, #0, #16 + ADD r4, r4, r9 + ADD r5, r5, r11 + BFI r4, r8, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r4, r5} + POP {r8} +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_basemul_mont_add_loop +#else + BNE.N L_kyber_thumb2_basemul_mont_add_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 162 */ + .size kyber_thumb2_basemul_mont_add,.-kyber_thumb2_basemul_mont_add + .text + .align 4 + .globl kyber_thumb2_csubq + .type kyber_thumb2_csubq, %function +kyber_thumb2_csubq: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + MOV r11, #0xd01 + MOV r12, #0xd01 +#ifndef WOLFSSL_ARM_ARCH_7M + MOVT r12, #0xd01 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV lr, #0x8000 + MOVT lr, #0x8000 + MOV r1, #0x100 +L_kyber_thumb2_csubq_loop: + LDM r0, {r2, r3, r4, r5} +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r2, r2, r12 + SSUB16 r3, r3, r12 + SSUB16 r4, r4, r12 + SSUB16 r5, r5, r12 + AND r6, r2, lr + AND r7, r3, lr + AND r8, r4, lr + AND r9, r5, lr + LSR r6, r6, #15 + LSR r7, r7, #15 + LSR r8, r8, #15 + LSR r9, r9, #15 + MUL r6, r6, r11 + MUL r7, r7, r11 + MUL r8, r8, r11 + MUL r9, r9, r11 + SADD16 r2, r2, r6 + SADD16 r3, r3, r7 + SADD16 r4, r4, r8 + SADD16 r5, r5, r9 +#else + SUB r6, r2, r12 + SUB r2, r2, r12, LSL #16 + BFI r2, r6, #0, #16 + SUB r7, r3, r12 + SUB r3, r3, r12, LSL #16 + BFI r3, r7, #0, #16 + SUB r8, r4, r12 + SUB r4, r4, r12, LSL #16 + BFI r4, r8, #0, #16 + SUB r9, r5, r12 + SUB r5, r5, r12, LSL #16 + BFI r5, r9, #0, #16 + AND r6, r2, lr + AND r7, r3, lr + AND r8, r4, lr + AND r9, r5, lr + LSR r6, r6, #15 + LSR r7, r7, #15 + LSR r8, r8, #15 + LSR r9, r9, #15 + MUL r6, r6, r11 + MUL r7, r7, r11 + MUL r8, r8, r11 + MUL r9, r9, r11 + ADD r10, r2, r6 + BFC r6, #0, #16 + ADD r2, r2, r6 + BFI r2, r10, #0, #16 + ADD r10, r3, r7 + BFC r7, #0, #16 + ADD r3, r3, r7 + BFI r3, r10, #0, #16 + ADD r10, r4, r8 + BFC r8, #0, #16 + ADD r4, r4, r8 + BFI r4, r10, #0, #16 + ADD r10, r5, r9 + BFC r9, #0, #16 + ADD r5, r5, r9 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r2, r3, r4, r5} + SUBS r1, r1, #0x8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_csubq_loop +#else + BNE.N L_kyber_thumb2_csubq_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 101 */ + .size kyber_thumb2_csubq,.-kyber_thumb2_csubq + .text + .align 4 + .globl kyber_thumb2_rej_uniform + .type kyber_thumb2_rej_uniform, %function +kyber_thumb2_rej_uniform: + PUSH {r4, r5, r6, r7, r8, r9, r10, lr} + MOV r8, #0xd01 + MOV r9, #0x0 +L_kyber_thumb2_rej_uniform_loop_no_fail: + CMP r1, #0x8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BLT L_kyber_thumb2_rej_uniform_done_no_fail +#else + BLT.N L_kyber_thumb2_rej_uniform_done_no_fail +#endif + LDM r2!, {r4, r5, r6} + UBFX r7, r4, #0, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r4, #12, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r4, #24, #8 + BFI r7, r5, #8, #4 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #4, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #16, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #28, #4 + BFI r7, r6, #4, #8 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r6, #8, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r6, #20, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + SUBS r3, r3, #0xc +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_rej_uniform_loop_no_fail +#else + BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail +#endif +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + B L_kyber_thumb2_rej_uniform_done +#else + B.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_done_no_fail: + CMP r1, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_loop: + LDM r2!, {r4, r5, r6} + UBFX r7, r4, #0, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_0 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_0 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_0: + UBFX r7, r4, #12, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_1 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_1 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_1: + UBFX r7, r4, #24, #8 + BFI r7, r5, #8, #4 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_2 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_2 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_2: + UBFX r7, r5, #4, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_3 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_3 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_3: + UBFX r7, r5, #16, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_4 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_4 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_4: + UBFX r7, r5, #28, #4 + BFI r7, r6, #4, #8 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_5 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_5 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_5: + UBFX r7, r6, #8, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_6 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_6 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_6: + UBFX r7, r6, #20, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_7 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_7 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_7: + SUBS r3, r3, #0xc +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGT L_kyber_thumb2_rej_uniform_loop +#else + BGT.N L_kyber_thumb2_rej_uniform_loop +#endif +L_kyber_thumb2_rej_uniform_done: + LSR r0, r9, #1 + POP {r4, r5, r6, r7, r8, r9, r10, pc} + /* Cycle Count = 225 */ + .size kyber_thumb2_rej_uniform,.-kyber_thumb2_rej_uniform +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c new file mode 100644 index 000000000..5c0895779 --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c @@ -0,0 +1,3851 @@ +/* thumb2-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#define WOLFSSL_NO_VAR_ASSIGN_REG +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#include + +#ifdef WOLFSSL_WC_KYBER +XALIGNED(16) static const uint16_t L_kyber_thumb2_ntt_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_ntt(sword16* r_p) +#else +void kyber_thumb2_ntt(sword16* r) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register uint16_t* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_ntt_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "SUB sp, sp, #0x8\n\t" + "MOV r1, %[L_kyber_thumb2_ntt_zetas]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r2, #0x10\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_123:\n\t" +#else + "L_kyber_thumb2_ntt_loop_123_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDRH lr, [r1, #2]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #64]\n\t" + "LDR r4, [%[r], #128]\n\t" + "LDR r5, [%[r], #192]\n\t" + "LDR r6, [%[r], #256]\n\t" + "LDR r7, [%[r], #320]\n\t" + "LDR r8, [%[r], #384]\n\t" + "LDR r9, [%[r], #448]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r11, r12, r11, r6\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r6, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r6, r6, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r6\n\t" + "SUB r6, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r6, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r5, r10\n\t" + "SADD16 r5, r5, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r5, r11\n\t" + "ADD r5, r5, r11\n\t" + "SUB r11, r5, r10, LSR #16\n\t" + "ADD r10, r5, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #4]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #8]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r11, r12, r11, r3\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r3, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r3, r3, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r3\n\t" + "SUB r3, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r3, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r5\n\t" + "SMULTT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #12]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r8, r10\n\t" + "SADD16 r8, r8, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r8, r11\n\t" + "ADD r8, r8, r11\n\t" + "SUB r11, r8, r10, LSR #16\n\t" + "ADD r10, r8, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #64]\n\t" + "STR r4, [%[r], #128]\n\t" + "STR r5, [%[r], #192]\n\t" + "STR r6, [%[r], #256]\n\t" + "STR r7, [%[r], #320]\n\t" + "STR r8, [%[r], #384]\n\t" + "STR r9, [%[r], #448]\n\t" + "LDR r2, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_123_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_123\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_123_%=\n\t" +#endif + "SUB %[r], %[r], #0x40\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_4_j:\n\t" +#else + "L_kyber_thumb2_ntt_loop_4_j_%=:\n\t" +#endif + "STR r3, [sp, #4]\n\t" + "ADD lr, r1, r3, LSR #4\n\t" + "MOV r2, #0x4\n\t" + "LDR lr, [lr, #16]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_4_i:\n\t" +#else + "L_kyber_thumb2_ntt_loop_4_i_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #16]\n\t" + "LDR r4, [%[r], #32]\n\t" + "LDR r5, [%[r], #48]\n\t" + "LDR r6, [%[r], #64]\n\t" + "LDR r7, [%[r], #80]\n\t" + "LDR r8, [%[r], #96]\n\t" + "LDR r9, [%[r], #112]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #16]\n\t" + "STR r4, [%[r], #32]\n\t" + "STR r5, [%[r], #48]\n\t" + "STR r6, [%[r], #64]\n\t" + "STR r7, [%[r], #80]\n\t" + "STR r8, [%[r], #96]\n\t" + "STR r9, [%[r], #112]\n\t" + "LDRD r2, r3, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_4_i_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_4_i\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_4_i_%=\n\t" +#endif + "ADD r3, r3, #0x40\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x70\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_4_j_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_4_j\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_4_j_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_567:\n\t" +#else + "L_kyber_thumb2_ntt_loop_567_%=:\n\t" +#endif + "ADD lr, r1, r3, LSR #3\n\t" + "STR r3, [sp, #4]\n\t" + "LDRH lr, [lr, #32]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #4]\n\t" + "LDR r4, [%[r], #8]\n\t" + "LDR r5, [%[r], #12]\n\t" + "LDR r6, [%[r], #16]\n\t" + "LDR r7, [%[r], #20]\n\t" + "LDR r8, [%[r], #24]\n\t" + "LDR r9, [%[r], #28]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r11, r12, r11, r6\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r6, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r6, r6, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r6\n\t" + "SUB r6, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r6, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r5, r10\n\t" + "SADD16 r5, r5, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r5, r11\n\t" + "ADD r5, r5, r11\n\t" + "SUB r11, r5, r10, LSR #16\n\t" + "ADD r10, r5, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #2\n\t" + "LDR lr, [lr, #64]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #128]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r11, r12, r11, r3\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r3, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r3, r3, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r3\n\t" + "SUB r3, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r3, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r5\n\t" + "SMULTT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #132]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r8, r10\n\t" + "SADD16 r8, r8, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r8, r11\n\t" + "ADD r8, r8, r11\n\t" + "SUB r11, r8, r10, LSR #16\n\t" + "ADD r10, r8, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" + "MOV r12, #0xd01\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r6\n\t" + "SMULWT r11, lr, r6\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r6, r6, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, r6, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r6, r11, LSL #16\n\t" + "SUB r6, r6, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r6, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r7\n\t" + "SMULWT r11, lr, r7\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r7, r7, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, r7, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r7, r11, LSL #16\n\t" + "SUB r7, r7, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r7, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r8\n\t" + "SMULWT r11, lr, r8\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r8, r8, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, r8, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r8, r11, LSL #16\n\t" + "SUB r8, r8, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r8, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r9\n\t" + "SMULWT r11, lr, r9\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r9, r9, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, r9, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r9, r11, LSL #16\n\t" + "SUB r9, r9, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r9, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #4]\n\t" + "STR r4, [%[r], #8]\n\t" + "STR r5, [%[r], #12]\n\t" + "STR r6, [%[r], #16]\n\t" + "STR r7, [%[r], #20]\n\t" + "STR r8, [%[r], #24]\n\t" + "STR r9, [%[r], #28]\n\t" + "LDR r3, [sp, #4]\n\t" + "ADD r3, r3, #0x10\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x20\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_567_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_567\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_567_%=\n\t" +#endif + "ADD sp, sp, #0x8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), + [L_kyber_thumb2_ntt_zetas] "+r" (L_kyber_thumb2_ntt_zetas_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r) + : [L_kyber_thumb2_ntt_zetas] "r" (L_kyber_thumb2_ntt_zetas) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +XALIGNED(16) static const uint16_t L_kyber_thumb2_invntt_zetas_inv[] = { + 0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c, + 0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1, + 0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf, + 0x0b81, 0x05b9, 0x0505, 0x07d7, 0x0a9f, 0x0aa6, 0x08b8, 0x09d0, + 0x004b, 0x009c, 0x0bb8, 0x0b5f, 0x0ba4, 0x0368, 0x0a7d, 0x0636, + 0x08a2, 0x025a, 0x0736, 0x0309, 0x0093, 0x087a, 0x09f7, 0x00f6, + 0x068c, 0x06db, 0x01cc, 0x0123, 0x00eb, 0x0c50, 0x0ab6, 0x0b5b, + 0x0c98, 0x06f3, 0x099a, 0x04e3, 0x09b6, 0x0ad6, 0x0b53, 0x044f, + 0x04fb, 0x0a5c, 0x0429, 0x0b41, 0x02d5, 0x05e4, 0x0940, 0x018e, + 0x03b7, 0x00f7, 0x058d, 0x0c96, 0x09c3, 0x010f, 0x005a, 0x0355, + 0x0744, 0x0c83, 0x048a, 0x0652, 0x029a, 0x0140, 0x0008, 0x0afd, + 0x0608, 0x011a, 0x072e, 0x050d, 0x090a, 0x0228, 0x0a75, 0x083a, + 0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9, + 0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4, + 0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab, + 0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_invntt(sword16* r_p) +#else +void kyber_thumb2_invntt(sword16* r) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register uint16_t* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_invntt_zetas_inv; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "SUB sp, sp, #0x8\n\t" + "MOV r1, %[L_kyber_thumb2_invntt_zetas_inv]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_765:\n\t" +#else + "L_kyber_thumb2_invntt_loop_765_%=:\n\t" +#endif + "ADD lr, r1, r3, LSR #1\n\t" + "STR r3, [sp, #4]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #4]\n\t" + "LDR r4, [%[r], #8]\n\t" + "LDR r5, [%[r], #12]\n\t" + "LDR r6, [%[r], #16]\n\t" + "LDR r7, [%[r], #20]\n\t" + "LDR r8, [%[r], #24]\n\t" + "LDR r9, [%[r], #28]\n\t" + "LDR lr, [lr]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r3\n\t" + "SADD16 r2, r2, r3\n\t" + "SMULBT r3, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SUB r11, r2, r3\n\t" + "ADD r12, r2, r3\n\t" + "BFC r3, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r3\n\t" + "ADD r2, r2, r3\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r3, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r5\n\t" + "SADD16 r4, r4, r5\n\t" + "SMULTT r5, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r4, r5\n\t" + "ADD r12, r4, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r5\n\t" + "ADD r4, r4, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #4]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r7\n\t" + "SADD16 r6, r6, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r6, r7\n\t" + "ADD r12, r6, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r7\n\t" + "ADD r6, r6, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r8, r9\n\t" + "SADD16 r8, r8, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r8, r9\n\t" + "ADD r12, r8, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r8, #0, #16\n\t" + "SUB r10, r8, r9\n\t" + "ADD r8, r8, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r8, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #2\n\t" + "LDR lr, [lr, #128]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #3\n\t" + "LDR lr, [lr, #192]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r6\n\t" + "SADD16 r2, r2, r6\n\t" + "SMULBT r6, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SUB r11, r2, r6\n\t" + "ADD r12, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r6\n\t" + "ADD r2, r2, r6\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r6, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r7\n\t" + "SADD16 r3, r3, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r3, r7\n\t" + "ADD r12, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r7\n\t" + "ADD r3, r3, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r8\n\t" + "SADD16 r4, r4, r8\n\t" + "SMULBT r8, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r4, r8\n\t" + "ADD r12, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r8\n\t" + "ADD r4, r4, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r5, r9\n\t" + "SADD16 r5, r5, r9\n\t" + "SMULBT r9, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r5, r9\n\t" + "ADD r12, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r5, #0, #16\n\t" + "SUB r10, r5, r9\n\t" + "ADD r5, r5, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r5, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #4]\n\t" + "STR r4, [%[r], #8]\n\t" + "STR r5, [%[r], #12]\n\t" + "STR r6, [%[r], #16]\n\t" + "STR r7, [%[r], #20]\n\t" + "STR r8, [%[r], #24]\n\t" + "STR r9, [%[r], #28]\n\t" + "LDR r3, [sp, #4]\n\t" + "ADD r3, r3, #0x10\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x20\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_765_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_765\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_765_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_4_j:\n\t" +#else + "L_kyber_thumb2_invntt_loop_4_j_%=:\n\t" +#endif + "STR r3, [sp, #4]\n\t" + "ADD lr, r1, r3, LSR #4\n\t" + "MOV r2, #0x4\n\t" + "LDR lr, [lr, #224]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_4_i:\n\t" +#else + "L_kyber_thumb2_invntt_loop_4_i_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #16]\n\t" + "LDR r4, [%[r], #32]\n\t" + "LDR r5, [%[r], #48]\n\t" + "LDR r6, [%[r], #64]\n\t" + "LDR r7, [%[r], #80]\n\t" + "LDR r8, [%[r], #96]\n\t" + "LDR r9, [%[r], #112]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #16]\n\t" + "STR r4, [%[r], #32]\n\t" + "STR r5, [%[r], #48]\n\t" + "STR r6, [%[r], #64]\n\t" + "STR r7, [%[r], #80]\n\t" + "STR r8, [%[r], #96]\n\t" + "STR r9, [%[r], #112]\n\t" + "LDRD r2, r3, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_4_i_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_4_i\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_4_i_%=\n\t" +#endif + "ADD r3, r3, #0x40\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x70\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_4_j_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_4_j\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_4_j_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r2, #0x10\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_321:\n\t" +#else + "L_kyber_thumb2_invntt_loop_321_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDRH lr, [r1, #2]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #64]\n\t" + "LDR r4, [%[r], #128]\n\t" + "LDR r5, [%[r], #192]\n\t" + "LDR r6, [%[r], #256]\n\t" + "LDR r7, [%[r], #320]\n\t" + "LDR r8, [%[r], #384]\n\t" + "LDR r9, [%[r], #448]\n\t" + "LDR lr, [r1, #240]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r3\n\t" + "SADD16 r2, r2, r3\n\t" + "SMULBT r3, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SUB r11, r2, r3\n\t" + "ADD r12, r2, r3\n\t" + "BFC r3, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r3\n\t" + "ADD r2, r2, r3\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r3, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r5\n\t" + "SADD16 r4, r4, r5\n\t" + "SMULTT r5, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r4, r5\n\t" + "ADD r12, r4, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r5\n\t" + "ADD r4, r4, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #244]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r7\n\t" + "SADD16 r6, r6, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r6, r7\n\t" + "ADD r12, r6, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r7\n\t" + "ADD r6, r6, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r8, r9\n\t" + "SADD16 r8, r8, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r8, r9\n\t" + "ADD r12, r8, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r8, #0, #16\n\t" + "SUB r10, r8, r9\n\t" + "ADD r8, r8, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r8, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #248]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #252]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r6\n\t" + "SADD16 r2, r2, r6\n\t" + "SMULBT r6, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SUB r11, r2, r6\n\t" + "ADD r12, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r6\n\t" + "ADD r2, r2, r6\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r6, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r7\n\t" + "SADD16 r3, r3, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r3, r7\n\t" + "ADD r12, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r7\n\t" + "ADD r3, r3, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r8\n\t" + "SADD16 r4, r4, r8\n\t" + "SMULBT r8, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r4, r8\n\t" + "ADD r12, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r8\n\t" + "ADD r4, r4, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r5, r9\n\t" + "SADD16 r5, r5, r9\n\t" + "SMULBT r9, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r5, r9\n\t" + "ADD r12, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r5, #0, #16\n\t" + "SUB r10, r5, r9\n\t" + "ADD r5, r5, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r5, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #254]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r2\n\t" + "SMULBT r2, lr, r2\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r2\n\t" + "SMLABB r2, r12, r11, r2\n\t" + "PKHTB r2, r2, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r2, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r2, r2, #16, #16\n\t" + "MUL r2, r11, r2\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r2, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r2, r12, r11, r2\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r3, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r3, r3, #16, #16\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r4, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r4, r4, #16, #16\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r5, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r5, r5, #16, #16\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r6, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r6, r6, #16, #16\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r7, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r7, r7, #16, #16\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r8, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r8, r8, #16, #16\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r9, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r9, #16, #16\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #64]\n\t" + "STR r4, [%[r], #128]\n\t" + "STR r5, [%[r], #192]\n\t" + "STR r6, [%[r], #256]\n\t" + "STR r7, [%[r], #320]\n\t" + "STR r8, [%[r], #384]\n\t" + "STR r9, [%[r], #448]\n\t" + "LDR r2, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_321_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_321\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_321_%=\n\t" +#endif + "ADD sp, sp, #0x8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), + [L_kyber_thumb2_invntt_zetas_inv] "+r" (L_kyber_thumb2_invntt_zetas_inv_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r) + : [L_kyber_thumb2_invntt_zetas_inv] "r" (L_kyber_thumb2_invntt_zetas_inv) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +XALIGNED(16) static const uint16_t L_kyber_thumb2_basemul_mont_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_basemul_mont(sword16* r_p, const sword16* a_p, const sword16* b_p) +#else +void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register const sword16* a __asm__ ("r1") = (const sword16*)a_p; + register const sword16* b __asm__ ("r2") = (const sword16*)b_p; + register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t" + "ADD r3, r3, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r8, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_basemul_mont_loop:\n\t" +#else + "L_kyber_thumb2_basemul_mont_loop_%=:\n\t" +#endif + "LDM %[a]!, {r4, r5}\n\t" + "LDM %[b]!, {r6, r7}\n\t" + "LDR lr, [r3, r8]\n\t" + "ADD r8, r8, #0x2\n\t" + "PUSH {r8}\n\t" + "CMP r8, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTT r8, r4, r6\n\t" + "SMULTT r10, r5, r7\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULBT r10, r11, r10\n\t" + "SMLABB r8, r4, r6, r8\n\t" + "SMLABB r10, r5, r7, r10\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULBT r9, r4, r6\n\t" + "SMULBT r11, r5, r7\n\t" + "SMLATB r9, r4, r6, r9\n\t" + "SMLATB r11, r5, r7, r11\n\t" + "SMULTB r6, r12, r9\n\t" + "SMULTB r7, r12, r11\n\t" + "SMLABB r9, r12, r6, r9\n\t" + "SMLABB r11, r12, r7, r11\n\t" + "PKHTB r4, r9, r8, ASR #16\n\t" + "PKHTB r5, r11, r10, ASR #16\n\t" +#else + "ASR r8, r4, #16\n\t" + "ASR r10, r5, #16\n\t" + "ASR r9, r6, #16\n\t" + "ASR r11, r7, #16\n\t" + "MUL r8, r8, r9\n\t" + "MUL r10, r10, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r8\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SBFX r9, lr, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "ASR r10, r10, #16\n\t" + "MUL r8, r9, r8\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r8, r9, r12, r8\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r10, r11, r12, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r9\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "ASR r12, r6, #16\n\t" + "MUL r9, r9, r12\n\t" + "ASR r12, r7, #16\n\t" + "MUL r11, r11, r12\n\t" + "ASR r4, r4, #16\n\t" + "ASR r5, r5, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r9, r4, r12, r9\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r11, r5, r12, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r6, r9, #0, #16\n\t" + "SBFX r7, r11, #0, #16\n\t" + "MUL r6, r12, r6\n\t" + "MUL r7, r12, r7\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r4, r6, #0, #16\n\t" + "SBFX r5, r7, #0, #16\n\t" + "MLA r9, r12, r4, r9\n\t" + "MLA r11, r12, r5, r11\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ORR r4, r9, r8, LSR #16\n\t" + "ORR r5, r11, r10, LSR #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[r]!, {r4, r5}\n\t" + "POP {r8}\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_basemul_mont_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_basemul_mont_loop\n\t" +#else + "BNE.N L_kyber_thumb2_basemul_mont_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_basemul_mont_add(sword16* r_p, const sword16* a_p, const sword16* b_p) +#else +void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register const sword16* a __asm__ ("r1") = (const sword16*)a_p; + register const sword16* b __asm__ ("r2") = (const sword16*)b_p; + register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t" + "ADD r3, r3, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r8, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_basemul_mont_add_loop:\n\t" +#else + "L_kyber_thumb2_basemul_mont_add_loop_%=:\n\t" +#endif + "LDM %[a]!, {r4, r5}\n\t" + "LDM %[b]!, {r6, r7}\n\t" + "LDR lr, [r3, r8]\n\t" + "ADD r8, r8, #0x2\n\t" + "PUSH {r8}\n\t" + "CMP r8, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTT r8, r4, r6\n\t" + "SMULTT r10, r5, r7\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULBT r10, r11, r10\n\t" + "SMLABB r8, r4, r6, r8\n\t" + "SMLABB r10, r5, r7, r10\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULBT r9, r4, r6\n\t" + "SMULBT r11, r5, r7\n\t" + "SMLATB r9, r4, r6, r9\n\t" + "SMLATB r11, r5, r7, r11\n\t" + "SMULTB r6, r12, r9\n\t" + "SMULTB r7, r12, r11\n\t" + "SMLABB r9, r12, r6, r9\n\t" + "SMLABB r11, r12, r7, r11\n\t" + "LDM %[r], {r4, r5}\n\t" + "PKHTB r9, r9, r8, ASR #16\n\t" + "PKHTB r11, r11, r10, ASR #16\n\t" + "SADD16 r4, r4, r9\n\t" + "SADD16 r5, r5, r11\n\t" +#else + "ASR r8, r4, #16\n\t" + "ASR r10, r5, #16\n\t" + "ASR r9, r6, #16\n\t" + "ASR r11, r7, #16\n\t" + "MUL r8, r8, r9\n\t" + "MUL r10, r10, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r8\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SBFX r9, lr, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "ASR r10, r10, #16\n\t" + "MUL r8, r9, r8\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r8, r9, r12, r8\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r10, r11, r12, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r9\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "ASR r12, r6, #16\n\t" + "MUL r9, r9, r12\n\t" + "ASR r12, r7, #16\n\t" + "MUL r11, r11, r12\n\t" + "ASR r4, r4, #16\n\t" + "ASR r5, r5, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r9, r4, r12, r9\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r11, r5, r12, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r6, r9, #0, #16\n\t" + "SBFX r7, r11, #0, #16\n\t" + "MUL r6, r12, r6\n\t" + "MUL r7, r12, r7\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r4, r6, #0, #16\n\t" + "SBFX r5, r7, #0, #16\n\t" + "MLA r9, r12, r4, r9\n\t" + "MLA r11, r12, r5, r11\n\t" + "LDM %[r], {r4, r5}\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ORR r9, r9, r8, LSR #16\n\t" + "ORR r11, r11, r10, LSR #16\n\t" + "ADD r8, r4, r9\n\t" + "ADD r10, r5, r11\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ADD r4, r4, r9\n\t" + "ADD r5, r5, r11\n\t" + "BFI r4, r8, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[r]!, {r4, r5}\n\t" + "POP {r8}\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_basemul_mont_add_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_basemul_mont_add_loop\n\t" +#else + "BNE.N L_kyber_thumb2_basemul_mont_add_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_csubq(sword16* p_p) +#else +void kyber_thumb2_csubq(sword16* p) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* p __asm__ ("r0") = (sword16*)p_p; + register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r11, #0xd01\n\t" + "MOV r12, #0xd01\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOVT r12, #0xd01\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV lr, #0x8000\n\t" + "MOVT lr, #0x8000\n\t" + "MOV r1, #0x100\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_csubq_loop:\n\t" +#else + "L_kyber_thumb2_csubq_loop_%=:\n\t" +#endif + "LDM %[p], {r2, r3, r4, r5}\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r2, r2, r12\n\t" + "SSUB16 r3, r3, r12\n\t" + "SSUB16 r4, r4, r12\n\t" + "SSUB16 r5, r5, r12\n\t" + "AND r6, r2, lr\n\t" + "AND r7, r3, lr\n\t" + "AND r8, r4, lr\n\t" + "AND r9, r5, lr\n\t" + "LSR r6, r6, #15\n\t" + "LSR r7, r7, #15\n\t" + "LSR r8, r8, #15\n\t" + "LSR r9, r9, #15\n\t" + "MUL r6, r6, r11\n\t" + "MUL r7, r7, r11\n\t" + "MUL r8, r8, r11\n\t" + "MUL r9, r9, r11\n\t" + "SADD16 r2, r2, r6\n\t" + "SADD16 r3, r3, r7\n\t" + "SADD16 r4, r4, r8\n\t" + "SADD16 r5, r5, r9\n\t" +#else + "SUB r6, r2, r12\n\t" + "SUB r2, r2, r12, LSL #16\n\t" + "BFI r2, r6, #0, #16\n\t" + "SUB r7, r3, r12\n\t" + "SUB r3, r3, r12, LSL #16\n\t" + "BFI r3, r7, #0, #16\n\t" + "SUB r8, r4, r12\n\t" + "SUB r4, r4, r12, LSL #16\n\t" + "BFI r4, r8, #0, #16\n\t" + "SUB r9, r5, r12\n\t" + "SUB r5, r5, r12, LSL #16\n\t" + "BFI r5, r9, #0, #16\n\t" + "AND r6, r2, lr\n\t" + "AND r7, r3, lr\n\t" + "AND r8, r4, lr\n\t" + "AND r9, r5, lr\n\t" + "LSR r6, r6, #15\n\t" + "LSR r7, r7, #15\n\t" + "LSR r8, r8, #15\n\t" + "LSR r9, r9, #15\n\t" + "MUL r6, r6, r11\n\t" + "MUL r7, r7, r11\n\t" + "MUL r8, r8, r11\n\t" + "MUL r9, r9, r11\n\t" + "ADD r10, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "ADD r2, r2, r6\n\t" + "BFI r2, r10, #0, #16\n\t" + "ADD r10, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "ADD r3, r3, r7\n\t" + "BFI r3, r10, #0, #16\n\t" + "ADD r10, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "ADD r4, r4, r8\n\t" + "BFI r4, r10, #0, #16\n\t" + "ADD r10, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "ADD r5, r5, r9\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[p]!, {r2, r3, r4, r5}\n\t" + "SUBS r1, r1, #0x8\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_csubq_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_csubq_loop\n\t" +#else + "BNE.N L_kyber_thumb2_csubq_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [p] "+r" (p), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [p] "+r" (p) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +unsigned int kyber_thumb2_rej_uniform(sword16* p_p, unsigned int len_p, const byte* r_p, unsigned int rLen_p) +#else +unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* r, unsigned int rLen) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* p __asm__ ("r0") = (sword16*)p_p; + register unsigned int len __asm__ ("r1") = (unsigned int)len_p; + register const byte* r __asm__ ("r2") = (const byte*)r_p; + register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p; + register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r8, #0xd01\n\t" + "MOV r9, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_loop_no_fail:\n\t" +#else + "L_kyber_thumb2_rej_uniform_loop_no_fail_%=:\n\t" +#endif + "CMP %[len], #0x8\n\t" +#if defined(__GNUC__) + "BLT L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_kyber_thumb2_rej_uniform_done_no_fail\n\t" +#else + "BLT.N L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t" +#endif + "LDM %[r]!, {r4, r5, r6}\n\t" + "UBFX r7, r4, #0, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r4, #12, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r4, #24, #8\n\t" + "BFI r7, r5, #8, #4\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #4, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #16, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #28, #4\n\t" + "BFI r7, r6, #4, #8\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r6, #8, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r6, #20, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "SUBS %[rLen], %[rLen], #0xc\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail\n\t" +#else + "BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "B.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_done_no_fail:\n\t" +#else + "L_kyber_thumb2_rej_uniform_done_no_fail_%=:\n\t" +#endif + "CMP %[len], #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_loop:\n\t" +#else + "L_kyber_thumb2_rej_uniform_loop_%=:\n\t" +#endif + "LDM %[r]!, {r4, r5, r6}\n\t" + "UBFX r7, r4, #0, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_0_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_0\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_0_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_0:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_0_%=:\n\t" +#endif + "UBFX r7, r4, #12, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_1\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_1_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_1:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_1_%=:\n\t" +#endif + "UBFX r7, r4, #24, #8\n\t" + "BFI r7, r5, #8, #4\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_2\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_2_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_2:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_2_%=:\n\t" +#endif + "UBFX r7, r5, #4, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_3\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_3_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_3:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_3_%=:\n\t" +#endif + "UBFX r7, r5, #16, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_4\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_4_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_4:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_4_%=:\n\t" +#endif + "UBFX r7, r5, #28, #4\n\t" + "BFI r7, r6, #4, #8\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_5\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_5_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_5:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_5_%=:\n\t" +#endif + "UBFX r7, r6, #8, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_6\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_6_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_6:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_6_%=:\n\t" +#endif + "UBFX r7, r6, #20, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_7\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_7_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_7:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_7_%=:\n\t" +#endif + "SUBS %[rLen], %[rLen], #0xc\n\t" +#if defined(__GNUC__) + "BGT L_kyber_thumb2_rej_uniform_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_kyber_thumb2_rej_uniform_loop\n\t" +#else + "BGT.N L_kyber_thumb2_rej_uniform_loop_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_done:\n\t" +#else + "L_kyber_thumb2_rej_uniform_done_%=:\n\t" +#endif + "LSR r0, r9, #1\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc" +#else + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); + return (uint32_t)(size_t)p; +} + +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S index b727e8164..c1aec82bf 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S @@ -67,17 +67,17 @@ L_poly1305_thumb2_16_loop: ADCS r7, r7, r10 ADD r1, r1, #0x10 ADC r8, r8, r11 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M STM lr, {r4, r5, r6, r7, r8} #else /* h[0]-h[2] in r4-r6 for multiplication. */ STR r7, [lr, #12] STR r8, [lr, #16] -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ STR r1, [sp, #16] LDR r1, [sp, #12] /* Multiply h by r */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */ LDR r3, [r1] EOR r0, r0, r0 @@ -218,7 +218,7 @@ L_poly1305_thumb2_16_loop: UMAAL r11, r12, r3, r5 /* DONE */ LDM sp, {r4, r5, r6} -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* r12 will be zero because r is masked. */ /* Load length */ LDR r2, [sp, #20] diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c index 437141ab0..acf82c4a8 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c @@ -93,17 +93,17 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not "ADCS r7, r7, r10\n\t" "ADD %[m], %[m], #0x10\n\t" "ADC r8, r8, r11\n\t" -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M "STM lr, {r4, r5, r6, r7, r8}\n\t" #else /* h[0]-h[2] in r4-r6 for multiplication. */ "STR r7, [lr, #12]\n\t" "STR r8, [lr, #16]\n\t" -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ "STR %[m], [sp, #16]\n\t" "LDR %[m], [sp, #12]\n\t" /* Multiply h by r */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */ "LDR %[notLast], [%[m]]\n\t" "EOR %[ctx], %[ctx], %[ctx]\n\t" @@ -244,7 +244,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not "UMAAL r11, r12, %[notLast], r5\n\t" /* DONE */ "LDM sp, {r4, r5, r6}\n\t" -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* r12 will be zero because r is masked. */ /* Load length */ "LDR %[len], [sp, #20]\n\t" diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 343f69d69..25404a718 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -240,7 +240,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) #define sp_2048_norm_64(a) #ifndef WOLFSSL_SP_SMALL -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -736,7 +736,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Add b to a into r. (r = a + b) * * r A single precision integer. @@ -1533,7 +1533,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, (void)sp_2048_add_32(r + 96, r + 96, a1); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -1899,7 +1899,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Sub b from a into r. (r = a - b) * * r A single precision integer. @@ -31605,7 +31605,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -32101,7 +32101,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Square a and put result in r. (r = a * a) @@ -32222,7 +32222,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -32588,7 +32588,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Add b to a into r. (r = a + b) diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 4514ad317..8c8c97dd8 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -173,8 +173,16 @@ const sword16 zetas_inv[KYBER_N / 2] = { 3127, 3042, 1907, 1836, 1517, 359, 758, 1441 }; +#define KYBER_BARRETT(a) \ + "SMULWB r10, r14, " #a "\n\t" \ + "SMULWT r11, r14, " #a "\n\t" \ + "SMULBT r10, r12, r10\n\t" \ + "SMULBT r11, r12, r11\n\t" \ + "PKHBT r10, r10, r11, LSL #16\n\t" \ + "SSUB16 " #a ", " #a ", r10\n\t" -#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + +#if !(defined(__thumb__) || (defined(__aarch64__)) && defined(WOLFSSL_ARMASM)) /* Number-Theoretic Transform. * * @param [in, out] r Polynomial to transform. @@ -939,15 +947,16 @@ static void kyber_basemul(sword16* r, const sword16* a, const sword16* b, */ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -955,6 +964,7 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -977,10 +987,10 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) static void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { sword16 t0[2]; sword16 t2[2]; @@ -994,6 +1004,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 3] += t2[1]; } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { sword16 t0[2]; sword16 t2[2]; @@ -1015,6 +1026,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 7] += t6[1]; } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { sword16 t0[2]; sword16 t2[2]; @@ -2142,7 +2154,7 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) } #endif -#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +#if !(defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || defined(__thumb__))) /* Rejection sampling on uniform random bytes to generate uniform random * integers mod q. * @@ -3338,7 +3350,7 @@ int kyber_cmp(const byte* a, const byte* b, int sz) /******************************************************************************/ -#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) +#if !(defined(__thumb__) || (defined(__aarch64__)) && defined(WOLFSSL_ARMASM)) /* Conditional subtraction of q to each coefficient of a polynomial. * @@ -3355,10 +3367,14 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) } } -#else +#elif defined(__aarch64__) #define kyber_csubq_c kyber_csubq_neon +#else + +#define kyber_csubq_c kyber_thumb2_csubq + #endif /******************************************************************************/ diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 2b8ac8da2..354fc8b01 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -310,6 +310,22 @@ WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz); WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p); WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg); WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); +#elif defined(__thumb__) && defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_thumb2_ntt +#define kyber_invntt kyber_thumb2_invntt +#define kyber_basemul_mont kyber_thumb2_basemul_mont +#define kyber_basemul_mont_add kyber_thumb2_basemul_mont_add +#define kyber_rej_uniform_c kyber_thumb2_rej_uniform + +WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p, + unsigned int len, const byte* r, unsigned int rLen); #endif #ifdef __cplusplus From c3410f2cb8633e6798c5becccb7d369a139a9248 Mon Sep 17 00:00:00 2001 From: jordan Date: Thu, 3 Oct 2024 16:38:12 -0500 Subject: [PATCH 082/325] dilithium: support building dilithium with wolfboot. --- wolfcrypt/src/dilithium.c | 2 +- wolfcrypt/test/test.c | 27 +++++++++++++++++++++++++++ wolfssl/wolfcrypt/dilithium.h | 5 +++-- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index a938805cb..ce01042c8 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -70,7 +70,7 @@ * but is slower. * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 Default: OFF * Compiles the small memory implementations to use a 64-bit polynomial. - * Uses 2KB of memory but is slighlty quicker (2.75-7%). + * Uses 2KB of memory but is slightly quicker (2.75-7%). * * WOLFSSL_DILITHIUM_ALIGNMENT Default: 8 * Use to indicate whether loading and storing of words needs to be aligned. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4b8efe09a..62c9f16fd 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -42117,9 +42117,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, { byte msg[512]; dilithium_key* key; + byte * pubExported = NULL; wc_test_ret_t ret; int i; int res = 0; + word32 lenExported = pubKeyLen; + int n_diff = 0; key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -42127,6 +42130,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } + pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubExported == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + /* make dummy msg */ for (i = 0; i < (int)sizeof(msg); i++) { msg[i] = (byte)i; @@ -42160,9 +42169,27 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (res != 1) ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); + + /* Now test the export pub raw API, verify we recover the original pub. */ + ret = wc_dilithium_export_public(key, pubExported, &lenExported); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (lenExported <= 0 || lenExported != pubKeyLen) { + ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out); + } + + n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen); + + if (n_diff) { + ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out); + } + out: wc_dilithium_free(key); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index eb68e2026..6e9cfb67e 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -765,6 +765,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen); #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +#define wc_dilithium_export_private_only wc_dilithium_export_private #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API @@ -841,7 +842,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ wc_dilithium_export_private_only(key, out, outLen) #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ - wc_dilithium_import_private_only(out, outLen, key) + wc_dilithium_import_private_only(in, inLen, key) #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng) #define wc_MlDsaKey_Free(key) \ @@ -849,7 +850,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ wc_dilithium_export_public(key, out, outLen) #define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ - wc_dilithium_import_public(out, outLen, key) + wc_dilithium_import_public(in, inLen, key) #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) From f7afc47d98d799c989675c134c7bcf1d281f7375 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 4 Oct 2024 11:06:18 +1000 Subject: [PATCH 083/325] Kyber ARM32 ASM: add assembly using base instructions Support ARMv4 up to ARMv8. Base instructions only - faster implemenation will use NEON. --- src/include.am | 8 +- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 422 +- .../src/port/arm/armv8-32-curve25519_c.c | 422 +- wolfcrypt/src/port/arm/armv8-32-kyber-asm.S | 9442 +++++++++++++++++ wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 9239 ++++++++++++++++ .../src/port/arm/armv8-32-poly1305-asm.S | 2 +- .../src/port/arm/armv8-32-poly1305-asm_c.c | 2 +- wolfcrypt/src/wc_kyber_poly.c | 12 +- wolfssl/wolfcrypt/wc_kyber.h | 20 +- 9 files changed, 19546 insertions(+), 23 deletions(-) create mode 100644 wolfcrypt/src/port/arm/armv8-32-kyber-asm.S create mode 100644 wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c diff --git a/src/include.am b/src/include.am index ee33cd956..0900bbec3 100644 --- a/src/include.am +++ b/src/include.am @@ -1199,7 +1199,13 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm_ else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm.S endif !BUILD_ARMASM_INLINE -endif BUILD_ARM_THUMB +else +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm.S +endif !BUILD_ARMASM_INLINE +endif !BUILD_ARM_THUMB endif BUILD_ARMASM if !BUILD_X86_ASM if BUILD_INTELASM diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index bf8daeec0..669c3c023 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -617,7 +617,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1045,7 +1045,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1474,7 +1474,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1903,7 +1903,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -2346,7 +2346,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -3418,7 +3418,11 @@ fe_mul121666: #else mov r10, #0xdb42 #endif - movt r10, #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x10000 +#else + movt r10, #0x1 +#endif #endif umull r2, r12, r10, r2 umull r3, lr, r10, r3 @@ -3485,7 +3489,11 @@ fe_mul121666: #else mov lr, #0xdb42 #endif - movt lr, #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x10000 +#else + movt lr, #0x1 +#endif #endif umull r2, r10, lr, r2 sub r12, lr, #1 @@ -5479,8 +5487,13 @@ sc_reduce: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -5497,7 +5510,12 @@ sc_reduce: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -5521,8 +5539,13 @@ sc_reduce: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -5539,7 +5562,12 @@ sc_reduce: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif adds r4, r4, r1 mov r1, #0 @@ -5575,7 +5603,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -5638,7 +5671,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5695,7 +5733,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5752,7 +5795,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5836,8 +5884,13 @@ sc_reduce: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -5854,8 +5907,13 @@ sc_reduce: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -5872,8 +5930,13 @@ sc_reduce: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -5890,8 +5953,13 @@ sc_reduce: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -5962,7 +6030,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -5998,7 +6071,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -6034,7 +6112,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -6070,7 +6153,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -6124,8 +6212,13 @@ sc_reduce: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -6142,8 +6235,13 @@ sc_reduce: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -6160,8 +6258,13 @@ sc_reduce: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -6178,7 +6281,12 @@ sc_reduce: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -6256,8 +6364,13 @@ sc_reduce: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -6274,7 +6387,12 @@ sc_reduce: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -6295,8 +6413,13 @@ sc_reduce: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -6313,7 +6436,12 @@ sc_reduce: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif umaal r4, r1, r10, lr umaal r5, r1, r11, lr @@ -6343,7 +6471,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -6385,7 +6518,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6421,7 +6559,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6457,7 +6600,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6520,8 +6668,13 @@ sc_reduce: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -6538,8 +6691,13 @@ sc_reduce: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -6556,8 +6714,13 @@ sc_reduce: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -6574,8 +6737,13 @@ sc_reduce: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -6646,7 +6814,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -6673,7 +6846,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -6700,7 +6878,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -6727,7 +6910,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -6772,8 +6960,13 @@ sc_reduce: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -6790,8 +6983,13 @@ sc_reduce: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -6808,8 +7006,13 @@ sc_reduce: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -6826,7 +7029,12 @@ sc_reduce: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -7256,8 +7464,13 @@ sc_muladd: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -7274,7 +7487,12 @@ sc_muladd: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -7298,8 +7516,13 @@ sc_muladd: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -7316,7 +7539,12 @@ sc_muladd: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif adds r4, r4, r1 mov r1, #0 @@ -7352,7 +7580,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -7415,7 +7648,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7472,7 +7710,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7529,7 +7772,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7613,8 +7861,13 @@ sc_muladd: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -7631,8 +7884,13 @@ sc_muladd: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -7649,8 +7907,13 @@ sc_muladd: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -7667,8 +7930,13 @@ sc_muladd: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -7739,7 +8007,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -7775,7 +8048,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -7811,7 +8089,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -7847,7 +8130,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -7901,8 +8189,13 @@ sc_muladd: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -7919,8 +8212,13 @@ sc_muladd: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -7937,8 +8235,13 @@ sc_muladd: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -7955,7 +8258,12 @@ sc_muladd: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -8163,8 +8471,13 @@ sc_muladd: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -8181,7 +8494,12 @@ sc_muladd: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -8202,8 +8520,13 @@ sc_muladd: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -8220,7 +8543,12 @@ sc_muladd: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif umaal r4, r1, r10, lr umaal r5, r1, r11, lr @@ -8250,7 +8578,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -8292,7 +8625,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8328,7 +8666,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8364,7 +8707,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8427,8 +8775,13 @@ sc_muladd: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -8445,8 +8798,13 @@ sc_muladd: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -8463,8 +8821,13 @@ sc_muladd: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -8481,8 +8844,13 @@ sc_muladd: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -8553,7 +8921,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -8580,7 +8953,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -8607,7 +8985,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -8634,7 +9017,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -8679,8 +9067,13 @@ sc_muladd: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -8697,8 +9090,13 @@ sc_muladd: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -8715,8 +9113,13 @@ sc_muladd: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -8733,7 +9136,12 @@ sc_muladd: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index d00916ec6..cd778c1d5 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -697,7 +697,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1125,7 +1125,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1554,7 +1554,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1983,7 +1983,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -2432,7 +2432,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -3528,7 +3528,11 @@ void fe_mul121666(fe r_p, fe a_p) #else "mov r10, #0xdb42\n\t" #endif - "movt r10, #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x10000\n\t" +#else + "movt r10, #0x1\n\t" +#endif #endif "umull r2, r12, r10, r2\n\t" "umull r3, lr, r10, r3\n\t" @@ -3600,7 +3604,11 @@ void fe_mul121666(fe r_p, fe a_p) #else "mov lr, #0xdb42\n\t" #endif - "movt lr, #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x10000\n\t" +#else + "movt lr, #0x1\n\t" +#endif #endif "umull r2, r10, lr, r2\n\t" "sub r12, lr, #1\n\t" @@ -5704,8 +5712,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -5722,7 +5735,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov r1, #0\n\t" "umlal r2, r1, r10, lr\n\t" @@ -5746,8 +5764,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -5764,7 +5787,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "adds r4, r4, r1\n\t" "mov r1, #0\n\t" @@ -5800,7 +5828,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -5863,7 +5896,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -5920,7 +5958,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -5977,7 +6020,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6061,8 +6109,13 @@ void sc_reduce(byte* s_p) #else "mov r2, #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r2, r2, #0x4b000000\n\t" + "orr r2, r2, #0x9e0000\n\t" +#else "movt r2, #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r3, #0xcb\n\t" "lsl r3, r3, #8\n\t" @@ -6079,8 +6132,13 @@ void sc_reduce(byte* s_p) #else "mov r3, #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r3, r3, #0xcb000000\n\t" + "orr r3, r3, #0x20000\n\t" +#else "movt r3, #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -6097,8 +6155,13 @@ void sc_reduce(byte* s_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -6115,8 +6178,13 @@ void sc_reduce(byte* s_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -6187,7 +6255,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6223,7 +6296,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6259,7 +6337,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6295,7 +6378,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6349,8 +6437,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -6367,8 +6460,13 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -6385,8 +6483,13 @@ void sc_reduce(byte* s_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -6403,7 +6506,12 @@ void sc_reduce(byte* s_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, r1\n\t" "and r11, r11, r1\n\t" @@ -6485,8 +6593,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -6503,7 +6616,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov r1, #0\n\t" "umlal r2, r1, r10, lr\n\t" @@ -6524,8 +6642,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -6542,7 +6665,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "umaal r4, r1, r10, lr\n\t" "umaal r5, r1, r11, lr\n\t" @@ -6572,7 +6700,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -6614,7 +6747,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6650,7 +6788,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6686,7 +6829,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6749,8 +6897,13 @@ void sc_reduce(byte* s_p) #else "mov r2, #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r2, r2, #0x4b000000\n\t" + "orr r2, r2, #0x9e0000\n\t" +#else "movt r2, #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r3, #0xcb\n\t" "lsl r3, r3, #8\n\t" @@ -6767,8 +6920,13 @@ void sc_reduce(byte* s_p) #else "mov r3, #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r3, r3, #0xcb000000\n\t" + "orr r3, r3, #0x20000\n\t" +#else "movt r3, #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -6785,8 +6943,13 @@ void sc_reduce(byte* s_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -6803,8 +6966,13 @@ void sc_reduce(byte* s_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -6875,7 +7043,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6902,7 +7075,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6929,7 +7107,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6956,7 +7139,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -7001,8 +7189,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -7019,8 +7212,13 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -7037,8 +7235,13 @@ void sc_reduce(byte* s_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -7055,7 +7258,12 @@ void sc_reduce(byte* s_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, r1\n\t" "and r11, r11, r1\n\t" @@ -7492,8 +7700,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -7510,7 +7723,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov %[a], #0\n\t" "umlal %[b], %[a], r10, lr\n\t" @@ -7534,8 +7752,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -7552,7 +7775,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "adds r4, r4, %[a]\n\t" "mov %[a], #0\n\t" @@ -7588,7 +7816,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -7651,7 +7884,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7708,7 +7946,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7765,7 +8008,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7849,8 +8097,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[b], #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[b], %[b], #0x4b000000\n\t" + "orr %[b], %[b], #0x9e0000\n\t" +#else "movt %[b], #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov %[c], #0xcb\n\t" "lsl %[c], %[c], #8\n\t" @@ -7867,8 +8120,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[c], #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[c], %[c], #0xcb000000\n\t" + "orr %[c], %[c], #0x20000\n\t" +#else "movt %[c], #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -7885,8 +8143,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -7903,8 +8166,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -7975,7 +8243,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8011,7 +8284,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8047,7 +8325,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8083,7 +8366,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8137,8 +8425,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -8155,8 +8448,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -8173,8 +8471,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -8191,7 +8494,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, %[a]\n\t" "and r11, r11, %[a]\n\t" @@ -8406,8 +8714,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -8424,7 +8737,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov %[a], #0\n\t" "umlal %[b], %[a], r10, lr\n\t" @@ -8445,8 +8763,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -8463,7 +8786,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "umaal r4, %[a], r10, lr\n\t" "umaal r5, %[a], r11, lr\n\t" @@ -8493,7 +8821,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -8535,7 +8868,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8571,7 +8909,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8607,7 +8950,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8670,8 +9018,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[b], #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[b], %[b], #0x4b000000\n\t" + "orr %[b], %[b], #0x9e0000\n\t" +#else "movt %[b], #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov %[c], #0xcb\n\t" "lsl %[c], %[c], #8\n\t" @@ -8688,8 +9041,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[c], #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[c], %[c], #0xcb000000\n\t" + "orr %[c], %[c], #0x20000\n\t" +#else "movt %[c], #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -8706,8 +9064,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -8724,8 +9087,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -8796,7 +9164,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8823,7 +9196,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8850,7 +9228,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8877,7 +9260,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8922,8 +9310,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -8940,8 +9333,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -8958,8 +9356,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -8976,7 +9379,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, %[a]\n\t" "and r11, r11, %[a]\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S new file mode 100644 index 000000000..e24888a27 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S @@ -0,0 +1,9442 @@ +/* armv8-32-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#ifndef WOLFSSL_ARMASM_INLINE +#ifdef WOLFSSL_WC_KYBER + .text + .type L_kyber_arm32_ntt_zetas, %object + .size L_kyber_arm32_ntt_zetas, 256 + .align 4 +L_kyber_arm32_ntt_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_arm32_ntt + .type kyber_arm32_ntt, %function +kyber_arm32_ntt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #8 + adr r1, L_kyber_arm32_ntt_zetas +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r2, #16 +L_kyber_arm32_ntt_loop_123: + str r2, [sp] + ldrh r11, [r1, #2] + ldr r2, [r0] + ldr r3, [r0, #64] + ldr r4, [r0, #128] + ldr r5, [r0, #192] + ldr r6, [r0, #256] + ldr r7, [r0, #320] + ldr r8, [r0, #384] + ldr r9, [r0, #448] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb lr, r10, lr, r6 + pkhtb r12, lr, r12, ASR #16 + ssub16 r6, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r6, r6, #16 + mul r12, lr, r12 + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r6 + sub r6, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, lr, lsl #16 + ror r6, r6, #16 +#else + bfi r6, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r5, r12 + sadd16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r5, lr + add r5, r5, lr + sub lr, r5, r12, lsr #16 + add r12, r5, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #8] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb lr, r10, lr, r3 + pkhtb r12, lr, r12, ASR #16 + ssub16 r3, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r3, r3, #16 + mul r12, lr, r12 + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r3 + sub r3, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, lr, lsl #16 + ror r3, r3, #16 +#else + bfi r3, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r5 + smultt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r8, r12 + sadd16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r8, lr + add r8, r8, lr + sub lr, r8, r12, lsr #16 + add r12, r8, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #64] + str r4, [r0, #128] + str r5, [r0, #192] + str r6, [r0, #256] + str r7, [r0, #320] + str r8, [r0, #384] + str r9, [r0, #448] + ldr r2, [sp] + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_ntt_loop_123 + sub r0, r0, #0x40 + mov r3, #0 +L_kyber_arm32_ntt_loop_4_j: + str r3, [sp, #4] + add r11, r1, r3, lsr #4 + mov r2, #4 + ldr r11, [r11, #16] +L_kyber_arm32_ntt_loop_4_i: + str r2, [sp] + ldr r2, [r0] + ldr r3, [r0, #16] + ldr r4, [r0, #32] + ldr r5, [r0, #48] + ldr r6, [r0, #64] + ldr r7, [r0, #80] + ldr r8, [r0, #96] + ldr r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #16] + str r4, [r0, #32] + str r5, [r0, #48] + str r6, [r0, #64] + str r7, [r0, #80] + str r8, [r0, #96] + str r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_ntt_loop_4_i + add r3, r3, #0x40 + rsbs r12, r3, #0x100 + add r0, r0, #0x70 + bne L_kyber_arm32_ntt_loop_4_j + sub r0, r0, #0x200 + mov r3, #0 +L_kyber_arm32_ntt_loop_567: + add r11, r1, r3, lsr #3 + str r3, [sp, #4] + ldrh r11, [r11, #32] + ldr r2, [r0] + ldr r3, [r0, #4] + ldr r4, [r0, #8] + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ldr r9, [r0, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb lr, r10, lr, r6 + pkhtb r12, lr, r12, ASR #16 + ssub16 r6, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r6, r6, #16 + mul r12, lr, r12 + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r6 + sub r6, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, lr, lsl #16 + ror r6, r6, #16 +#else + bfi r6, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r5, r12 + sadd16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r5, lr + add r5, r5, lr + sub lr, r5, r12, lsr #16 + add r12, r5, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #2 + ldr r11, [r11, #64] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #128] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb lr, r10, lr, r3 + pkhtb r12, lr, r12, ASR #16 + ssub16 r3, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r3, r3, #16 + mul r12, lr, r12 + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r3 + sub r3, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, lr, lsl #16 + ror r3, r3, #16 +#else + bfi r3, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r5 + smultt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #132] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r8, r12 + sadd16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r8, lr + add r8, r8, lr + sub lr, r8, r12, lsr #16 + add r12, r8, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r6 + smulwt lr, r11, r6 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r6, #16 +#else + sbfx lr, r6, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r6, lr, lsl #16 + sub r6, r6, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff0000 + bic r6, r6, #0xff000000 + orr r6, r6, lr, lsl #16 +#else + bfi r6, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r7 + smulwt lr, r11, r7 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r7, #16 +#else + sbfx lr, r7, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r7, lr, lsl #16 + sub r7, r7, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0000 + bic r7, r7, #0xff000000 + orr r7, r7, lr, lsl #16 +#else + bfi r7, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r8 + smulwt lr, r11, r8 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r8, #16 +#else + sbfx lr, r8, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r8, lr, lsl #16 + sub r8, r8, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff0000 + bic r8, r8, #0xff000000 + orr r8, r8, lr, lsl #16 +#else + bfi r8, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r9 + smulwt lr, r11, r9 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r9, r9, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r9, #16 +#else + sbfx lr, r9, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r9, lr, lsl #16 + sub r9, r9, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff0000 + bic r9, r9, #0xff000000 + orr r9, r9, lr, lsl #16 +#else + bfi r9, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #4] + str r4, [r0, #8] + str r5, [r0, #12] + str r6, [r0, #16] + str r7, [r0, #20] + str r8, [r0, #24] + str r9, [r0, #28] + ldr r3, [sp, #4] + add r3, r3, #16 + rsbs r12, r3, #0x100 + add r0, r0, #32 + bne L_kyber_arm32_ntt_loop_567 + add sp, sp, #8 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_ntt,.-kyber_arm32_ntt + .text + .type L_kyber_arm32_invntt_zetas_inv, %object + .size L_kyber_arm32_invntt_zetas_inv, 256 + .align 4 +L_kyber_arm32_invntt_zetas_inv: + .short 0x6a5 + .short 0x70f + .short 0x5b4 + .short 0x943 + .short 0x922 + .short 0x91d + .short 0x134 + .short 0x6c + .short 0xb23 + .short 0x366 + .short 0x356 + .short 0x5e6 + .short 0x9e7 + .short 0x4fe + .short 0x5fa + .short 0x4a1 + .short 0x67b + .short 0x4a3 + .short 0xc25 + .short 0x36a + .short 0x537 + .short 0x83f + .short 0x88 + .short 0x4bf + .short 0xb81 + .short 0x5b9 + .short 0x505 + .short 0x7d7 + .short 0xa9f + .short 0xaa6 + .short 0x8b8 + .short 0x9d0 + .short 0x4b + .short 0x9c + .short 0xbb8 + .short 0xb5f + .short 0xba4 + .short 0x368 + .short 0xa7d + .short 0x636 + .short 0x8a2 + .short 0x25a + .short 0x736 + .short 0x309 + .short 0x93 + .short 0x87a + .short 0x9f7 + .short 0xf6 + .short 0x68c + .short 0x6db + .short 0x1cc + .short 0x123 + .short 0xeb + .short 0xc50 + .short 0xab6 + .short 0xb5b + .short 0xc98 + .short 0x6f3 + .short 0x99a + .short 0x4e3 + .short 0x9b6 + .short 0xad6 + .short 0xb53 + .short 0x44f + .short 0x4fb + .short 0xa5c + .short 0x429 + .short 0xb41 + .short 0x2d5 + .short 0x5e4 + .short 0x940 + .short 0x18e + .short 0x3b7 + .short 0xf7 + .short 0x58d + .short 0xc96 + .short 0x9c3 + .short 0x10f + .short 0x5a + .short 0x355 + .short 0x744 + .short 0xc83 + .short 0x48a + .short 0x652 + .short 0x29a + .short 0x140 + .short 0x8 + .short 0xafd + .short 0x608 + .short 0x11a + .short 0x72e + .short 0x50d + .short 0x90a + .short 0x228 + .short 0xa75 + .short 0x83a + .short 0x623 + .short 0xcd + .short 0xb66 + .short 0x606 + .short 0xaa1 + .short 0xa25 + .short 0x908 + .short 0x2a9 + .short 0x82 + .short 0x642 + .short 0x74f + .short 0x33d + .short 0xb82 + .short 0xbf9 + .short 0x52d + .short 0xac4 + .short 0x745 + .short 0x5c2 + .short 0x4b2 + .short 0x93f + .short 0xc4b + .short 0x6d8 + .short 0xa93 + .short 0xab + .short 0xc37 + .short 0xbe2 + .short 0x773 + .short 0x72c + .short 0x5ed + .short 0x167 + .short 0x2f6 + .short 0x5a1 + .text + .align 4 + .globl kyber_arm32_invntt + .type kyber_arm32_invntt, %function +kyber_arm32_invntt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #8 + adr r1, L_kyber_arm32_invntt_zetas_inv +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r3, #0 +L_kyber_arm32_invntt_loop_765: + add r11, r1, r3, lsr #1 + str r3, [sp, #4] + ldr r2, [r0] + ldr r3, [r0, #4] + ldr r4, [r0, #8] + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ldr r9, [r0, #28] + ldr r11, [r11] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r3 + sadd16 r2, r2, r3 + smulbt r3, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else + sub lr, r2, r3 + add r10, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r3 + add r2, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r3, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r5 + sadd16 r4, r4, r5 + smultt r5, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r4, r5 + add r10, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r5 + add r4, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r7 + sadd16 r6, r6, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r6, r7 + add r10, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r7 + add r6, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r8, r9 + sadd16 r8, r8, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r8, r9 + add r10, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + sub r12, r8, r9 + add r8, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r10, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #2 + ldr r11, [r11, #128] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #3 + ldr r11, [r11, #192] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r6 + sadd16 r2, r2, r6 + smulbt r6, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else + sub lr, r2, r6 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r6 + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r6, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r7 + sadd16 r3, r3, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r3, r7 + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r7 + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r8 + sadd16 r4, r4, r8 + smulbt r8, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r4, r8 + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r8 + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r5, r9 + sadd16 r5, r5, r9 + smulbt r9, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r5, r9 + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif + sub r12, r5, r9 + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #4] + str r4, [r0, #8] + str r5, [r0, #12] + str r6, [r0, #16] + str r7, [r0, #20] + str r8, [r0, #24] + str r9, [r0, #28] + ldr r3, [sp, #4] + add r3, r3, #16 + rsbs r12, r3, #0x100 + add r0, r0, #32 + bne L_kyber_arm32_invntt_loop_765 + sub r0, r0, #0x200 + mov r3, #0 +L_kyber_arm32_invntt_loop_4_j: + str r3, [sp, #4] + add r11, r1, r3, lsr #4 + mov r2, #4 + ldr r11, [r11, #224] +L_kyber_arm32_invntt_loop_4_i: + str r2, [sp] + ldr r2, [r0] + ldr r3, [r0, #16] + ldr r4, [r0, #32] + ldr r5, [r0, #48] + ldr r6, [r0, #64] + ldr r7, [r0, #80] + ldr r8, [r0, #96] + ldr r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #16] + str r4, [r0, #32] + str r5, [r0, #48] + str r6, [r0, #64] + str r7, [r0, #80] + str r8, [r0, #96] + str r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_invntt_loop_4_i + add r3, r3, #0x40 + rsbs r12, r3, #0x100 + add r0, r0, #0x70 + bne L_kyber_arm32_invntt_loop_4_j + sub r0, r0, #0x200 + mov r2, #16 +L_kyber_arm32_invntt_loop_321: + str r2, [sp] + ldrh r11, [r1, #2] + ldr r2, [r0] + ldr r3, [r0, #64] + ldr r4, [r0, #128] + ldr r5, [r0, #192] + ldr r6, [r0, #256] + ldr r7, [r0, #320] + ldr r8, [r0, #384] + ldr r9, [r0, #448] + ldr r11, [r1, #240] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r3 + sadd16 r2, r2, r3 + smulbt r3, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else + sub lr, r2, r3 + add r10, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r3 + add r2, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r3, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r5 + sadd16 r4, r4, r5 + smultt r5, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r4, r5 + add r10, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r5 + add r4, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #244] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r7 + sadd16 r6, r6, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r6, r7 + add r10, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r7 + add r6, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r8, r9 + sadd16 r8, r8, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r8, r9 + add r10, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + sub r12, r8, r9 + add r8, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r10, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #248] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #252] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r6 + sadd16 r2, r2, r6 + smulbt r6, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else + sub lr, r2, r6 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r6 + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r6, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r7 + sadd16 r3, r3, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r3, r7 + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r7 + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r8 + sadd16 r4, r4, r8 + smulbt r8, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r4, r8 + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r8 + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r5, r9 + sadd16 r5, r5, r9 + smulbt r9, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r5, r9 + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif + sub r12, r5, r9 + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #254] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r2 + smulbt r2, r11, r2 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r2 + smlabb r2, r10, lr, r2 + pkhtb r2, r2, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r2, r2, #16 +#else + sbfx r2, r2, #16, #16 +#endif + mul r2, lr, r2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r2, #16 + asr lr, lr, #16 +#else + sbfx lr, r2, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r2, r10, lr, r2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r3, r3, #16 +#else + sbfx r3, r3, #16, #16 +#endif + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r4, r4, #16 +#else + sbfx r4, r4, #16, #16 +#endif + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r5, r5, #16 +#else + sbfx r5, r5, #16, #16 +#endif + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r6, r6, #16 +#else + sbfx r6, r6, #16, #16 +#endif + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r7, r7, #16 +#else + sbfx r7, r7, #16, #16 +#endif + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r8, r8, #16 +#else + sbfx r8, r8, #16, #16 +#endif + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r9, r9, #16 +#else + sbfx r9, r9, #16, #16 +#endif + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #64] + str r4, [r0, #128] + str r5, [r0, #192] + str r6, [r0, #256] + str r7, [r0, #320] + str r8, [r0, #384] + str r9, [r0, #448] + ldr r2, [sp] + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_invntt_loop_321 + add sp, sp, #8 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_invntt,.-kyber_arm32_invntt + .text + .type L_kyber_arm32_basemul_mont_zetas, %object + .size L_kyber_arm32_basemul_mont_zetas, 256 + .align 4 +L_kyber_arm32_basemul_mont_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_arm32_basemul_mont + .type kyber_arm32_basemul_mont, %function +kyber_arm32_basemul_mont: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + adr r3, L_kyber_arm32_basemul_mont_zetas + add r3, r3, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xc000000 + orr r12, r12, #0xff0000 +#else + movt r12, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r8, #0 +L_kyber_arm32_basemul_mont_loop: + ldm r1!, {r4, r5} + ldm r2!, {r6, r7} + ldr lr, [r3, r8] + add r8, r8, #2 + push {r8} + cmp r8, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultt r8, r4, r6 + smultt r10, r5, r7 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + rsb r11, lr, #0 + smulbt r8, lr, r8 + smulbt r10, r11, r10 + smlabb r8, r4, r6, r8 + smlabb r10, r5, r7, r10 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + smulbt r9, r4, r6 + smulbt r11, r5, r7 + smlatb r9, r4, r6, r9 + smlatb r11, r5, r7, r11 + smultb r6, r12, r9 + smultb r7, r12, r11 + smlabb r9, r12, r6, r9 + smlabb r11, r12, r7, r11 + pkhtb r4, r9, r8, ASR #16 + pkhtb r5, r11, r10, ASR #16 +#else + asr r8, r4, #16 + asr r10, r5, #16 + asr r9, r6, #16 + asr r11, r7, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r8 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 + rsb r11, lr, #0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, lr, #16 + asr r9, r9, #16 +#else + sbfx r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + asr r8, r8, #16 + asr r10, r10, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r8, r9, r12, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r10, r11, r12, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r9 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif + asr r12, r6, #16 + mul r9, r12, r9 + asr r12, r7, #16 + mul r11, r12, r11 + asr r4, r4, #16 + asr r5, r5, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r9, r4, r12, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r11, r5, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r6, r9, #16 + asr r6, r6, #16 +#else + sbfx r6, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r11, #16 + asr r7, r7, #16 +#else + sbfx r7, r11, #0, #16 +#endif + mul r6, r12, r6 + mul r7, r12, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r4, r6, #16 + asr r4, r4, #16 +#else + sbfx r4, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r5, r7, #16 + asr r5, r5, #16 +#else + sbfx r5, r7, #0, #16 +#endif + mla r9, r12, r4, r9 + mla r11, r12, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + orr r4, r9, r8, lsr #16 + orr r5, r11, r10, lsr #16 +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r4, r5} + pop {r8} + bne L_kyber_arm32_basemul_mont_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_basemul_mont,.-kyber_arm32_basemul_mont + .text + .align 4 + .globl kyber_arm32_basemul_mont_add + .type kyber_arm32_basemul_mont_add, %function +kyber_arm32_basemul_mont_add: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + adr r3, L_kyber_arm32_basemul_mont_zetas + add r3, r3, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xc000000 + orr r12, r12, #0xff0000 +#else + movt r12, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r8, #0 +L_kyber_arm32_basemul_mont_add_loop: + ldm r1!, {r4, r5} + ldm r2!, {r6, r7} + ldr lr, [r3, r8] + add r8, r8, #2 + push {r8} + cmp r8, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultt r8, r4, r6 + smultt r10, r5, r7 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + rsb r11, lr, #0 + smulbt r8, lr, r8 + smulbt r10, r11, r10 + smlabb r8, r4, r6, r8 + smlabb r10, r5, r7, r10 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + smulbt r9, r4, r6 + smulbt r11, r5, r7 + smlatb r9, r4, r6, r9 + smlatb r11, r5, r7, r11 + smultb r6, r12, r9 + smultb r7, r12, r11 + smlabb r9, r12, r6, r9 + smlabb r11, r12, r7, r11 + ldm r0, {r4, r5} + pkhtb r9, r9, r8, ASR #16 + pkhtb r11, r11, r10, ASR #16 + sadd16 r4, r4, r9 + sadd16 r5, r5, r11 +#else + asr r8, r4, #16 + asr r10, r5, #16 + asr r9, r6, #16 + asr r11, r7, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r8 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 + rsb r11, lr, #0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, lr, #16 + asr r9, r9, #16 +#else + sbfx r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + asr r8, r8, #16 + asr r10, r10, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r8, r9, r12, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r10, r11, r12, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r9 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif + asr r12, r6, #16 + mul r9, r12, r9 + asr r12, r7, #16 + mul r11, r12, r11 + asr r4, r4, #16 + asr r5, r5, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r9, r4, r12, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r11, r5, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r6, r9, #16 + asr r6, r6, #16 +#else + sbfx r6, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r11, #16 + asr r7, r7, #16 +#else + sbfx r7, r11, #0, #16 +#endif + mul r6, r12, r6 + mul r7, r12, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r4, r6, #16 + asr r4, r4, #16 +#else + sbfx r4, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r5, r7, #16 + asr r5, r5, #16 +#else + sbfx r5, r7, #0, #16 +#endif + mla r9, r12, r4, r9 + mla r11, r12, r5, r11 + ldm r0, {r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + orr r9, r9, r8, lsr #16 + orr r11, r11, r10, lsr #16 + add r8, r4, r9 + add r10, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + add r4, r4, r9 + add r5, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r8, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r4, r5} + pop {r8} + bne L_kyber_arm32_basemul_mont_add_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_basemul_mont_add,.-kyber_arm32_basemul_mont_add + .text + .align 4 + .globl kyber_arm32_csubq + .type kyber_arm32_csubq, %function +kyber_arm32_csubq: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov lr, #0xd + lsl lr, lr, #8 + add lr, lr, #0x1 +#else + mov lr, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0xd000000 + orr lr, lr, #0x10000 +#else + movt lr, #0xd01 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x80 + lsl r11, r11, #8 + add r11, r11, #0x0 +#else + mov r11, #0x8000 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x80000000 +#else + movt r11, #0x8000 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r1, #0x1 + lsl r1, r1, #8 + add r1, r1, #0x0 +#else + mov r1, #0x100 +#endif +L_kyber_arm32_csubq_loop: + ldm r0, {r2, r3, r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r2, r2, lr + ssub16 r3, r3, lr + ssub16 r4, r4, lr + ssub16 r5, r5, lr + and r6, r2, r11 + and r7, r3, r11 + and r8, r4, r11 + and r9, r5, r11 + lsr r6, r6, #15 + lsr r7, r7, #15 + lsr r8, r8, #15 + lsr r9, r9, #15 + mul r6, r12, r6 + mul r7, r12, r7 + mul r8, r12, r8 + mul r9, r12, r9 + sadd16 r2, r2, r6 + sadd16 r3, r3, r7 + sadd16 r4, r4, r8 + sadd16 r5, r5, r9 +#else + sub r6, r2, lr + sub r2, r2, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r6, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r6, #0, #16 +#endif + sub r7, r3, lr + sub r3, r3, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r7, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r7, #0, #16 +#endif + sub r8, r4, lr + sub r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r8, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r8, #0, #16 +#endif + sub r9, r5, lr + sub r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r9, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r9, #0, #16 +#endif + and r6, r2, r11 + and r7, r3, r11 + and r8, r4, r11 + and r9, r5, r11 + lsr r6, r6, #15 + lsr r7, r7, #15 + lsr r8, r8, #15 + lsr r9, r9, #15 + mul r6, r12, r6 + mul r7, r12, r7 + mul r8, r12, r8 + mul r9, r12, r9 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r2, r3, r4, r5} + subs r1, r1, #8 + bne L_kyber_arm32_csubq_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_csubq,.-kyber_arm32_csubq + .text + .align 4 + .globl kyber_arm32_rej_uniform + .type kyber_arm32_rej_uniform, %function +kyber_arm32_rej_uniform: + push {r4, r5, r6, r7, r8, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r8, #0xd + lsl r8, r8, #8 + add r8, r8, #0x1 +#else + mov r8, #0xd01 +#endif + mov r12, #0 +L_kyber_arm32_rej_uniform_loop_no_fail: + cmp r1, #8 + blt L_kyber_arm32_rej_uniform_done_no_fail + ldm r2!, {r4, r5, r6} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #20 + lsr r7, r7, #20 +#else + ubfx r7, r4, #0, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #8 + lsr r7, r7, #20 +#else + ubfx r7, r4, #12, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r4, #24 +#else + ubfx r7, r4, #24, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xf00 + ror r7, r7, #12 + orr r7, r7, r5, lsl #28 + ror r7, r7, #20 +#else + bfi r7, r5, #8, #4 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #16 + lsr r7, r7, #20 +#else + ubfx r7, r5, #4, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #4 + lsr r7, r7, #20 +#else + ubfx r7, r5, #16, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r5, #28 +#else + ubfx r7, r5, #28, #4 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0 + ror r7, r7, #12 + orr r7, r7, r6, lsl #24 + ror r7, r7, #20 +#else + bfi r7, r6, #4, #8 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r6, #12 + lsr r7, r7, #20 +#else + ubfx r7, r6, #8, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r6, #20 +#else + ubfx r7, r6, #20, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 + subs r3, r3, #12 + bne L_kyber_arm32_rej_uniform_loop_no_fail + b L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_done_no_fail: + cmp r1, #0 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_loop: + ldm r2!, {r4, r5, r6} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #20 + lsr r7, r7, #20 +#else + ubfx r7, r4, #0, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_0 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_0: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #8 + lsr r7, r7, #20 +#else + ubfx r7, r4, #12, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_1 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_1: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r4, #24 +#else + ubfx r7, r4, #24, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xf00 + ror r7, r7, #12 + orr r7, r7, r5, lsl #28 + ror r7, r7, #20 +#else + bfi r7, r5, #8, #4 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_2 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_2: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #16 + lsr r7, r7, #20 +#else + ubfx r7, r5, #4, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_3 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_3: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #4 + lsr r7, r7, #20 +#else + ubfx r7, r5, #16, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_4 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_4: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r5, #28 +#else + ubfx r7, r5, #28, #4 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0 + ror r7, r7, #12 + orr r7, r7, r6, lsl #24 + ror r7, r7, #20 +#else + bfi r7, r6, #4, #8 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_5 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_5: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r6, #12 + lsr r7, r7, #20 +#else + ubfx r7, r6, #8, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_6 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_6: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r6, #20 +#else + ubfx r7, r6, #20, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_7 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_7: + subs r3, r3, #12 + bgt L_kyber_arm32_rej_uniform_loop +L_kyber_arm32_rej_uniform_done: + lsr r0, r12, #1 + pop {r4, r5, r6, r7, r8, pc} + .size kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c new file mode 100644 index 000000000..df4285015 --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -0,0 +1,9239 @@ +/* armv8-32-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#include +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#include + +#ifdef WOLFSSL_WC_KYBER +static const uint16_t L_kyber_arm32_ntt_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, + 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, + 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, + 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, + 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, + 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, + 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, + 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, + 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, + 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, + 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, + 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, + 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, + 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, + 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, + 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, + 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +void kyber_arm32_ntt(sword16* r_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register uint16_t* L_kyber_arm32_ntt_zetas_c asm ("r1") = + (uint16_t*)&L_kyber_arm32_ntt_zetas; + + __asm__ __volatile__ ( + "sub sp, sp, #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r2, #16\n\t" + "\n" + "L_kyber_arm32_ntt_loop_123_%=: \n\t" + "str r2, [sp]\n\t" + "ldrh r11, [r1, #2]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #64]\n\t" + "ldr r4, [%[r], #128]\n\t" + "ldr r5, [%[r], #192]\n\t" + "ldr r6, [%[r], #256]\n\t" + "ldr r7, [%[r], #320]\n\t" + "ldr r8, [%[r], #384]\n\t" + "ldr r9, [%[r], #448]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb lr, r10, lr, r6\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r6, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r6, r6, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r6\n\t" + "sub r6, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, lr, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r5, r12\n\t" + "sadd16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r5, lr\n\t" + "add r5, r5, lr\n\t" + "sub lr, r5, r12, lsr #16\n\t" + "add r12, r5, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #4]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #8]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb lr, r10, lr, r3\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r3, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r3, r3, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r3\n\t" + "sub r3, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, lr, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r5\n\t" + "smultt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r8, r12\n\t" + "sadd16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r8, lr\n\t" + "add r8, r8, lr\n\t" + "sub lr, r8, r12, lsr #16\n\t" + "add r12, r8, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #64]\n\t" + "str r4, [%[r], #128]\n\t" + "str r5, [%[r], #192]\n\t" + "str r6, [%[r], #256]\n\t" + "str r7, [%[r], #320]\n\t" + "str r8, [%[r], #384]\n\t" + "str r9, [%[r], #448]\n\t" + "ldr r2, [sp]\n\t" + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_ntt_loop_123_%=\n\t" + "sub %[r], %[r], #0x40\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_ntt_loop_4_j_%=: \n\t" + "str r3, [sp, #4]\n\t" + "add r11, r1, r3, lsr #4\n\t" + "mov r2, #4\n\t" + "ldr r11, [r11, #16]\n\t" + "\n" + "L_kyber_arm32_ntt_loop_4_i_%=: \n\t" + "str r2, [sp]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #16]\n\t" + "ldr r4, [%[r], #32]\n\t" + "ldr r5, [%[r], #48]\n\t" + "ldr r6, [%[r], #64]\n\t" + "ldr r7, [%[r], #80]\n\t" + "ldr r8, [%[r], #96]\n\t" + "ldr r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #16]\n\t" + "str r4, [%[r], #32]\n\t" + "str r5, [%[r], #48]\n\t" + "str r6, [%[r], #64]\n\t" + "str r7, [%[r], #80]\n\t" + "str r8, [%[r], #96]\n\t" + "str r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_ntt_loop_4_i_%=\n\t" + "add r3, r3, #0x40\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #0x70\n\t" + "bne L_kyber_arm32_ntt_loop_4_j_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_ntt_loop_567_%=: \n\t" + "add r11, r1, r3, lsr #3\n\t" + "str r3, [sp, #4]\n\t" + "ldrh r11, [r11, #32]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #4]\n\t" + "ldr r4, [%[r], #8]\n\t" + "ldr r5, [%[r], #12]\n\t" + "ldr r6, [%[r], #16]\n\t" + "ldr r7, [%[r], #20]\n\t" + "ldr r8, [%[r], #24]\n\t" + "ldr r9, [%[r], #28]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb lr, r10, lr, r6\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r6, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r6, r6, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r6\n\t" + "sub r6, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, lr, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r5, r12\n\t" + "sadd16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r5, lr\n\t" + "add r5, r5, lr\n\t" + "sub lr, r5, r12, lsr #16\n\t" + "add r12, r5, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #2\n\t" + "ldr r11, [r11, #64]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #128]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb lr, r10, lr, r3\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r3, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r3, r3, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r3\n\t" + "sub r3, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, lr, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r5\n\t" + "smultt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #132]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r8, r12\n\t" + "sadd16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r8, lr\n\t" + "add r8, r8, lr\n\t" + "sub lr, r8, r12, lsr #16\n\t" + "add r12, r8, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r6\n\t" + "smulwt lr, r11, r6\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r6, #16\n\t" +#else + "sbfx lr, r6, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r6, lr, lsl #16\n\t" + "sub r6, r6, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff0000\n\t" + "bic r6, r6, #0xff000000\n\t" + "orr r6, r6, lr, lsl #16\n\t" +#else + "bfi r6, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r7\n\t" + "smulwt lr, r11, r7\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r7, #16\n\t" +#else + "sbfx lr, r7, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r7, lr, lsl #16\n\t" + "sub r7, r7, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0000\n\t" + "bic r7, r7, #0xff000000\n\t" + "orr r7, r7, lr, lsl #16\n\t" +#else + "bfi r7, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r8\n\t" + "smulwt lr, r11, r8\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r8, #16\n\t" +#else + "sbfx lr, r8, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r8, lr, lsl #16\n\t" + "sub r8, r8, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff0000\n\t" + "bic r8, r8, #0xff000000\n\t" + "orr r8, r8, lr, lsl #16\n\t" +#else + "bfi r8, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r9\n\t" + "smulwt lr, r11, r9\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r9, r9, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r9, #16\n\t" +#else + "sbfx lr, r9, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r9, lr, lsl #16\n\t" + "sub r9, r9, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff0000\n\t" + "bic r9, r9, #0xff000000\n\t" + "orr r9, r9, lr, lsl #16\n\t" +#else + "bfi r9, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #4]\n\t" + "str r4, [%[r], #8]\n\t" + "str r5, [%[r], #12]\n\t" + "str r6, [%[r], #16]\n\t" + "str r7, [%[r], #20]\n\t" + "str r8, [%[r], #24]\n\t" + "str r9, [%[r], #28]\n\t" + "ldr r3, [sp, #4]\n\t" + "add r3, r3, #16\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #32\n\t" + "bne L_kyber_arm32_ntt_loop_567_%=\n\t" + "add sp, sp, #8\n\t" + : [r] "+r" (r), + [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +static const uint16_t L_kyber_arm32_invntt_zetas_inv[] = { + 0x06a5, 0x070f, 0x05b4, 0x0943, + 0x0922, 0x091d, 0x0134, 0x006c, + 0x0b23, 0x0366, 0x0356, 0x05e6, + 0x09e7, 0x04fe, 0x05fa, 0x04a1, + 0x067b, 0x04a3, 0x0c25, 0x036a, + 0x0537, 0x083f, 0x0088, 0x04bf, + 0x0b81, 0x05b9, 0x0505, 0x07d7, + 0x0a9f, 0x0aa6, 0x08b8, 0x09d0, + 0x004b, 0x009c, 0x0bb8, 0x0b5f, + 0x0ba4, 0x0368, 0x0a7d, 0x0636, + 0x08a2, 0x025a, 0x0736, 0x0309, + 0x0093, 0x087a, 0x09f7, 0x00f6, + 0x068c, 0x06db, 0x01cc, 0x0123, + 0x00eb, 0x0c50, 0x0ab6, 0x0b5b, + 0x0c98, 0x06f3, 0x099a, 0x04e3, + 0x09b6, 0x0ad6, 0x0b53, 0x044f, + 0x04fb, 0x0a5c, 0x0429, 0x0b41, + 0x02d5, 0x05e4, 0x0940, 0x018e, + 0x03b7, 0x00f7, 0x058d, 0x0c96, + 0x09c3, 0x010f, 0x005a, 0x0355, + 0x0744, 0x0c83, 0x048a, 0x0652, + 0x029a, 0x0140, 0x0008, 0x0afd, + 0x0608, 0x011a, 0x072e, 0x050d, + 0x090a, 0x0228, 0x0a75, 0x083a, + 0x0623, 0x00cd, 0x0b66, 0x0606, + 0x0aa1, 0x0a25, 0x0908, 0x02a9, + 0x0082, 0x0642, 0x074f, 0x033d, + 0x0b82, 0x0bf9, 0x052d, 0x0ac4, + 0x0745, 0x05c2, 0x04b2, 0x093f, + 0x0c4b, 0x06d8, 0x0a93, 0x00ab, + 0x0c37, 0x0be2, 0x0773, 0x072c, + 0x05ed, 0x0167, 0x02f6, 0x05a1, +}; + +void kyber_arm32_invntt(sword16* r_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register uint16_t* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") = + (uint16_t*)&L_kyber_arm32_invntt_zetas_inv; + + __asm__ __volatile__ ( + "sub sp, sp, #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_invntt_loop_765_%=: \n\t" + "add r11, r1, r3, lsr #1\n\t" + "str r3, [sp, #4]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #4]\n\t" + "ldr r4, [%[r], #8]\n\t" + "ldr r5, [%[r], #12]\n\t" + "ldr r6, [%[r], #16]\n\t" + "ldr r7, [%[r], #20]\n\t" + "ldr r8, [%[r], #24]\n\t" + "ldr r9, [%[r], #28]\n\t" + "ldr r11, [r11]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r3\n\t" + "sadd16 r2, r2, r3\n\t" + "smulbt r3, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else + "sub lr, r2, r3\n\t" + "add r10, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r3\n\t" + "add r2, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r3, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r5\n\t" + "sadd16 r4, r4, r5\n\t" + "smultt r5, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r4, r5\n\t" + "add r10, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r5\n\t" + "add r4, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #4]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r7\n\t" + "sadd16 r6, r6, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r6, r7\n\t" + "add r10, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r7\n\t" + "add r6, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r8, r9\n\t" + "sadd16 r8, r8, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r8, r9\n\t" + "add r10, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "sub r12, r8, r9\n\t" + "add r8, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r10, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #2\n\t" + "ldr r11, [r11, #128]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #3\n\t" + "ldr r11, [r11, #192]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r6\n\t" + "sadd16 r2, r2, r6\n\t" + "smulbt r6, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else + "sub lr, r2, r6\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r6\n\t" + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r6, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r7\n\t" + "sadd16 r3, r3, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r3, r7\n\t" + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r7\n\t" + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r8\n\t" + "sadd16 r4, r4, r8\n\t" + "smulbt r8, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r4, r8\n\t" + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r8\n\t" + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r5, r9\n\t" + "sadd16 r5, r5, r9\n\t" + "smulbt r9, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r5, r9\n\t" + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif + "sub r12, r5, r9\n\t" + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #4]\n\t" + "str r4, [%[r], #8]\n\t" + "str r5, [%[r], #12]\n\t" + "str r6, [%[r], #16]\n\t" + "str r7, [%[r], #20]\n\t" + "str r8, [%[r], #24]\n\t" + "str r9, [%[r], #28]\n\t" + "ldr r3, [sp, #4]\n\t" + "add r3, r3, #16\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #32\n\t" + "bne L_kyber_arm32_invntt_loop_765_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_invntt_loop_4_j_%=: \n\t" + "str r3, [sp, #4]\n\t" + "add r11, r1, r3, lsr #4\n\t" + "mov r2, #4\n\t" + "ldr r11, [r11, #224]\n\t" + "\n" + "L_kyber_arm32_invntt_loop_4_i_%=: \n\t" + "str r2, [sp]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #16]\n\t" + "ldr r4, [%[r], #32]\n\t" + "ldr r5, [%[r], #48]\n\t" + "ldr r6, [%[r], #64]\n\t" + "ldr r7, [%[r], #80]\n\t" + "ldr r8, [%[r], #96]\n\t" + "ldr r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #16]\n\t" + "str r4, [%[r], #32]\n\t" + "str r5, [%[r], #48]\n\t" + "str r6, [%[r], #64]\n\t" + "str r7, [%[r], #80]\n\t" + "str r8, [%[r], #96]\n\t" + "str r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_invntt_loop_4_i_%=\n\t" + "add r3, r3, #0x40\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #0x70\n\t" + "bne L_kyber_arm32_invntt_loop_4_j_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r2, #16\n\t" + "\n" + "L_kyber_arm32_invntt_loop_321_%=: \n\t" + "str r2, [sp]\n\t" + "ldrh r11, [r1, #2]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #64]\n\t" + "ldr r4, [%[r], #128]\n\t" + "ldr r5, [%[r], #192]\n\t" + "ldr r6, [%[r], #256]\n\t" + "ldr r7, [%[r], #320]\n\t" + "ldr r8, [%[r], #384]\n\t" + "ldr r9, [%[r], #448]\n\t" + "ldr r11, [r1, #240]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r3\n\t" + "sadd16 r2, r2, r3\n\t" + "smulbt r3, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else + "sub lr, r2, r3\n\t" + "add r10, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r3\n\t" + "add r2, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r3, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r5\n\t" + "sadd16 r4, r4, r5\n\t" + "smultt r5, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r4, r5\n\t" + "add r10, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r5\n\t" + "add r4, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #244]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r7\n\t" + "sadd16 r6, r6, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r6, r7\n\t" + "add r10, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r7\n\t" + "add r6, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r8, r9\n\t" + "sadd16 r8, r8, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r8, r9\n\t" + "add r10, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "sub r12, r8, r9\n\t" + "add r8, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r10, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #248]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #252]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r6\n\t" + "sadd16 r2, r2, r6\n\t" + "smulbt r6, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else + "sub lr, r2, r6\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r6\n\t" + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r6, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r7\n\t" + "sadd16 r3, r3, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r3, r7\n\t" + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r7\n\t" + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r8\n\t" + "sadd16 r4, r4, r8\n\t" + "smulbt r8, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r4, r8\n\t" + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r8\n\t" + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r5, r9\n\t" + "sadd16 r5, r5, r9\n\t" + "smulbt r9, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r5, r9\n\t" + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif + "sub r12, r5, r9\n\t" + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #254]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r2\n\t" + "smulbt r2, r11, r2\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r2\n\t" + "smlabb r2, r10, lr, r2\n\t" + "pkhtb r2, r2, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r2, r2, #16\n\t" +#else + "sbfx r2, r2, #16, #16\n\t" +#endif + "mul r2, lr, r2\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r2, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r2, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r2, r10, lr, r2\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r3, r3, #16\n\t" +#else + "sbfx r3, r3, #16, #16\n\t" +#endif + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r4, #16, #16\n\t" +#endif + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r5, #16, #16\n\t" +#endif + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r6, #16, #16\n\t" +#endif + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r7, #16, #16\n\t" +#endif + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r8, r8, #16\n\t" +#else + "sbfx r8, r8, #16, #16\n\t" +#endif + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #16, #16\n\t" +#endif + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #64]\n\t" + "str r4, [%[r], #128]\n\t" + "str r5, [%[r], #192]\n\t" + "str r6, [%[r], #256]\n\t" + "str r7, [%[r], #320]\n\t" + "str r8, [%[r], #384]\n\t" + "str r9, [%[r], #448]\n\t" + "ldr r2, [sp]\n\t" + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_invntt_loop_321_%=\n\t" + "add sp, sp, #8\n\t" + : [r] "+r" (r), + [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +static const uint16_t L_kyber_arm32_basemul_mont_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, + 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, + 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, + 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, + 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, + 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, + 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, + 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, + 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, + 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, + 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, + 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, + 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, + 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, + 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, + 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, + 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p, + const sword16* b_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register const sword16* a asm ("r1") = (const sword16*)a_p; + register const sword16* b asm ("r2") = (const sword16*)b_p; + register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( + "add r3, r3, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xc000000\n\t" + "orr r12, r12, #0xff0000\n\t" +#else + "movt r12, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r8, #0\n\t" + "\n" + "L_kyber_arm32_basemul_mont_loop_%=: \n\t" + "ldm %[a]!, {r4, r5}\n\t" + "ldm %[b]!, {r6, r7}\n\t" + "ldr lr, [r3, r8]\n\t" + "add r8, r8, #2\n\t" + "push {r8}\n\t" + "cmp r8, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultt r8, r4, r6\n\t" + "smultt r10, r5, r7\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" + "smulbt r8, lr, r8\n\t" + "smulbt r10, r11, r10\n\t" + "smlabb r8, r4, r6, r8\n\t" + "smlabb r10, r5, r7, r10\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "smulbt r9, r4, r6\n\t" + "smulbt r11, r5, r7\n\t" + "smlatb r9, r4, r6, r9\n\t" + "smlatb r11, r5, r7, r11\n\t" + "smultb r6, r12, r9\n\t" + "smultb r7, r12, r11\n\t" + "smlabb r9, r12, r6, r9\n\t" + "smlabb r11, r12, r7, r11\n\t" + "pkhtb r4, r9, r8, ASR #16\n\t" + "pkhtb r5, r11, r10, ASR #16\n\t" +#else + "asr r8, r4, #16\n\t" + "asr r10, r5, #16\n\t" + "asr r9, r6, #16\n\t" + "asr r11, r7, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r8\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, lr, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "asr r10, r10, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r8, r9, r12, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r10, r11, r12, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r9\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif + "asr r12, r6, #16\n\t" + "mul r9, r12, r9\n\t" + "asr r12, r7, #16\n\t" + "mul r11, r12, r11\n\t" + "asr r4, r4, #16\n\t" + "asr r5, r5, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r9, r4, r12, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r11, r5, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r6, r9, #16\n\t" + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r11, #16\n\t" + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r11, #0, #16\n\t" +#endif + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r4, r6, #16\n\t" + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r5, r7, #16\n\t" + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r7, #0, #16\n\t" +#endif + "mla r9, r12, r4, r9\n\t" + "mla r11, r12, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "orr r4, r9, r8, lsr #16\n\t" + "orr r5, r11, r10, lsr #16\n\t" +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[r]!, {r4, r5}\n\t" + "pop {r8}\n\t" + "bne L_kyber_arm32_basemul_mont_loop_%=\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" + ); +} + +void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p, + const sword16* b_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register const sword16* a asm ("r1") = (const sword16*)a_p; + register const sword16* b asm ("r2") = (const sword16*)b_p; + register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( + "add r3, r3, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xc000000\n\t" + "orr r12, r12, #0xff0000\n\t" +#else + "movt r12, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r8, #0\n\t" + "\n" + "L_kyber_arm32_basemul_mont_add_loop_%=: \n\t" + "ldm %[a]!, {r4, r5}\n\t" + "ldm %[b]!, {r6, r7}\n\t" + "ldr lr, [r3, r8]\n\t" + "add r8, r8, #2\n\t" + "push {r8}\n\t" + "cmp r8, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultt r8, r4, r6\n\t" + "smultt r10, r5, r7\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" + "smulbt r8, lr, r8\n\t" + "smulbt r10, r11, r10\n\t" + "smlabb r8, r4, r6, r8\n\t" + "smlabb r10, r5, r7, r10\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "smulbt r9, r4, r6\n\t" + "smulbt r11, r5, r7\n\t" + "smlatb r9, r4, r6, r9\n\t" + "smlatb r11, r5, r7, r11\n\t" + "smultb r6, r12, r9\n\t" + "smultb r7, r12, r11\n\t" + "smlabb r9, r12, r6, r9\n\t" + "smlabb r11, r12, r7, r11\n\t" + "ldm %[r], {r4, r5}\n\t" + "pkhtb r9, r9, r8, ASR #16\n\t" + "pkhtb r11, r11, r10, ASR #16\n\t" + "sadd16 r4, r4, r9\n\t" + "sadd16 r5, r5, r11\n\t" +#else + "asr r8, r4, #16\n\t" + "asr r10, r5, #16\n\t" + "asr r9, r6, #16\n\t" + "asr r11, r7, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r8\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, lr, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "asr r10, r10, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r8, r9, r12, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r10, r11, r12, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r9\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif + "asr r12, r6, #16\n\t" + "mul r9, r12, r9\n\t" + "asr r12, r7, #16\n\t" + "mul r11, r12, r11\n\t" + "asr r4, r4, #16\n\t" + "asr r5, r5, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r9, r4, r12, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r11, r5, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r6, r9, #16\n\t" + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r11, #16\n\t" + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r11, #0, #16\n\t" +#endif + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r4, r6, #16\n\t" + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r5, r7, #16\n\t" + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r7, #0, #16\n\t" +#endif + "mla r9, r12, r4, r9\n\t" + "mla r11, r12, r5, r11\n\t" + "ldm %[r], {r4, r5}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "orr r9, r9, r8, lsr #16\n\t" + "orr r11, r11, r10, lsr #16\n\t" + "add r8, r4, r9\n\t" + "add r10, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "add r4, r4, r9\n\t" + "add r5, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r8, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[r]!, {r4, r5}\n\t" + "pop {r8}\n\t" + "bne L_kyber_arm32_basemul_mont_add_loop_%=\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" + ); +} + +void kyber_arm32_csubq(sword16* p_p) +{ + register sword16* p asm ("r0") = (sword16*)p_p; + register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") = + (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov lr, #0xd\n\t" + "lsl lr, lr, #8\n\t" + "add lr, lr, #0x1\n\t" +#else + "mov lr, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0xd000000\n\t" + "orr lr, lr, #0x10000\n\t" +#else + "movt lr, #0xd01\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x80\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0x0\n\t" +#else + "mov r11, #0x8000\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x80000000\n\t" +#else + "movt r11, #0x8000\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r1, #0x1\n\t" + "lsl r1, r1, #8\n\t" + "add r1, r1, #0x0\n\t" +#else + "mov r1, #0x100\n\t" +#endif + "\n" + "L_kyber_arm32_csubq_loop_%=: \n\t" + "ldm %[p], {r2, r3, r4, r5}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r2, r2, lr\n\t" + "ssub16 r3, r3, lr\n\t" + "ssub16 r4, r4, lr\n\t" + "ssub16 r5, r5, lr\n\t" + "and r6, r2, r11\n\t" + "and r7, r3, r11\n\t" + "and r8, r4, r11\n\t" + "and r9, r5, r11\n\t" + "lsr r6, r6, #15\n\t" + "lsr r7, r7, #15\n\t" + "lsr r8, r8, #15\n\t" + "lsr r9, r9, #15\n\t" + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" + "mul r8, r12, r8\n\t" + "mul r9, r12, r9\n\t" + "sadd16 r2, r2, r6\n\t" + "sadd16 r3, r3, r7\n\t" + "sadd16 r4, r4, r8\n\t" + "sadd16 r5, r5, r9\n\t" +#else + "sub r6, r2, lr\n\t" + "sub r2, r2, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r6, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r6, #0, #16\n\t" +#endif + "sub r7, r3, lr\n\t" + "sub r3, r3, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r7, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r7, #0, #16\n\t" +#endif + "sub r8, r4, lr\n\t" + "sub r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r8, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r8, #0, #16\n\t" +#endif + "sub r9, r5, lr\n\t" + "sub r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r9, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r9, #0, #16\n\t" +#endif + "and r6, r2, r11\n\t" + "and r7, r3, r11\n\t" + "and r8, r4, r11\n\t" + "and r9, r5, r11\n\t" + "lsr r6, r6, #15\n\t" + "lsr r7, r7, #15\n\t" + "lsr r8, r8, #15\n\t" + "lsr r9, r9, #15\n\t" + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" + "mul r8, r12, r8\n\t" + "mul r9, r12, r9\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[p]!, {r2, r3, r4, r5}\n\t" + "subs r1, r1, #8\n\t" + "bne L_kyber_arm32_csubq_loop_%=\n\t" + : [p] "+r" (p), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, + const byte* r_p, unsigned int rLen_p) +{ + register sword16* p asm ("r0") = (sword16*)p_p; + register unsigned int len asm ("r1") = (unsigned int)len_p; + register const byte* r asm ("r2") = (const byte*)r_p; + register unsigned int rLen asm ("r3") = (unsigned int)rLen_p; + register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") = + (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r8, #0xd\n\t" + "lsl r8, r8, #8\n\t" + "add r8, r8, #0x1\n\t" +#else + "mov r8, #0xd01\n\t" +#endif + "mov r12, #0\n\t" + "\n" + "L_kyber_arm32_rej_uniform_loop_no_fail_%=: \n\t" + "cmp %[len], #8\n\t" + "blt L_kyber_arm32_rej_uniform_done_no_fail_%=\n\t" + "ldm %[r]!, {r4, r5, r6}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #20\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #0, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #8\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #12, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r4, #24\n\t" +#else + "ubfx r7, r4, #24, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xf00\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r5, lsl #28\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r5, #8, #4\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #16\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #4, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #4\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #16, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r5, #28\n\t" +#else + "ubfx r7, r5, #28, #4\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r6, lsl #24\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r6, #4, #8\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r6, #12\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r6, #8, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r6, #20\n\t" +#else + "ubfx r7, r6, #20, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" + "subs %[rLen], %[rLen], #12\n\t" + "bne L_kyber_arm32_rej_uniform_loop_no_fail_%=\n\t" + "b L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_done_no_fail_%=: \n\t" + "cmp %[len], #0\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_loop_%=: \n\t" + "ldm %[r]!, {r4, r5, r6}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #20\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #0, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_0_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_0_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #8\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #12, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_1_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_1_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r4, #24\n\t" +#else + "ubfx r7, r4, #24, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xf00\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r5, lsl #28\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r5, #8, #4\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_2_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_2_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #16\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #4, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_3_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_3_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #4\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #16, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_4_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_4_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r5, #28\n\t" +#else + "ubfx r7, r5, #28, #4\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r6, lsl #24\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r6, #4, #8\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_5_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_5_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r6, #12\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r6, #8, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_6_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_6_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r6, #20\n\t" +#else + "ubfx r7, r6, #20, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_7_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_7_%=: \n\t" + "subs %[rLen], %[rLen], #12\n\t" + "bgt L_kyber_arm32_rej_uniform_loop_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_done_%=: \n\t" + "lsr r0, r12, #1\n\t" + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" + ); + return (uint32_t)(size_t)p; +} + +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* WOLFSSL_ARMASM */ +#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* WOLFSSL_ARMASM */ + +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index d7225828f..63409c849 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -218,7 +218,7 @@ L_poly1305_arm32_16_loop: # Load length ldr r2, [sp, #20] # Reduce mod 2^130 - 5 - bic r3, r8, #3 + bic r3, r8, #0x3 and r8, r8, #3 adds r4, r4, r3 lsr r3, r3, #2 diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index da604101b..b1985b9a2 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -243,7 +243,7 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, /* Load length */ "ldr %[len], [sp, #20]\n\t" /* Reduce mod 2^130 - 5 */ - "bic %[notLast], r8, #3\n\t" + "bic %[notLast], r8, #0x3\n\t" "and r8, r8, #3\n\t" "adds r4, r4, %[notLast]\n\t" "lsr %[notLast], %[notLast], #2\n\t" diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 8c8c97dd8..ef38d8cd6 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -182,7 +182,7 @@ const sword16 zetas_inv[KYBER_N / 2] = { "SSUB16 " #a ", " #a ", r10\n\t" -#if !(defined(__thumb__) || (defined(__aarch64__)) && defined(WOLFSSL_ARMASM)) +#if !defined(WOLFSSL_ARMASM) /* Number-Theoretic Transform. * * @param [in, out] r Polynomial to transform. @@ -2154,7 +2154,7 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) } #endif -#if !(defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || defined(__thumb__))) +#if !defined(WOLFSSL_ARMASM) /* Rejection sampling on uniform random bytes to generate uniform random * integers mod q. * @@ -3350,7 +3350,7 @@ int kyber_cmp(const byte* a, const byte* b, int sz) /******************************************************************************/ -#if !(defined(__thumb__) || (defined(__aarch64__)) && defined(WOLFSSL_ARMASM)) +#if !defined(WOLFSSL_ARMASM) /* Conditional subtraction of q to each coefficient of a polynomial. * @@ -3371,10 +3371,14 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) #define kyber_csubq_c kyber_csubq_neon -#else +#elif defined(__thumb__) #define kyber_csubq_c kyber_thumb2_csubq +#else + +#define kyber_csubq_c kyber_arm32_csubq + #endif /******************************************************************************/ diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 354fc8b01..71d3fe73b 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -320,12 +320,28 @@ WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r); WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r); WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, - const sword16* b); + const sword16* b); WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, - const sword16* b); + const sword16* b); WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p); WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* r, unsigned int rLen); +#elif defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_arm32_ntt +#define kyber_invntt kyber_arm32_invntt +#define kyber_basemul_mont kyber_arm32_basemul_mont +#define kyber_basemul_mont_add kyber_arm32_basemul_mont_add +#define kyber_rej_uniform_c kyber_arm32_rej_uniform + +WOLFSSL_LOCAL void kyber_arm32_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_arm32_rej_uniform(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); #endif #ifdef __cplusplus From 7ff3b9b79dc75314108e0960fedae3ca680ad651 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 4 Oct 2024 10:04:30 -0500 Subject: [PATCH 084/325] wolfssl/wolfcrypt/settings.h: add setup for WOLFSSL_ARM_ARCH_7M. --- wolfssl/wolfcrypt/settings.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5defa3ceb..952b72659 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2399,7 +2399,10 @@ extern void uITRON4_free(void *p) ; #endif /* Detect Cortex M3 (no UMAAL) */ -#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__) +#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M) + #define WOLFSSL_ARM_ARCH_7M +#endif +#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M) #undef WOLFSSL_SP_NO_UMAAL #define WOLFSSL_SP_NO_UMAAL #endif From 032ab3b57e505df4bdcb15b3317f0c7240a05e00 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 8 Jul 2024 12:43:14 -0500 Subject: [PATCH 085/325] Add Coverity scan workflow --- .github/workflows/coverity-scan-fixes.yml | 40 +++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/coverity-scan-fixes.yml diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml new file mode 100644 index 000000000..71955b7a9 --- /dev/null +++ b/.github/workflows/coverity-scan-fixes.yml @@ -0,0 +1,40 @@ +name: Coverity Scan master branch on a weekly basis + +#on: +# workflow_dispatch: +# schedule: +# - cron: "7 3 * * 3" +on: + push: + branches: [ 'master', 'main', 'release/**' ] + +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: master + + - name: Configure wolfSSL + run: | + ./autogen.sh + ./configure --enable-all + + - name: Check secrets + env: + token_var: ${{ secrets.COVERITY_SCAN_TOKEN }} + email_var: ${{ secrets.COVERITY_SCAN_EMAIL }} + run: | + token_len=${#token_var} + echo "$token_len" + email_len=${#email_var} + echo "$email_len" + + - uses: vapier/coverity-scan-action@v1 + with: + build_language: 'cxx' + project: "wolfSSL/wolfssl" + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + command: "make" From f4b603fa4e6db6ad1a03333c480c0f068240a01a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 10 Jul 2024 08:37:42 -0500 Subject: [PATCH 086/325] test cron 2xd --- .github/workflows/coverity-scan-fixes.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml index 71955b7a9..687a2394e 100644 --- a/.github/workflows/coverity-scan-fixes.yml +++ b/.github/workflows/coverity-scan-fixes.yml @@ -1,12 +1,13 @@ name: Coverity Scan master branch on a weekly basis -#on: -# workflow_dispatch: -# schedule: -# - cron: "7 3 * * 3" on: - push: - branches: [ 'master', 'main', 'release/**' ] + workflow_dispatch: + schedule: + - cron: "0 0,12 * * *" +# - cron: "0 0 * * 1" +#on: +# push: +# branches: [ 'master', 'main', 'release/**' ] jobs: coverity: From a25c0244a7027aba89e96738660e296b4d4d9f9d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 4 Oct 2024 16:41:33 -0500 Subject: [PATCH 087/325] wolfssl/wolfcrypt/types.h: refactor static_assert*() as wc_static_assert*() to avoid conflicts with target-native static_assert(), and add additional coverage for C23 and MSVC C11. wolfcrypt/test/test.c: in render_error_message(), in tests for strerror_r(), test for __USE_GNU. --- src/dtls13.c | 2 +- wolfcrypt/test/test.c | 8 +++---- wolfssl/wolfcrypt/settings.h | 13 +++-------- wolfssl/wolfcrypt/types.h | 44 +++++++++++++++++++++--------------- 4 files changed, 34 insertions(+), 33 deletions(-) diff --git a/src/dtls13.c b/src/dtls13.c index aa630d3d5..d6e1d3d23 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -71,7 +71,7 @@ typedef struct Dtls13HandshakeHeader { byte fragmentLength[3]; } Dtls13HandshakeHeader; -static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); +wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); /** * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3 diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 62c9f16fd..544abc784 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -841,11 +841,11 @@ static void render_error_message(const char* msg, wc_test_ret_t es) * stores an error string in the supplied buffer. this is all most * infelicitous... */ -#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \ +#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \ (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \ - ((defined(__GLIBC__) && (__GLIBC__ >= 2)) || \ - (defined(__USE_XOPEN2K) && \ - defined(_POSIX_C_SOURCE) && \ + ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) || \ + (defined(__USE_XOPEN2K) && \ + defined(_POSIX_C_SOURCE) && \ (_POSIX_C_SOURCE >= 200112L))) char errno_buf[64], *errno_string; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 952b72659..2ed7647d6 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -20,24 +20,17 @@ */ /* - * ************************************************************************ + * Note, this file should not be edited to activate/deactivate features. * - * ******************************** NOTICE ******************************** - * - * ************************************************************************ - * - * This method of uncommenting a line in settings.h is outdated. - * - * Please use user_settings.h / WOLFSSL_USER_SETTINGS + * Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS * * or * - * ./configure CFLAGS="-DFLAG" + * ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]" * * For more information see: * * https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/ - * */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 217772297..d5490c0e7 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1693,15 +1693,22 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif - #define WC_CPP_CAT_(a, b) a ## b - #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) - #if (defined(__cplusplus) && (__cplusplus >= 201103L)) || \ - (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) - #ifndef static_assert2 - #define static_assert2 static_assert - #endif - #elif !defined(static_assert) - #if !defined(__cplusplus) && \ + #ifndef wc_static_assert + #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ + (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) + /* directly usable variadic declaration */ + #define wc_static_assert static_assert + #ifndef wc_static_assert2 + #define wc_static_assert2 static_assert + #endif + #elif defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L) + /* native 2-argument static_assert() */ + #define wc_static_assert(expr) static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) static_assert(expr, msg) + #endif + #elif !defined(__cplusplus) && \ !defined(__STRICT_ANSI__) && \ !defined(WOLF_C89) && \ defined(__STDC_VERSION__) && \ @@ -1709,19 +1716,20 @@ typedef struct w64wrapper { ((defined(__GNUC__) && \ (__GNUC__ >= 5)) || \ defined(__clang__)) - #define static_assert(expr) _Static_assert(expr, #expr) - #ifndef static_assert2 - #define static_assert2(expr, msg) _Static_assert(expr, msg) + /* native 2-argument _Static_assert() */ + #define wc_static_assert(expr) _Static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) #endif #else - #define static_assert(expr) \ - struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__) - #ifndef static_assert2 - #define static_assert2(expr, msg) static_assert(expr) + /* fallback -- map wc_static_assert*() to do-nothing. */ + #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif #endif - #elif !defined(static_assert2) - #define static_assert2(expr, msg) static_assert(expr) + #elif !defined(wc_static_assert2) + #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif #ifndef SAVE_VECTOR_REGISTERS From e944967731f252e971fcfa3eebd7e7f879d6c0b1 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 4 Oct 2024 21:11:25 -0500 Subject: [PATCH 088/325] wolfssl/wolfcrypt/types.h: add WC_NO_STATIC_ASSERT path, and add C89-compatible live fallback definition for wc_static_assert(). wolfssl/internal.h: refactor WOLFSSL_ASSERT_EQ() and WOLFSSL_ASSERT_SIZEOF_GE() to use wc_static_assert(), and drop unused WOLFSSL_ASSERT_TEST() and WOLFSSL_ASSERT_SIZEOF_TEST(). src/ssl_crypto.c and wolfcrypt/src/evp.c: refactor ad hoc asserts in wolfSSL_DES_ecb_encrypt(), wolfSSL_CRYPTO_cts128_decrypt(), and wolfSSL_EVP_DigestInit(), to use wc_static_assert(). --- src/ssl_crypto.c | 6 ++---- wolfcrypt/src/evp.c | 11 +++-------- wolfssl/internal.h | 13 ++----------- wolfssl/wolfcrypt/types.h | 16 ++++++++++++---- 4 files changed, 19 insertions(+), 27 deletions(-) diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index fba578c50..0730c4521 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -2923,8 +2923,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, static int wolfssl_aes_set_key(const unsigned char *key, const int bits, AES_KEY *aes, int enc) { - typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1]; - (void)sizeof(aes_test); + wc_static_assert(sizeof(AES_KEY) >= sizeof(Aes)); /* Validate parameters. */ if ((key == NULL) || (aes == NULL)) { @@ -3438,8 +3437,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, const unsigned char* data) { - typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1]; - (void)sizeof(rc4_test); + wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4)); WOLFSSL_ENTER("wolfSSL_RC4_set_key"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index bcd87b428..9a7ed5f9b 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -10495,6 +10495,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; + #ifdef WOLFSSL_ASYNC_CRYPT + wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV)); + #endif WOLFSSL_ENTER("EVP_DigestInit"); @@ -10502,14 +10505,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return WOLFSSL_FAILURE; } - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif - /* Set to 0 if no match */ ctx->macType = EvpMd2MacType(md); if (md == NULL) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d3a03e1d4..c7b7b6097 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2071,18 +2071,9 @@ enum Misc { #define MAX_ENCRYPT_SZ ENCRYPT_LEN -/* A static check to assert a relation between x and y */ -#define WOLFSSL_ASSERT_TEST(x, y, op) do { \ - typedef char _args_test_[(x) op (y) ? 1 : -1]; \ - (void)sizeof(_args_test_); \ -} while(0) +#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y)) -#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==) - -#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \ - WOLFSSL_ASSERT_TEST(sizeof(x), sizeof(y), op) - -#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=) +#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y)) /* states. Adding state before HANDSHAKE_DONE will break session importing */ enum states { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index d5490c0e7..4b08b430e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1693,11 +1693,16 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif - #ifndef wc_static_assert + #define WC_CPP_CAT_(a, b) a ## b + #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) + #if defined(WC_NO_STATIC_ASSERT) + #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + #define wc_static_assert2(expr, msg) wc_static_assert(expr) + #elif !defined(wc_static_assert) #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) - /* directly usable variadic declaration */ + /* native variadic static_assert() */ #define wc_static_assert static_assert #ifndef wc_static_assert2 #define wc_static_assert2 static_assert @@ -1722,8 +1727,11 @@ typedef struct w64wrapper { #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) #endif #else - /* fallback -- map wc_static_assert*() to do-nothing. */ - #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + /* C89-compatible fallback */ + #define wc_static_assert(expr) \ + struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \ + char t[(expr) ? 1 : -1]; \ + } #ifndef wc_static_assert2 #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif From 69e390f8b9ec421e788083590d44109e67abdb6a Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 11 Jul 2024 19:02:32 +0900 Subject: [PATCH 089/325] works OCSP Stapling with TLS1.3 like OCSPv2Multi --- SCRIPTS-LIST | 1 + configure.ac | 32 +- examples/client/client.c | 98 ++--- scripts/include.am | 6 + scripts/ocsp-stapling.test | 18 +- scripts/ocsp-stapling2.test | 2 +- scripts/ocsp-stapling_tls13multi.test | 522 ++++++++++++++++++++++++++ src/internal.c | 119 ++++-- src/ssl.c | 6 +- src/tls.c | 254 ++++++++++--- src/tls13.c | 173 +++++++-- wolfssl/error-ssl.h | 2 +- wolfssl/internal.h | 34 +- 13 files changed, 1102 insertions(+), 165 deletions(-) create mode 100755 scripts/ocsp-stapling_tls13multi.test diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index 03f5cf6a8..753bbf90e 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -35,6 +35,7 @@ scripts/ google.test - example client test against google, part of tests resume.test - example sessoin resume test, part of tests ocsp-stapling.test - example client test against globalsign, part of tests + ocsp-stapling1_tls13.text - example client test against example server, part of tests ocsp-stapling2.test - example client test against example server, part of tests sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests in sniffer mode diff --git a/configure.ac b/configure.ac index f9122fb6e..4c16dd21c 100644 --- a/configure.ac +++ b/configure.ac @@ -5995,10 +5995,27 @@ fi # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], - [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], + [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])], [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) +AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST], + [no],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="no" + ENABLED_TLS_OCSP_MULTI="no" + ], + [disabled],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="no" + ENABLED_TLS_OCSP_MULTI="no" + ], + [yes],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" + ENABLED_TLS_OCSP_MULTI="yes" + ], + [no-multi],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" + ENABLED_TLS_OCSP_MULTI="no" + ]) if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \ test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \ @@ -9580,7 +9597,17 @@ if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then LT_LIB_M fi - +# mulitple OCSP stapling for TLS 1.3 Certificate extension +if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes" +then + if test "$ENABLED_TLS13" = "yes" + then + if test "$ENABLED_TLS_OCSP_MULTI" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI" + fi + fi +fi ################################################################################ # USER SETTINGS @@ -9835,6 +9862,7 @@ AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USE AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) +AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"]) diff --git a/examples/client/client.c b/examples/client/client.c index 89c0f975b..5fa85924c 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1242,66 +1242,70 @@ static const char* client_usage_msg[][78] = { || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) "-W Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ " With 'm' at end indicates MUST staple\n", /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", + /* 43 */ +#endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - "-U Atomic User Record Layer Callbacks\n", /* 43 */ + "-U Atomic User Record Layer Callbacks\n", /* 45 */ #endif #ifdef HAVE_PK_CALLBACKS - "-P Public Key Callbacks\n", /* 44 */ + "-P Public Key Callbacks\n", /* 45 */ #endif #ifdef HAVE_ANON - "-a Anonymous client\n", /* 45 */ + "-a Anonymous client\n", /* 46 */ #endif #ifdef HAVE_CRL - "-C Disable CRL\n", /* 46 */ + "-C Disable CRL\n", /* 47 */ #endif #ifdef WOLFSSL_TRUST_PEER_CERT - "-E Path to load trusted peer cert\n", /* 47 */ + "-E Path to load trusted peer cert\n", /* 48 */ #endif #ifdef HAVE_WNR - "-q Whitewood config file, defaults\n", /* 48 */ + "-q Whitewood config file, defaults\n", /* 49 */ #endif "-H Internal tests" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */ - " loadSSL, disallowETM]\n", /* 50 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ + " loadSSL, disallowETM]\n", /* 51 */ #ifdef WOLFSSL_TLS13 - "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ - "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ - "-I Update keys and IVs before sending data\n", /* 53 */ + "-J Use HelloRetryRequest to choose group for KE\n", /* 52 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 53 */ + "-I Update keys and IVs before sending data\n", /* 54 */ #ifndef NO_DH - "-y Key Share with FFDHE named groups only\n", /* 54 */ + "-y Key Share with FFDHE named groups only\n", /* 55 */ #endif #ifdef HAVE_ECC - "-Y Key Share with ECC named groups only\n", /* 55 */ + "-Y Key Share with ECC named groups only\n", /* 56 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t Use X25519 for key exchange\n", /* 56 */ + "-t Use X25519 for key exchange\n", /* 57 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q Support requesting certificate post-handshake\n", /* 57 */ + "-Q Support requesting certificate post-handshake\n", /* 58 */ #endif #ifdef WOLFSSL_EARLY_DATA - "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */ + "-0 Early data sent to server (0-RTT handshake)\n", /* 59 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 Multicast, grpid < 256\n", /* 59 */ + "-3 Multicast, grpid < 256\n", /* 60 */ #endif "-1 Display a result by specified language.\n" - " 0: English, 1: Japanese\n", /* 60 */ + " 0: English, 1: Japanese\n", /* 61 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 Disable DH Prime check\n", /* 61 */ + "-2 Disable DH Prime check\n", /* 62 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 Use resumption for renegotiation\n", /* 62 */ + "-4 Use resumption for renegotiation\n", /* 63 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 Use Trusted CA Key Indication\n", /* 63 */ + "-5 Use Trusted CA Key Indication\n", /* 64 */ #endif "-6 Simulate WANT_WRITE errors on every other IO send\n", #ifdef HAVE_CURVE448 - "-8 Use X448 for key exchange\n", /* 66 */ + "-8 Use X448 for key exchange\n", /* 65 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ @@ -1469,69 +1473,73 @@ static const char* client_usage_msg[][78] = { || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) "-W OCSP Staplingを使用ã™ã‚‹" " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ - " 'm' を最後ã«æŒ‡å®šã™ã‚‹ã¨å¿…ãš staple を使用ã™ã‚‹\n" /* 42 */ + " 'm' を最後ã«æŒ‡å®šã™ã‚‹ã¨å¿…ãš staple を使用ã™ã‚‹\n" /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, " + "TLS13 使用時ã«è¤‡æ•°(Multi)ã® OCSP を実施ã—ã¾ã™\n" /* 43 */ +#endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) "-U アトミック・ユーザー記録ã®" - "コールãƒãƒƒã‚¯ã‚’利用ã™ã‚‹\n", /* 43 */ + "コールãƒãƒƒã‚¯ã‚’利用ã™ã‚‹\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS - "-P 公開éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯\n", /* 44 */ + "-P 公開éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯\n", /* 45 */ #endif #ifdef HAVE_ANON - "-a 匿åクライアント\n", /* 45 */ + "-a 匿åクライアント\n", /* 46 */ #endif #ifdef HAVE_CRL - "-C CRLを無効\n", /* 46 */ + "-C CRLを無効\n", /* 47 */ #endif #ifdef WOLFSSL_TRUST_PEER_CERT - "-E 信頼出æ¥ã‚‹ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒ­ãƒ¼ãƒ‰ã®ç‚ºã®ãƒ‘ス\n", /* 47 */ + "-E 信頼出æ¥ã‚‹ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒ­ãƒ¼ãƒ‰ã®ç‚ºã®ãƒ‘ス\n", /* 48 */ #endif #ifdef HAVE_WNR - "-q Whitewood コンフィグファイル, 既定値\n", /* 48 */ + "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ #endif "-H 内部テスト" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */ - " loadSSL, disallowETM]\n", /* 50 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ + " loadSSL, disallowETM]\n", /* 51 */ #ifdef WOLFSSL_TLS13 - "-J HelloRetryRequestã‚’KEã®ã‚°ãƒ«ãƒ¼ãƒ—é¸æŠžã«ä½¿ç”¨ã™ã‚‹\n", /* 51 */ - "-K éµäº¤æ›ã«PSKを使用ã€(EC)DHEã¯ä½¿ç”¨ã—ãªã„\n", /* 52 */ - "-I データé€ä¿¡å‰ã«ã€éµã¨IVã‚’æ›´æ–°ã™ã‚‹\n", /* 53 */ + "-J HelloRetryRequestã‚’KEã®ã‚°ãƒ«ãƒ¼ãƒ—é¸æŠžã«ä½¿ç”¨ã™ã‚‹\n", /* 52 */ + "-K éµäº¤æ›ã«PSKを使用ã€(EC)DHEã¯ä½¿ç”¨ã—ãªã„\n", /* 53 */ + "-I データé€ä¿¡å‰ã«ã€éµã¨IVã‚’æ›´æ–°ã™ã‚‹\n", /* 54 */ #ifndef NO_DH - "-y FFDHEåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 54 */ + "-y FFDHEåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 55 */ #endif #ifdef HAVE_ECC - "-Y ECCåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 55 */ + "-Y ECCåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 56 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t X25519ã‚’éµäº¤æ›ã«ä½¿ç”¨ã™ã‚‹\n", /* 56 */ + "-t X25519ã‚’éµäº¤æ›ã«ä½¿ç”¨ã™ã‚‹\n", /* 57 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã®è¨¼æ˜Žè¦æ±‚をサãƒãƒ¼ãƒˆã™ã‚‹\n", /* 57 */ + "-Q ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã®è¨¼æ˜Žè¦æ±‚をサãƒãƒ¼ãƒˆã™ã‚‹\n", /* 58 */ #endif #ifdef WOLFSSL_EARLY_DATA "-0 Early data をサーãƒãƒ¼ã¸é€ä¿¡ã™ã‚‹" - "(0-RTTãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ï¼‰\n", /* 58 */ + "(0-RTTãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ï¼‰\n", /* 59 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 マルãƒã‚­ãƒ£ã‚¹ãƒˆ, grpid < 256\n", /* 59 */ + "-3 マルãƒã‚­ãƒ£ã‚¹ãƒˆ, grpid < 256\n", /* 60 */ #endif "-1 指定ã•ã‚ŒãŸè¨€èªžã§çµæžœã‚’表示ã—ã¾ã™ã€‚\n" - " 0: 英語〠1: 日本語\n", /* 60 */ + " 0: 英語〠1: 日本語\n", /* 61 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 DHプライム番å·ãƒã‚§ãƒƒã‚¯ã‚’無効ã«ã™ã‚‹\n", /* 61 */ + "-2 DHプライム番å·ãƒã‚§ãƒƒã‚¯ã‚’無効ã«ã™ã‚‹\n", /* 62 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 å†äº¤æ¸‰ã«å†é–‹ã‚’使用\n", /* 62 */ + "-4 å†äº¤æ¸‰ã«å†é–‹ã‚’使用\n", /* 63 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 ä¿¡é ¼ã§ãã‚‹èªè¨¼å±€ã®éµè¡¨ç¤ºã‚’使用ã™ã‚‹\n", /* 63 */ + "-5 ä¿¡é ¼ã§ãã‚‹èªè¨¼å±€ã®éµè¡¨ç¤ºã‚’使用ã™ã‚‹\n", /* 64 */ #endif "-6 WANT_WRITE エラーを全ã¦ã®IO é€ä¿¡ã§ã‚·ãƒŸãƒ¥ãƒ¬ãƒ¼ãƒˆã—ã¾ã™\n", #ifdef HAVE_CURVE448 - "-8 éµäº¤æ›ã« X448 を使用ã™ã‚‹\n", /* 66 */ + "-8 éµäº¤æ›ã« X448 を使用ã™ã‚‹\n", /* 65 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ diff --git a/scripts/include.am b/scripts/include.am index f4f925a08..c42fce2a7 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -27,6 +27,9 @@ endif if BUILD_OCSP_STAPLING dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test +if BUILD_OCSP_STAPLING_MULTI +dist_noinst_SCRIPTS+= scripts/ocsp-stapling_tls13multi.test +endif if !BUILD_OCSP_STAPLING_V2 testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log endif @@ -34,6 +37,9 @@ scripts/ocsp-stapling.log: scripts/ocsp.log dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log +if BUILD_OCSP_STAPLING_MULTI +scripts/ocsp-stapling_tls13multi.log: scripts/ocsp-stapling-with-ca-as-responder.log +endif endif if BUILD_OCSP_STAPLING_V2 diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 731334c3d..8065ac2c6 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -27,6 +27,20 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then exit 77 fi +if ./examples/client/client -V | grep -q 4; then + tls13=yes +fi +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + dtls13=yes +fi +./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13' +if [ $? -eq 0 ]; then + tls13multi=yes +else + tls13multi=no +fi + + if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then IPV6_SUPPORTED=yes else @@ -346,7 +360,7 @@ RESULT=$? printf '%s\n\n' "Test successfully REVOKED!" -if ./examples/client/client -V | grep -q 4; then + if [[ ("$tls13" == "yes") && ("$tls13multi" == "no") ]]; then printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------" # client test against our own server - GOOD CERT remove_single_rF "$ready_file2" @@ -412,7 +426,7 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then printf '%s\n\n' "Test PASSED!" fi -if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + if [[ ("$dtls13" == "yes") && ("$tls13multi" == "no") ]]; then printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------" # client test against our own server, must staple - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index f18ee1a7c..dea1af61b 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -43,7 +43,7 @@ fi if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then if [[ "$IPV6_SUPPORTED" == "no" ]]; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' - exit 0 + exit 77 fi LOCALHOST='[::1]' LOCALHOST_FOR_NC='-6 ::1' diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test new file mode 100755 index 000000000..27ef90031 --- /dev/null +++ b/scripts/ocsp-stapling_tls13multi.test @@ -0,0 +1,522 @@ +#!/bin/bash + +# ocsp-stapling_tls13multi.test +# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +SCRIPT_DIR="$(dirname "$0")" + +# if we can, isolate the network namespace to eliminate port collisions. +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then + export NETWORK_UNSHARE_HELPER_CALLED=yes + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? + fi +elif [ "${AM_BWRAPPED-}" != "yes" ]; then + bwrap_path="$(command -v bwrap)" + if [ -n "$bwrap_path" ]; then + export AM_BWRAPPED=yes + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" + fi + unset AM_BWRAPPED +fi + +if [[ -z "${RETRIES_REMAINING-}" ]]; then + export RETRIES_REMAINING=2 +fi + +if ! ./examples/client/client -V | grep -q 4; then + tls13=no + +else + tls13=yes +fi + +if ! ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + dtls13=no +else + dtls13=yes +fi + +if [[ ("$tls13" == "no") && ("$dtls13" == "no") ]]; then + echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2 + exit 77 +fi + +if ! ./examples/client/client -V | grep -q 4; then + tls13=no + echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2 + exit 77 +else + tls13=yes +fi + +if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 77 + fi + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='-6 ::1' +else + LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' +fi + +PARENTDIR="$PWD" + +# create a unique workspace directory ending in PID for the script instance ($$) +# to make this instance orthogonal to any others running, even on same repo. +# TCP ports are also carefully formed below from the PID, to minimize conflicts. + +#WORKSPACE="${PARENTDIR}/workspace.pid$$" +#mkdir "${WORKSPACE}" || exit $? + +WORKSPACE="$(mktemp -d -p ${PARENTDIR})" + +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cd "$WORKSPACE" || exit $? +ln -s ../examples + +CERT_DIR="certs/ocsp" + + +ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$ +ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$ +ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$ +ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$ +ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$ +printf '%s\n' "ready file 1: $ready_file1" +printf '%s\n' "ready file 2: $ready_file2" +printf '%s\n' "ready file 3: $ready_file3" +printf '%s\n' "ready file 4: $ready_file4" +printf '%s\n' "ready file 5: $ready_file5" + +test_cnf="ocsp_s2.cnf" + +wait_for_readyFile(){ + + counter=0 + + while [ ! -s $1 -a "$counter" -lt 20 ]; do + if [[ -n "${2-}" ]]; then + if ! kill -0 $2 2>&-; then + echo "pid $2 for port ${3-} exited before creating ready file. bailing..." + exit 1 + fi + fi + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $1; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file at $1 -- ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} +#create a configure file for cert generation with the port 0 solution +create_new_cnf() { + echo "Random Ports Selected: $1 $2 $3 $4" + + cat <<- EOF > $test_cnf + # + # openssl configuration file for OCSP certificates + # + + # Extensions to add to a certificate request (intermediate1-ca) + [ v3_req1 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1 + + # Extensions to add to a certificate request (intermediate2-ca) + [ v3_req2 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2 + + # Extensions to add to a certificate request (intermediate3-ca) + [ v3_req3 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3 + + # Extensions for a typical CA + [ v3_ca ] + basicConstraints = CA:true + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = keyCertSign, cRLSign + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4 + + # OCSP extensions. + [ v3_ocsp ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + extendedKeyUsage = OCSPSigning +EOF + + mv $test_cnf $CERT_DIR/$test_cnf + cd $CERT_DIR + CURR_LOC="$PWD" + printf '%s\n' "echo now in $CURR_LOC" + ./renewcerts-for-test.sh $test_cnf + cd $WORKSPACE +} + +remove_ready_file(){ + if test -e $ready_file1; then + printf '%s\n' "removing ready file: $ready_file1" + rm $ready_file1 + fi + if test -e $ready_file2; then + printf '%s\n' "removing ready file: $ready_file2" + rm $ready_file2 + fi + if test -e $ready_file3; then + printf '%s\n' "removing ready file: $ready_file3" + rm $ready_file3 + fi + if test -e $ready_file4; then + printf '%s\n' "removing ready file: $ready_file4" + rm $ready_file4 + fi + if test -e $ready_file5; then + printf '%s\n' "removing ready file: $ready_file5" + rm $ready_file5 + fi +} + +cleanup() +{ + exit_status=$? + for i in $(jobs -pr) + do + kill -s KILL "$i" + done + remove_ready_file + rm $CERT_DIR/$test_cnf + cd "$PARENTDIR" || return 1 + rm -r "$WORKSPACE" || return 1 + + if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then + echo "retrying..." + RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) + exec $0 "$@" + fi +} +trap cleanup EXIT INT TERM HUP + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# check if supported key size is large enough to handle 4096 bit RSA +size="$(./examples/client/client '-?' | grep "Max RSA key")" +size="${size//[^0-9]/}" +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + +#get four unique ports + +# choose consecutive ports based on the PID, skipping any that are +# already bound, to avoid the birthday problem in case other +# instances are sharing this host. + +get_first_free_port() { + local ret="$1" + while :; do + if [[ "$ret" -ge 65536 ]]; then + ret=1024 + fi + if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + break + fi + ret=$((ret+1)) + done + echo "$ret" + return 0 +} + +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port $base_port) +port2=$(get_first_free_port $((port1 + 1))) +port3=$(get_first_free_port $((port2 + 1))) +port4=$(get_first_free_port $((port3 + 1))) +port5=$(get_first_free_port $((port4 + 1))) + +# 1: +./examples/server/server -R $ready_file1 -p $port1 & +server_pid1=$! +wait_for_readyFile $ready_file1 $server_pid1 $port1 +if [ ! -f $ready_file1 ]; then + printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" + exit 1 +fi +# 2: +./examples/server/server -R $ready_file2 -p $port2 & +server_pid2=$! +wait_for_readyFile $ready_file2 $server_pid2 $port2 +if [ ! -f $ready_file2 ]; then + printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" + exit 1 +fi +# 3: +./examples/server/server -R $ready_file3 -p $port3 & +server_pid3=$! +wait_for_readyFile $ready_file3 $server_pid3 $port3 +if [ ! -f $ready_file3 ]; then + printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" + exit 1 +fi +# 4: +./examples/server/server -R $ready_file4 -p $port4 & +server_pid4=$! +wait_for_readyFile $ready_file4 $server_pid4 $port4 +if [ ! -f $ready_file4 ]; then + printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" + exit 1 +fi + +printf '%s\n' "------------- PORTS ---------------" +printf '%s' "Random ports selected: $port1 $port2" +printf '%s\n' " $port3 $port4" +printf '%s\n' "-----------------------------------" +# Use client connections to cleanly shutdown the servers +./examples/client/client -p $port1 +./examples/client/client -p $port2 +./examples/client/client -p $port3 +./examples/client/client -p $port4 +create_new_cnf $port1 $port2 $port3 \ + $port4 + +sleep 0.1 + +# setup ocsp responders +# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port1 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + "$@" \ + & + +# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port2 -nmin 1 \ + -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate2-ca-cert.pem \ + "$@" \ + & + +# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port3 -nmin 1 \ + -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate3-ca-cert.pem \ + "$@" \ + & + +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port4 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + "$@" \ + & + +sleep 0.1 +# "jobs" is not portable for posix. Must use bash interpreter! +[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 + +printf '\n\n%s\n\n' "All OCSP responders started successfully!" + +if [ "$tls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" + # client test against our own server - GOOD CERTS + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 & + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------" + # client test against our own server - REVOKED INTERMEDIATE CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \ + -p $port5 -H loadSSL & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 + wait $server_pid5 + if [ $? -ne 0 ]; then + printf '%s\n' "Unexpected server result" + exit 1 + fi + printf '%s\n\n' "Test successful" + printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -H loadSSL -v 4 & + server_pid5=$! + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + wait $server_pid5 + if [ $? -ne 1 ]; then + printf '%s\n' "Unexpected server result" + exit 1 + fi + printf '%s\n\n' "Test successfully REVOKED!" +fi + +if [ "$dtls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------" + # client test against our own server - GOOD CERTS + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ \ + -p $port5 -u -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + +fi + +# need a unique port since may run the same time as testsuite +generate_port() { + #-------------------------------------------------------------------------# + # Generate a random port number + #-------------------------------------------------------------------------# + + if [[ "$OSTYPE" == "linux"* ]]; then + port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi +} + +printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------" + +exit 0 diff --git a/src/internal.c b/src/internal.c index c61dfb341..ce8dc65cd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7745,6 +7745,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->sigSpec = ctx->sigSpec; ssl->sigSpecSz = ctx->sigSpecSz; #endif /* WOLFSSL_DUAL_ALG_CERTS */ +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */ WOLFSSL_MSG_EX("InitSSL done. return 0 (success)"); return 0; @@ -13416,12 +13421,17 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12)) -static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, - word32 status_length) +static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length, int idx) { int ret = 0; OcspRequest* request; - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; +#else + (void)idx; +#endif #ifdef WOLFSSL_SMALL_STACK CertStatus* status; OcspEntry* single; @@ -13433,11 +13443,19 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif WOLFSSL_ENTER("ProcessCSR"); - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (ext) { + /* status request */ + csr = (CertificateStatusRequest*)ext->data; + if (csr && !csr->ssl) + csr->ssl = ssl; + } +#endif do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); + request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions, + idx); ssl->status_request = 0; break; } @@ -13506,6 +13524,12 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LEAVE("ProcessCSR", ret); return ret; } + +static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length) +{ + return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0); +} #endif @@ -14562,6 +14586,52 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) return ret; } +#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \ + && defined(HAVE_CERTIFICATE_STATUS_REQUEST) +static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl) +{ + int ret = 0; + word32 i; + word32 idx = 0; + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; + + if (ext) { + csr = (CertificateStatusRequest*)ext->data; + if (csr == NULL) { + return 0; + } + } else + return 0; + + /* error when leaf cert doesn't have certificate status */ + if (csr->requests < 1 || csr->responses[0].length == 0) { + WOLFSSL_MSG("Leaf cert doesn't have certificate status."); + return BAD_CERTIFICATE_STATUS_ERROR; + } + + for (i = 0; i < csr->requests; i++) { + if (csr->responses[i].length != 0) { + ssl->status_request = 1; + idx = 0; + ret = ProcessCSR_ex(ssl, + csr->responses[i].buffer, + &idx, csr->responses[i].length, i); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + break; + } + } + else { + WOLFSSL_MSG("Intermediate cert doesn't have certificate status."); + } + } + + return ret; +} + +#endif + #ifdef HAVE_CRL static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) { @@ -14844,8 +14914,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->idx += extSz; listSz -= extSz + OPAQUE16_LEN; WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions", - args->exts[args->totalCerts].length); + args->exts[args->totalCerts].length); #if !defined(NO_TLS) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = args->totalCerts; + #endif ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer, (word16)args->exts[args->totalCerts].length, certificate, NULL); @@ -15040,6 +15113,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TLSX_CSR_InitRequest_ex(ssl->extensions, + args->dCert, ssl->heap, args->certIdx); + } + else + #endif if (SSL_CM(ssl)->ocspEnabled && SSL_CM(ssl)->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); @@ -15520,24 +15600,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - args->fatal = (TLSX_CSR_InitRequest(ssl->extensions, - args->dCert, ssl->heap) != 0); + args->fatal = (TLSX_CSR_InitRequest_ex( + ssl->extensions, args->dCert, + ssl->heap, args->certIdx) != 0); doLookup = 0; WOLFSSL_MSG("\tHave status request"); #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { - TLSX* ext = TLSX_Find(ssl->extensions, - TLSX_STATUS_REQUEST); - if (ext != NULL) { - word32 idx = 0; - CertificateStatusRequest* csr = - (CertificateStatusRequest*)ext->data; - ret = ProcessCSR(ssl, csr->response.buffer, - &idx, csr->response.length); - if (ret < 0) { - WOLFSSL_ERROR_VERBOSE(ret); - goto exit_ppc; - } + ret = ProcessPeerCertsChainOCSPStatusCheck(ssl); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + goto exit_ppc; } } #endif @@ -23398,7 +23471,7 @@ int SendFinished(WOLFSSL* ssl) * * Returns 0 on success */ -static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, +int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, DecodedCert* cert, byte* certData, word32 length, byte *ctxOwnsRequest) { @@ -24284,7 +24357,6 @@ int SendCertificateStatus(WOLFSSL* ssl) if (idx > chain->length) break; - ret = CreateOcspRequest(ssl, request, cert, der.buffer, der.length, &ctxOwnsRequest); if (ret == 0) { @@ -25485,6 +25557,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case MAX_CHAIN_ERROR: return "Maximum Chain Depth Exceeded"; + case MAX_CERT_EXTENSIONS_ERR: + return "Maximum Cert Extension Exceeded"; + case COOKIE_ERROR: return "DTLS Cookie Error"; diff --git a/src/ssl.c b/src/ssl.c index e4aecb0e8..1d481909b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13210,7 +13210,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #ifdef WOLFSSL_QUIC wolfSSL_quic_clear(ssl); #endif - +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif return WOLFSSL_SUCCESS; } diff --git a/src/tls.c b/src/tls.c index 4fc15e53c..04238f669 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3184,51 +3184,64 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) { + int i; + switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - FreeOcspRequest(&csr->request.ocsp); + for (i = 0; i <= csr->requests; i++) { + FreeOcspRequest(&csr->request.ocsp[i]); + } break; } - #ifdef WOLFSSL_TLS13 - if (csr->response.buffer != NULL) { - XFREE(csr->response.buffer, csr->ssl->heap, + for (i = 0; i < MAX_CERT_EXTENSIONS; i++) { + if (csr->responses[i].buffer != NULL) { + XFREE(csr->responses[i].buffer, heap, DYNAMIC_TYPE_TMP_BUFFER); + } } #endif XFREE(csr, heap, DYNAMIC_TYPE_TLSX); (void)heap; } -static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, + int idx) { word16 size = 0; /* shut up compiler warnings */ (void) csr; (void) isRequest; - #ifndef NO_WOLFSSL_CLIENT if (isRequest) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: size += ENUM_LEN + 2 * OPAQUE16_LEN; - if (csr->request.ocsp.nonceSz) + if (csr->request.ocsp[0].nonceSz) size += OCSP_NONCE_EXT_SZ; break; } } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) - return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length; + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { + return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + + csr->responses[idx].length); + } +#else + (void)idx; #endif - return size; } -static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, - byte isRequest) +static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +{ + return TLSX_CSR_GetSize_ex(csr, isRequest, 0); +} + +int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx) { /* shut up compiler warnings */ (void) csr; (void) output; (void) isRequest; @@ -3249,8 +3262,8 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, offset += OPAQUE16_LEN; /* request extensions */ - if (csr->request.ocsp.nonceSz) { - ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp, + if (csr->request.ocsp[0].nonceSz) { + ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0], output + offset + OPAQUE16_LEN, OCSP_NONCE_EXT_SZ); @@ -3272,20 +3285,112 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) { + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { word16 offset = 0; output[offset++] = csr->status_type; - c32to24(csr->response.length, output + offset); + c32to24(csr->responses[idx].length, output + offset); offset += OPAQUE24_LEN; - XMEMCPY(output + offset, csr->response.buffer, csr->response.length); - offset += csr->response.length; + XMEMCPY(output + offset, csr->responses[idx].buffer, + csr->responses[idx].length); + offset += (word16)csr->responses[idx].length; return offset; } +#else + (void)idx; #endif return 0; } +static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, + byte isRequest) +{ + return TLSX_CSR_Write_ex(csr, output, isRequest, 0); +} + +#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TLS_OCSP_MULTI) +/* Process OCSP request certificate chain + * + * ssl SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +static int ProcessChainOCSPRequest(WOLFSSL* ssl) +{ + DecodedCert* cert; + OcspRequest* request; + TLSX* extension; + CertificateStatusRequest* csr; + DerBuffer* chain; + word32 pos = 0; + buffer der; + int i = 1; + int ret = 0; + byte ctxOwnsRequest = 0; + + /* use certChain if available, otherwise use peer certificate */ + chain = ssl->buffers.certChain; + if (chain == NULL) { + chain = ssl->buffers.certificate; + } + + extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; + if (csr == NULL) + return MEMORY_ERROR; + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + return MEMORY_E; + } + + if (chain && chain->buffer) { + while (ret == 0 && pos + OPAQUE24_LEN < chain->length) { + c24to32(chain->buffer + pos, &der.length); + pos += OPAQUE24_LEN; + der.buffer = chain->buffer + pos; + pos += der.length; + + if (pos > chain->length) + break; + request = &csr->request.ocsp[i]; + if (ret == 0) { + ret = CreateOcspRequest(ssl, request, cert, + der.buffer, der.length, &ctxOwnsRequest); + if (ctxOwnsRequest) { + wolfSSL_Mutex* ocspLock = + &SSL_CM(ssl)->ocsp_stapling->ocspLock; + if (wc_LockMutex(ocspLock) == 0) { + /* the request is ours */ + ssl->ctx->certOcspRequest = NULL; + } + wc_UnLockMutex(ocspLock); + } + } + + if (ret == 0) { + request->ssl = ssl; + ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, + request, &csr->responses[i], ssl->heap); + /* Suppressing, not critical */ + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { + ret = 0; + } + i++; + csr->requests++; + } + } + } + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); + + return ret; +} +#endif + static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { @@ -3340,14 +3445,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, switch (csr->status_type) { case WOLFSSL_CSR_OCSP: /* propagate nonce */ - if (csr->request.ocsp.nonceSz) { + if (csr->request.ocsp[0].nonceSz) { request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); if (request) { - XMEMCPY(request->nonce, csr->request.ocsp.nonce, - csr->request.ocsp.nonceSz); - request->nonceSz = csr->request.ocsp.nonceSz; + XMEMCPY(request->nonce, csr->request.ocsp[0].nonce, + csr->request.ocsp[0].nonceSz); + request->nonceSz = csr->request.ocsp[0].nonceSz; } } break; @@ -3378,14 +3483,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, ret = BUFFER_ERROR; } if (ret == 0) { - csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap, + if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH)) + csr->responses[ssl->response_idx].buffer = + (byte*)XMALLOC(resp_length, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (csr->response.buffer == NULL) + else + ret = BAD_FUNC_ARG; + + if (ret == 0 && + csr->responses[ssl->response_idx].buffer == NULL) ret = MEMORY_ERROR; } if (ret == 0) { - XMEMCPY(csr->response.buffer, input + offset, resp_length); - csr->response.length = resp_length; + XMEMCPY(csr->responses[ssl->response_idx].buffer, + input + offset, resp_length); + csr->responses[ssl->response_idx].length = resp_length; } return ret; @@ -3450,6 +3562,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { + if (ssl->buffers.certificate == NULL) { WOLFSSL_MSG("Certificate buffer not set!"); return BUFFER_ERROR; @@ -3480,19 +3593,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, } FreeDecodedCert(cert); XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); - extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); csr = extension ? (CertificateStatusRequest*)extension->data : NULL; if (csr == NULL) return MEMORY_ERROR; - request = &csr->request.ocsp; - ret = CreateOcspResponse(ssl, &request, &csr->response); + request = &csr->request.ocsp[0]; + ret = CreateOcspResponse(ssl, &request, &csr->responses[0]); + if (request != &csr->request.ocsp[0] && + ssl->buffers.weOwnCert) { + /* request will be allocated in CreateOcspResponse() */ + FreeOcspRequest(request); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } if (ret != 0) return ret; - if (csr->response.buffer) + + if (csr->responses[0].buffer) TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + #if defined(WOLFSSL_TLS_OCSP_MULTI) + /* process OCSP request in certificate chain */ + if ((ret = ProcessChainOCSPRequest(ssl)) != 0) { + WOLFSSL_MSG("Process Cert Chain OCSP request failed"); + WOLFSSL_ERROR_VERBOSE(ret); + return ret; + } + #endif } else #endif @@ -3504,9 +3631,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } -int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx) { - TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; int ret = 0; @@ -3515,18 +3643,31 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: { byte nonce[MAX_OCSP_NONCE_SZ]; - int nonceSz = csr->request.ocsp.nonceSz; + int req_cnt = idx == -1 ? csr->requests : idx; + int nonceSz = csr->request.ocsp[0].nonceSz; + OcspRequest* request; + request = &csr->request.ocsp[req_cnt]; + if (request->serial != NULL) { + /* clear request contents before re-use */ + FreeOcspRequest(request); + } /* preserve nonce */ - XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); + XMEMCPY(nonce, request->nonce, nonceSz); - if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) - != 0) - return ret; + if (req_cnt < MAX_CERT_EXTENSIONS) { + if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0) + return ret; - /* restore nonce */ - XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); - csr->request.ocsp.nonceSz = nonceSz; + /* restore nonce */ + XMEMCPY(request->nonce, nonce, nonceSz); + request->nonceSz = nonceSz; + csr->requests++; + } + else { + WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR); + return MAX_CERT_EXTENSIONS_ERR; + } } break; } @@ -3535,22 +3676,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) return ret; } -void* TLSX_CSR_GetRequest(TLSX* extensions) +int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +{ + return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1); +} + +void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; - if (csr) { + if (csr && csr->ssl) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - return &csr->request.ocsp; + if (IsAtLeastTLSv1_3(csr->ssl->version)) { + return idx < csr->requests ? &csr->request.ocsp[idx] : NULL; + } + else { + return idx == 0 ? &csr->request.ocsp[0] : NULL; + } } } return NULL; } +void* TLSX_CSR_GetRequest(TLSX* extensions) +{ + return TLSX_CSR_GetRequest_ex(extensions, 0); +} + int TLSX_CSR_ForceRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); @@ -3561,9 +3717,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (SSL_CM(ssl)->ocspEnabled) { - csr->request.ocsp.ssl = ssl; + csr->request.ocsp[0].ssl = ssl; return CheckOcspRequest(SSL_CM(ssl)->ocsp, - &csr->request.ocsp, NULL, NULL); + &csr->request.ocsp[0], NULL, NULL); } else { WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); @@ -3591,7 +3747,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, return MEMORY_E; ForceZero(csr, sizeof(CertificateStatusRequest)); - +#if defined(WOLFSSL_TLS13) + XMEMSET(csr->responses, 0, sizeof(csr->responses)); +#endif csr->status_type = status_type; csr->options = options; csr->ssl = ssl; @@ -3608,9 +3766,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, (void)devId; #endif if (ret == 0) { - if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, + if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce, MAX_OCSP_NONCE_SZ) == 0) - csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; + csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; wc_FreeRng(&rng); } diff --git a/src/tls13.c b/src/tls13.c index 17a4fd1af..150accda7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8421,6 +8421,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx) return len; } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +/* Write certificate status request into certificate to buffer. + * + * ssl SSL/TLS object. + * certExts DerBuffer array. buffers written + * extSz word32 array. + * Length of the certificate status request data for the certificate. + * extSz_num number of the CSR written + * extIdx The index number of certificate status request data + * for the certificate. + * offset index offset + * returns Total number of bytes written. + */ +static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, + word16* extSz, word16 extSz_num) +{ + int ret = 0; + TLSX* ext; + CertificateStatusRequest* csr; + word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */ + + OPAQUE16_LEN /* extension length */; + word32 totalSz = 0; + word32 tmpSz; + word32 extIdx; + DerBuffer* der; + + ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = ext ? (CertificateStatusRequest*)ext->data : NULL; + + if (csr) { + for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) { + tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx); + + if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && + certExts[extIdx] == NULL) { + /* csr extension is not zero */ + extSz[extIdx] = tmpSz; + + ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset, + CERT_TYPE, ssl->heap); + if (ret < 0) + return ret; + der = certExts[extIdx]; + + /* write extension type */ + c16toa(ext->type, der->buffer + + OPAQUE16_LEN); + /* writes extension data length. */ + c16toa(extSz[extIdx], der->buffer + + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN); + /* write extension data */ + extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr, + der->buffer + ex_offset, 0, extIdx); + /* add extension offset */ + extSz[extIdx] += (word16)ex_offset; + /* extension length */ + c16toa(extSz[extIdx] - OPAQUE16_LEN, + der->buffer); + } + totalSz += extSz[extIdx]; + } + } + else { + /* chain cert empty extension size */ + totalSz += OPAQUE16_LEN * extSz_num; + } + return totalSz; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ /* Add certificate data and empty extension to output up to the fragment size. * * ssl SSL/TLS object. @@ -8430,10 +8499,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx) * idx The start of the certificate data to write out. * fragSz The maximum size of this fragment. * output The buffer to write to. + * extIdx The index number of the extension data with the certificate * returns the number of bytes written. */ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, - word32 idx, word32 fragSz, byte* output) + word32 idx, word32 fragSz, byte* output, word16 extIdx) { word32 i = 0; word32 copySz = min(len - idx, fragSz); @@ -8454,7 +8524,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, } } else { - byte* certExts = ssl->buffers.certExts->buffer + idx + i - len; + byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len; /* Put out as much of the extensions' data as will fit in fragment. */ if (copySz > fragSz - i) copySz = fragSz - i; @@ -8476,8 +8546,10 @@ static int SendTls13Certificate(WOLFSSL* ssl) { int ret = 0; word32 certSz, certChainSz, headerSz, listSz, payloadSz; - word16 extSz = 0; + word16 extSz[1 + MAX_CERT_EXTENSIONS]; + word16 extIdx = 0; word32 maxFragment; + word32 totalextSz = 0; word32 len = 0; word32 idx = 0; word32 offset = OPAQUE16_LEN; @@ -8538,35 +8610,45 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */ headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ + CERT_HEADER_SZ; + /* set empty extension as default */ + for (extIdx = 0; extIdx < XELEM_CNT(extSz); extIdx++) + extSz[extIdx] = OPAQUE16_LEN; - ret = TLSX_GetResponseSize(ssl, certificate, &extSz); - if (ret < 0) - return ret; + length = 0; + listSz = 0; - /* Create extensions' data if none already present. */ - if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) { - ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap); - if (ret < 0) - return ret; - - extSz = 0; - ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer, - certificate, &extSz); + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + /* We only send CSR on the server side. On client side, the CSR data + * is populated with the server response. We would be sending the server + * its own stapling data. */ + if (ssl->options.side == WOLFSSL_SERVER_END) { + ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0], + 1 /* +1 for leaf */ + ssl->buffers.certChainCnt); if (ret < 0) return ret; + totalextSz += ret; + ret = 0; /* Clear to signal no error */ + } + else + #endif + { + /* Leaf cert empty extension size */ + totalextSz += OPAQUE16_LEN; + /* chain cert empty extension size */ + totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt; } /* Length of message data with one certificate and extensions. */ - length = (sword32)(headerSz + certSz + extSz); + length += (sword32)(headerSz + certSz + totalextSz); /* Length of list data with one certificate and extensions. */ - listSz = CERT_HEADER_SZ + certSz + extSz; + listSz += CERT_HEADER_SZ + certSz + totalextSz; /* Send rest of chain if sending cert (chain has leading size/s). */ if (certSz > 0 && ssl->buffers.certChainCnt > 0) { p = ssl->buffers.certChain->buffer; /* Chain length including extensions. */ - certChainSz = ssl->buffers.certChain->length + - OPAQUE16_LEN * (word32)ssl->buffers.certChainCnt; + certChainSz = ssl->buffers.certChain->length; + length += certChainSz; listSz += certChainSz; } @@ -8581,6 +8663,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + extIdx = 0; + while (length > 0 && ret == 0) { byte* output = NULL; word32 fragSz = 0; @@ -8595,15 +8679,15 @@ static int SendTls13Certificate(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ if (ssl->fragOffset == 0) { - if (headerSz + certSz + extSz + certChainSz <= + if (headerSz + certSz + totalextSz + certChainSz <= maxFragment - HANDSHAKE_HEADER_SZ) { - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #ifdef WOLFSSL_DTLS13 else if (ssl->options.dtls){ /* short-circuit the fragmentation logic here. DTLS fragmentation will be done in dtls13HandshakeSend() */ - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #endif /* WOLFSSL_DTLS13 */ else { @@ -8662,20 +8746,23 @@ static int SendTls13Certificate(WOLFSSL* ssl) else AddTls13RecordHeader(output, fragSz, handshake, ssl); - if (certSz > 0 && ssl->fragOffset < certSz + extSz) { - /* Put in the leaf certificate with extensions. */ - word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, - certSz, extSz, ssl->fragOffset, fragSz, output + i); - i += copySz; - ssl->fragOffset += copySz; - length -= copySz; - fragSz -= copySz; - if (ssl->fragOffset == certSz + extSz) - FreeDer(&ssl->buffers.certExts); + if (extIdx == 0) { + if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) { + /* Put in the leaf certificate with extensions. */ + word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, + certSz, extSz[extIdx], ssl->fragOffset, fragSz, + output + i, extIdx); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + if (ssl->fragOffset == certSz + extSz[extIdx]) + FreeDer(&ssl->buffers.certExts[extIdx]); + } } if (certChainSz > 0 && fragSz > 0) { - /* Put in the CA certificates with empty extensions. */ - while (fragSz > 0) { + /* Put in the CA certificates with extensions. */ + while (fragSz > 0) { word32 l; if (offset == len + OPAQUE16_LEN) { @@ -8684,19 +8771,27 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Point to the start of current cert in chain buffer. */ p = ssl->buffers.certChain->buffer + idx; len = NextCert(ssl->buffers.certChain->buffer, - ssl->buffers.certChain->length, &idx); + ssl->buffers.certChain->length, &idx); if (len == 0) break; + if (MAX_CERT_EXTENSIONS > extIdx) + extIdx++; } - - /* Write out certificate and empty extension. */ - l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz, - output + i); + /* Write out certificate and extension. */ + l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz, + output + i, extIdx); i += l; ssl->fragOffset += l; length -= l; fragSz -= l; offset += l; + + if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS && + ssl->buffers.certExts[extIdx] != NULL && + offset == len + extSz[extIdx]) + FreeDer(&ssl->buffers.certExts[extIdx]); + /* for next chain cert */ + len += extSz[extIdx] - OPAQUE16_LEN; } } diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index f61c78650..31307806f 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -115,7 +115,7 @@ enum wolfSSL_ErrorCodes { COOKIE_ERROR = -369, /* dtls cookie error */ SEQUENCE_ERROR = -370, /* dtls sequence error */ SUITES_ERROR = -371, /* suites pointer error */ - + MAX_CERT_EXTENSIONS_ERR = -372, /* max cert extension exceeded */ OUT_OF_ORDER_E = -373, /* out of order message */ BAD_KEA_TYPE_E = -374, /* bad KEA type found */ SANITY_CIPHER_E = -375, /* sanity check on cipher error */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d3a03e1d4..f7ab1edab 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2024,6 +2024,15 @@ enum Misc { #define MAX_CHAIN_DEPTH 9 #endif +/* Max certificate extensions in TLS1.3 */ +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + /* Number of extensions to set each OCSP response */ + #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH) +#else + /* Only empty extensions */ + #define MAX_CERT_EXTENSIONS 1 +#endif + /* max size of a certificate message payload */ /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ #ifndef MAX_CERTIFICATE_SZ @@ -3274,10 +3283,11 @@ typedef struct { byte options; WOLFSSL* ssl; union { - OcspRequest ocsp; + OcspRequest ocsp[MAX_CERT_EXTENSIONS]; } request; + word16 requests; #ifdef WOLFSSL_TLS13 - buffer response; + buffer responses[MAX_CERT_EXTENSIONS]; #endif } CertificateStatusRequest; @@ -3286,12 +3296,25 @@ WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, #ifndef NO_CERTS WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx); #endif WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); +WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, + byte isRequest, + int idx); +WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx); +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx); #endif - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, + DecodedCert* cert, byte* certData, word32 length, + byte *ctxOwnsRequest); +#endif /** Certificate Status Request v2 - RFC 6961 */ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -4771,7 +4794,7 @@ typedef struct Buffers { /* chain after self, in DER, with leading size for each cert */ #ifdef WOLFSSL_TLS13 int certChainCnt; - DerBuffer* certExts; + DerBuffer* certExts[MAX_CERT_EXTENSIONS]; #endif #endif #ifdef WOLFSSL_SEND_HRR_COOKIE @@ -6040,6 +6063,9 @@ struct WOLFSSL { char* url; #endif #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + word32 response_idx; +#endif #endif #ifdef HAVE_NETX NetX_Ctx nxCtx; /* NetX IO Context */ From dab764a08e000b653e447285c7d6dcdf3a6548c2 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 24 Aug 2024 15:36:35 +0900 Subject: [PATCH 090/325] fix pr test --- src/tls13.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 150accda7..09b0c8920 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8611,7 +8611,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ + CERT_HEADER_SZ; /* set empty extension as default */ - for (extIdx = 0; extIdx < XELEM_CNT(extSz); extIdx++) + for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) extSz[extIdx] = OPAQUE16_LEN; length = 0; From 29e27889ee10cd6049952647d481192f342cf4d3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz <49391366+julek-wolfssl@users.noreply.github.com> Date: Wed, 28 Aug 2024 10:03:00 +0200 Subject: [PATCH 091/325] TLSX_CSR_InitRequest_ex: decrement csr->requests when reusing --- src/tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tls.c b/src/tls.c index 04238f669..48161c6da 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3651,6 +3651,8 @@ int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, if (request->serial != NULL) { /* clear request contents before re-use */ FreeOcspRequest(request); + if (csr->requests > 0) + csr->requests--; } /* preserve nonce */ XMEMCPY(nonce, request->nonce, nonceSz); From 16dc67f4214ef2141c557a1830769843f744f1a1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 28 Aug 2024 10:04:45 +0200 Subject: [PATCH 092/325] SendTls13Certificate: set variables directly instead of incrementing --- src/tls13.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 09b0c8920..094e80775 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8614,9 +8614,6 @@ static int SendTls13Certificate(WOLFSSL* ssl) for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) extSz[extIdx] = OPAQUE16_LEN; - length = 0; - listSz = 0; - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) /* We only send CSR on the server side. On client side, the CSR data * is populated with the server response. We would be sending the server @@ -8639,9 +8636,9 @@ static int SendTls13Certificate(WOLFSSL* ssl) } /* Length of message data with one certificate and extensions. */ - length += (sword32)(headerSz + certSz + totalextSz); + length = (sword32)(headerSz + certSz + totalextSz); /* Length of list data with one certificate and extensions. */ - listSz += CERT_HEADER_SZ + certSz + totalextSz; + listSz = CERT_HEADER_SZ + certSz + totalextSz; /* Send rest of chain if sending cert (chain has leading size/s). */ if (certSz > 0 && ssl->buffers.certChainCnt > 0) { From 7a1d0e0dc8affd275dc90a18567e84d25411b455 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 18 Sep 2024 18:30:04 +0900 Subject: [PATCH 093/325] addressed review comment --- SCRIPTS-LIST | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index 753bbf90e..f99b7ce1a 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -35,7 +35,7 @@ scripts/ google.test - example client test against google, part of tests resume.test - example sessoin resume test, part of tests ocsp-stapling.test - example client test against globalsign, part of tests - ocsp-stapling1_tls13.text - example client test against example server, part of tests + ocsp-stapling1_tls13multi.text - example client test against example server, part of tests ocsp-stapling2.test - example client test against example server, part of tests sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests in sniffer mode From b84a4e1c8d82f4e57fc3eacd3c2520eff4ecaa80 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 19 Sep 2024 14:54:58 +0900 Subject: [PATCH 094/325] fix pr unit test --- tests/api.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 57587996f..ba79efc5f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -89018,7 +89018,6 @@ static int error_test(void) { -346, -349 }, { -356, -356 }, { -358, -358 }, - { -372, -372 }, { -384, -384 }, { -466, -499 }, { WOLFSSL_LAST_E-1, WOLFSSL_LAST_E-1 } From 5105082a1f542c54d74952369db11a8383ea60cc Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 21 Sep 2024 16:03:17 +0900 Subject: [PATCH 095/325] addressed review comments --- src/tls13.c | 17 ++++++++++------- wolfssl/internal.h | 7 +++++++ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 094e80775..9164cefc6 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8421,7 +8421,7 @@ static word32 NextCert(byte* data, word32 length, word32* idx) return len; } -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) /* Write certificate status request into certificate to buffer. * * ssl SSL/TLS object. @@ -8546,7 +8546,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) { int ret = 0; word32 certSz, certChainSz, headerSz, listSz, payloadSz; - word16 extSz[1 + MAX_CERT_EXTENSIONS]; + word16 extSz[MAX_CERT_EXTENSIONS]; word16 extIdx = 0; word32 maxFragment; word32 totalextSz = 0; @@ -8614,7 +8614,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) extSz[extIdx] = OPAQUE16_LEN; - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) /* We only send CSR on the server side. On client side, the CSR data * is populated with the server response. We would be sending the server * its own stapling data. */ @@ -8747,14 +8747,14 @@ static int SendTls13Certificate(WOLFSSL* ssl) if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) { /* Put in the leaf certificate with extensions. */ word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, - certSz, extSz[extIdx], ssl->fragOffset, fragSz, - output + i, extIdx); + certSz, extSz[0], ssl->fragOffset, fragSz, + output + i, 0); i += copySz; ssl->fragOffset += copySz; length -= copySz; fragSz -= copySz; - if (ssl->fragOffset == certSz + extSz[extIdx]) - FreeDer(&ssl->buffers.certExts[extIdx]); + if (ssl->fragOffset == certSz + extSz[0]) + FreeDer(&ssl->buffers.certExts[0]); } } if (certChainSz > 0 && fragSz > 0) { @@ -8771,8 +8771,11 @@ static int SendTls13Certificate(WOLFSSL* ssl) ssl->buffers.certChain->length, &idx); if (len == 0) break; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(NO_WOLFSSL_SERVER) if (MAX_CERT_EXTENSIONS > extIdx) extIdx++; + #endif } /* Write out certificate and extension. */ l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz, diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f7ab1edab..d305bdbeb 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2024,6 +2024,13 @@ enum Misc { #define MAX_CHAIN_DEPTH 9 #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + #if !defined(HAVE_OCSP) + #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP. + #endif +#endif + /* Max certificate extensions in TLS1.3 */ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) /* Number of extensions to set each OCSP response */ From e10c943bf32c020085d3a062f71e8c781ed91a06 Mon Sep 17 00:00:00 2001 From: Aidan Garske Date: Tue, 24 Sep 2024 14:29:46 -0700 Subject: [PATCH 096/325] wolfCrypt CSharp Wrapper: * Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper. * Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example. * Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly. * Fixes for several scan-build warnings. --- .github/workflows/win-csharp-test.yml | 57 + mcapi/crypto.h | 4 +- src/pk.c | 4 +- src/ssl.c | 11 +- tests/api.c | 9 +- wolfcrypt/src/aes.c | 31 +- wolfcrypt/src/asn.c | 24 +- wolfcrypt/src/curve25519.c | 28 + wolfcrypt/src/ecc.c | 21 +- wolfcrypt/src/ed25519.c | 26 + wolfcrypt/src/hash.c | 31 + wolfcrypt/src/rsa.c | 27 +- wolfcrypt/test/test.c | 755 ++--- wolfssl/wolfcrypt/aes.h | 2 + wolfssl/wolfcrypt/curve25519.h | 6 +- wolfssl/wolfcrypt/ed25519.h | 7 +- wolfssl/wolfcrypt/ed448.h | 2 +- wolfssl/wolfcrypt/hash.h | 3 + wolfssl/wolfcrypt/rsa.h | 2 + wrapper/CSharp/README.md | 35 +- wrapper/CSharp/include.am | 7 + wrapper/CSharp/user_settings.h | 136 + wrapper/CSharp/wolfCrypt-Test/App.config | 6 + .../wolfCrypt-Test/Properties/AssemblyInfo.cs | 36 + .../CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | 920 +++++ .../wolfCrypt-Test/wolfCrypt-Test.csproj | 123 + .../CSharp/wolfSSL-DTLS-PSK-Server/App.config | 6 +- .../wolfSSL-DTLS-PSK-Server.csproj | 11 +- wrapper/CSharp/wolfSSL-DTLS-Server/App.config | 6 +- .../wolfSSL-DTLS-Server.csproj | 11 +- .../wolfSSL-Example-IOCallbacks/App.config | 6 +- .../wolfSSL-Example-IOCallbacks.csproj | 11 +- wrapper/CSharp/wolfSSL-TLS-Client/App.config | 6 +- .../wolfSSL-TLS-Client.csproj | 11 +- .../wolfSSL-TLS-PSK-Client.csproj | 8 +- .../CSharp/wolfSSL-TLS-PSK-Server/App.config | 6 +- .../wolfSSL-TLS-PSK-Server.csproj | 11 +- wrapper/CSharp/wolfSSL-TLS-Server/App.config | 6 +- .../wolfSSL-TLS-Server.csproj | 11 +- .../wolfSSL-TLS-ServerThreaded/App.config | 6 +- .../wolfSSL-TLS-ServerThreaded.csproj | 11 +- wrapper/CSharp/wolfSSL_CSharp.sln | 115 +- wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | 2953 +++++++++++++++++ .../wolfSSL_CSharp/wolfSSL_CSharp.csproj | 9 +- wrapper/CSharp/wolfssl.vcxproj | 456 +++ 45 files changed, 5414 insertions(+), 559 deletions(-) create mode 100644 .github/workflows/win-csharp-test.yml create mode 100644 wrapper/CSharp/user_settings.h create mode 100644 wrapper/CSharp/wolfCrypt-Test/App.config create mode 100644 wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs create mode 100644 wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs create mode 100644 wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj create mode 100644 wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs create mode 100644 wrapper/CSharp/wolfssl.vcxproj diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml new file mode 100644 index 000000000..4ba24f9e9 --- /dev/null +++ b/.github/workflows/win-csharp-test.yml @@ -0,0 +1,57 @@ +name: Windows CSharp Build Test + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + build: + + runs-on: windows-latest + + # This should be a safe limit for the tests to run. + timeout-minutes: 6 + + env: + # Path to the solution file relative to the root of the project. + SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln + + # Configuration type to build. + # You can convert this to a build matrix if you need coverage of multiple configuration types. + # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix + BUILD_CONFIGURATION: Debug + BUILD_PLATFORM: x64 + + steps: + - name: Pull wolfssl + uses: actions/checkout@master + with: + repository: wolfssl/wolfssl + path: wolfssl + + - name: Create FIPS stub files (autogen) + working-directory: wolfssl + run: | + echo $null >> wolfcrypt\src\fips.c + echo $null >> wolfcrypt\src\fips_test.c + echo $null >> wolfcrypt\src\wolfcrypt_first.c + echo $null >> wolfcrypt\src\wolfcrypt_last.c + + - name: Add MSBuild to PATH + uses: microsoft/setup-msbuild@v1 + + - name: Build + working-directory: ${{env.GITHUB_WORKSPACE}} + # Add additional options to the MSBuild command line here (like platform or verbosity level). + # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference + run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}} + + - name: Run wolfCrypt test + working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\ + run: ./wolfCrypt-test.exe + + - name: Run wolfSSL client/server example + working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\ + run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe diff --git a/mcapi/crypto.h b/mcapi/crypto.h index dd95c1ca9..f11184916 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -173,9 +173,9 @@ enum { typedef struct CRYPT_AES_CTX { /* big enough to hold internal, but check on init */ #ifdef WOLF_PRIVATE_KEY_ID - int holder[110]; + int holder[114]; #else - int holder[92]; + int holder[96]; #endif } CRYPT_AES_CTX; diff --git a/src/pk.c b/src/pk.c index f515bfeed..325e8b508 100644 --- a/src/pk.c +++ b/src/pk.c @@ -354,7 +354,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, int ret = 0; int paddingSz = 0; word32 idx; - word32 cipherInfoSz; + word32 cipherInfoSz = 0; #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -3300,7 +3300,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, #endif int initTmpRng = 0; WC_RNG* rng = NULL; - long en; + long en = 0; #endif (void)cb; diff --git a/src/ssl.c b/src/ssl.c index e4aecb0e8..9398f1170 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16138,11 +16138,14 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) else { /* Only preserve overlapping suites */ Suites tmpSuites; - word16 in, out, haveECDSAsig = 0; - word16 haveStaticECC = ssl->options.haveStaticECC; + word16 in, out; + word16 haveECDSAsig, haveStaticECC; #ifdef NO_RSA haveECDSAsig = 1; haveStaticECC = 1; +#else + haveECDSAsig = 0; + haveStaticECC = ssl->options.haveStaticECC; #endif XMEMSET(&tmpSuites, 0, sizeof(Suites)); /* Get all possible ciphers and sigalgs for the version. Following @@ -21962,9 +21965,9 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, #endif /* HAVE_SUPPORTED_CURVES */ } - if (ssl) + if (ssl != NULL) ssl->disabledCurves = disabled; - else + else if (ctx != NULL) ctx->disabledCurves = disabled; ret = WOLFSSL_SUCCESS; diff --git a/tests/api.c b/tests/api.c index 57587996f..321bfdc30 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27665,7 +27665,7 @@ static int test_wc_EccPrivateKeyToDer(void) byte output[ONEK_BUF]; ecc_key eccKey; WC_RNG rng; - word32 inLen; + word32 inLen = 0; word32 outLen = 0; int ret; @@ -27681,12 +27681,13 @@ static int test_wc_EccPrivateKeyToDer(void) #endif ExpectIntEQ(ret, 0); - inLen = (word32)sizeof(output); /* Bad Cases */ ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0); + ExpectIntGT(inLen, 0); ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Good Case */ ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0); @@ -52516,7 +52517,7 @@ static int test_wolfSSL_ASN1_INTEGER(void) ASN1_INTEGER_free(a); a = NULL; - p = longDer; + p = invalidLenDer; ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); p = longDer; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e76f66f13..d7c12f21a 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10539,6 +10539,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, if (ret == 0) ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); + aes->isAllocated = 0; wc_AesFree(aes); } ForceZero(aes, sizeof *aes); @@ -10580,6 +10581,8 @@ int wc_GmacVerify(const byte* key, word32 keySz, if (ret == 0) ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); + + aes->isAllocated = 0; wc_AesFree(aes); } ForceZero(aes, sizeof *aes); @@ -11296,6 +11299,20 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ +Aes* wc_AesNew(void* heap, int devId) +{ + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes != NULL) { + if (wc_AesInit(aes, heap, devId) != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + else { + aes->isAllocated = 1; + } + } + return aes; +} /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) @@ -11305,6 +11322,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId) if (aes == NULL) return BAD_FUNC_ARG; + aes->isAllocated = 0; aes->heap = heap; aes->rounds = 0; @@ -11430,8 +11448,13 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) /* Free Aes from use with async hardware */ void wc_AesFree(Aes* aes) { - if (aes == NULL) + unsigned int isAllocated; + + if (aes == NULL) { return; + } + + isAllocated = aes->isAllocated; #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); @@ -11499,6 +11522,11 @@ void wc_AesFree(Aes* aes) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif + + if (isAllocated) { + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + } + } int wc_AesGetKeySize(Aes* aes, word32* keySize) @@ -14032,6 +14060,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } + aes->isAllocated = 0; wc_AesFree(aes); #ifdef WOLFSSL_SMALL_STACK XFREE(aes, NULL, DYNAMIC_TYPE_AES); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4d0499865..979326527 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22659,7 +22659,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) { DECL_ASNGETDATA(dataASN, certReqASN_Length); int ret = 0; - byte version; + byte version = 0; word32 idx; CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap); @@ -23552,7 +23552,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, const unsigned char** pubKey, word32* pubKeySz) { int ret = 0; - int l; + int l = 0; word32 o = 0; int i; static DecodeInstr ops[] = { @@ -27841,7 +27841,7 @@ static int SetCertificatePolicies(byte *output, byte oid[MAX_OID_SZ]; word32 oidSz; word32 sz = 0; - int piSz; + int piSz = 0; if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) { ret = BAD_FUNC_ARG; @@ -30399,8 +30399,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, return (int)(idx + seqSz); #else DECL_ASNSETDATA(dataASN, sigASN_Length); - word32 seqSz; - int sz; + word32 seqSz = 0; + int sz = 0; int ret = 0; CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL); @@ -35106,6 +35106,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ +/* Note: use wc_EccKeyDerSize to get length only */ WOLFSSL_ABI int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) { @@ -35117,10 +35118,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) int wc_EccKeyDerSize(ecc_key* key, int pub) { word32 sz = 0; - int ret; - - ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); - + int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -35131,7 +35129,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub) * length on success else < 0 */ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen) { - return wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + return (int)inLen; + } + return ret; } #ifdef HAVE_PKCS8 @@ -35673,7 +35675,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz; #else DECL_ASNSETDATA(dataASN, edKeyASN_Length); - int sz; + int sz = 0; #endif /* validate parameters */ diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index e24034222..304fa3b95 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -655,6 +655,22 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ +curve25519_key* wc_curve25519_new(void* heap, int devId) +{ + curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, + DYNAMIC_TYPE_CURVE25519); + if (key != NULL) { + if (wc_curve25519_init_ex(key, heap, devId) != 0) { + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); + key = NULL; + } + else { + key->isAllocated = 1; + } + } + return key; +} + int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) @@ -691,9 +707,15 @@ int wc_curve25519_init(curve25519_key* key) /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) { + int isAllocated = 0; + void* heap; + if (key == NULL) return; + isAllocated = key->isAllocated; + heap = key->heap; + #ifdef WOLFSSL_SE050 se050_curve25519_free_key(key); #endif @@ -703,9 +725,15 @@ void wc_curve25519_free(curve25519_key* key) XMEMSET(&key->p, 0, sizeof(key->p)); key->pubSet = 0; key->privSet = 0; + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); #endif + + if (isAllocated) { + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); + (void)heap; + } } /* get key size */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee031a6aa..65af05cbf 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4103,7 +4103,7 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) #ifndef WOLFSSL_NO_MALLOC XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - return err; + p = NULL; } #else p->x = (mp_int*)&p->xyz[0]; @@ -13908,16 +13908,26 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz) if (ctx == NULL || (salt == NULL && sz != 0)) return BAD_FUNC_ARG; - ctx->kdfSalt = salt; - ctx->kdfSaltSz = sz; + /* truncate salt if exceeds max */ + if (sz > EXCHANGE_SALT_SZ) + sz = EXCHANGE_SALT_SZ; + /* using a custom kdf salt, so borrow clientSalt/serverSalt for it, + * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */ if (ctx->protocol == REQ_RESP_CLIENT) { ctx->cliSt = ecCLI_SALT_SET; + ctx->kdfSalt = ctx->clientSalt; } else if (ctx->protocol == REQ_RESP_SERVER) { ctx->srvSt = ecSRV_SALT_SET; + ctx->kdfSalt = ctx->serverSalt; } + if (salt != NULL) { + XMEMCPY((byte*)ctx->kdfSalt, salt, sz); + } + ctx->kdfSaltSz = sz; + return 0; } @@ -14764,8 +14774,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret == 0) ret = wc_HmacFinal(hmac, verify); if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz, - digestSz) != 0)) { - ret = -1; + digestSz) != 0)) { + ret = HASH_TYPE_E; + WOLFSSL_MSG("ECC Decrypt HMAC Check failed!"); } wc_HmacFree(hmac); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 86f594dd7..363ecc4aa 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -968,6 +968,21 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ +ed25519_key* wc_ed25519_new(void* heap, int devId) +{ + ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, + DYNAMIC_TYPE_ED25519); + if (key != NULL) { + if (wc_ed25519_init_ex(key, heap, devId) != 0) { + XFREE(key, heap, DYNAMIC_TYPE_ED25519); + key = NULL; + } + else { + key->isAllocated = 1; + } + } + return key; +} /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) @@ -1008,9 +1023,15 @@ int wc_ed25519_init(ed25519_key* key) /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) { + int isAllocated = 0; + void* heap; + if (key == NULL) return; + isAllocated = key->isAllocated; + heap = key->heap; + #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); #endif @@ -1023,6 +1044,11 @@ void wc_ed25519_free(ed25519_key* key) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(ed25519_key)); #endif + + if (isAllocated) { + XFREE(key, heap, DYNAMIC_TYPE_ED25519); + (void)heap; + } } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index db3a04799..d5988341d 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -686,6 +686,22 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } +wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) +{ + wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, + DYNAMIC_TYPE_HASHES); + if (hash != NULL) { + if (wc_HashInit_ex(hash, type, heap, devId) != 0) { + XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + hash = NULL; + } + else { + hash->isAllocated = 1; + } + } + return hash; +} + int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) { @@ -1008,43 +1024,53 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int isAllocated = 0; + void* heap = NULL; if (hash == NULL) return BAD_FUNC_ARG; + isAllocated = hash->isAllocated; + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 + heap = hash->md5.heap; wc_Md5Free(&hash->md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA + heap = hash->sha.heap; wc_ShaFree(&hash->sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 + heap = hash->sha224.heap; wc_Sha224Free(&hash->sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 + heap = hash->sha256.heap; wc_Sha256Free(&hash->sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 + heap = hash->sha384.heap; wc_Sha384Free(&hash->sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 + heap = hash->sha512.heap; wc_Sha512Free(&hash->sha512); ret = 0; #endif @@ -1071,6 +1097,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + heap = hash->sha3.heap; wc_Sha3_224_Free(&hash->sha3); ret = 0; #endif @@ -1096,6 +1123,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + heap = hash->sm3.heap; wc_Sm3Free(&hash->sm3); ret = 0; break; @@ -1118,6 +1146,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; + if (isAllocated && heap) + XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + return ret; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 1cb01bb47..29295716b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -154,9 +154,24 @@ static void wc_RsaCleanup(RsaKey* key) #endif } +RsaKey* wc_NewRsaKey(void* heap, int devId) +{ + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key != NULL) { + if (wc_InitRsaKey_ex(key, heap, devId) != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + else { + key->isAllocated = 1; + } + } + return key; +} + int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { - int ret = 0; + int ret = 0; if (key == NULL) { return BAD_FUNC_ARG; @@ -527,11 +542,16 @@ int wc_RsaGetKeyId(RsaKey* key, word32* keyId) int wc_FreeRsaKey(RsaKey* key) { int ret = 0; + int isAllocated = 0; + void* heap; if (key == NULL) { return BAD_FUNC_ARG; } + isAllocated = key->isAllocated; + heap = key->heap; + wc_RsaCleanup(key); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) @@ -595,6 +615,11 @@ int wc_FreeRsaKey(RsaKey* key) wc_fspsm_RsaKeyFree(key); #endif + if (isAllocated) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + (void)heap; + } + return ret; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 544abc784..45d97755f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1960,7 +1960,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ else TEST_PASS("AES-SIV test passed!\n"); #endif -#endif +#endif /* !NO_AES */ #if defined(WOLFSSL_AES_EAX) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) @@ -5899,7 +5899,11 @@ exit: #ifndef NO_HASH_WRAPPER WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) { - wc_HashAlg hash; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_HashAlg *hash = NULL; +#else + wc_HashAlg hash[1]; +#endif int ret, exp_ret; int i, j; int digestSz; @@ -5957,6 +5961,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) WOLFSSL_ENTER("hash_test"); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId); + if (hash == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } + hash->isAllocated = 0; /* free manually */ +#else + XMEMSET(hash, 0, sizeof(wc_HashAlg)); +#endif + /* Parameter Validation testing. */ ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) @@ -5964,7 +5979,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); - ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); @@ -5973,7 +5988,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); - ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); + ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); @@ -5982,16 +5997,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) /* Try invalid hash algorithms. */ for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { - ret = wc_HashInit(&hash, typesBad[i]); + ret = wc_HashInit(hash, typesBad[i]); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); + ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - ret = wc_HashFinal(&hash, typesBad[i], out); + ret = wc_HashFinal(hash, typesBad[i], out); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - wc_HashFree(&hash, typesBad[i]); + wc_HashFree(hash, typesBad[i]); } /* Try valid hash algorithms. */ @@ -6002,16 +6017,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) exp_ret = HASH_TYPE_E; j++; } - ret = wc_HashInit(&hash, typesGood[i]); + ret = wc_HashInit(hash, typesGood[i]); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); + ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data)); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - ret = wc_HashFinal(&hash, typesGood[i], out); + ret = wc_HashFinal(hash, typesGood[i], out); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - wc_HashFree(&hash, typesGood[i]); + wc_HashFree(hash, typesGood[i]); digestSz = wc_HashGetDigestSize(typesGood[i]); if (exp_ret < 0 && digestSz != exp_ret) @@ -6232,6 +6247,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) return WC_TEST_RET_ENC_EC(ret); #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash->isAllocated = 1; /* free manually */ + (void)wc_HashFree(hash, WC_HASH_TYPE_NONE); +#endif + return 0; } #endif /* !NO_HASH_WRAPPER */ @@ -9194,18 +9214,28 @@ EVP_TEST_END: WOLFSSL_ENTER("aesofb_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(-1, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(-1, out); -#endif -#endif - - XMEMSET(enc, 0, sizeof *enc); + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #ifdef HAVE_AES_DECRYPT - XMEMSET(dec, 0, sizeof *dec); + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key size test */ @@ -9218,16 +9248,6 @@ EVP_TEST_END: } #endif - ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #endif - ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -9449,19 +9469,12 @@ EVP_TEST_END: ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - out: + out: wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); -#endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#endif - + #endif #endif /* WOLFSSL_AES_256 */ return ret; @@ -9479,17 +9492,15 @@ EVP_TEST_END: #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = NULL; -#else + #else Aes dec[1]; -#endif - int dec_inited = 0; - byte plain [AES_BLOCK_SIZE * 4]; #endif + byte plain [AES_BLOCK_SIZE * 4]; +#endif wc_test_ret_t ret = 0; WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { @@ -9595,26 +9606,28 @@ EVP_TEST_END: #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -9779,18 +9792,9 @@ EVP_TEST_END: out: - if (enc_inited) - wc_AesFree(enc); + wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + wc_AesFree(dec); #endif return ret; @@ -9804,7 +9808,6 @@ EVP_TEST_END: #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -9812,7 +9815,6 @@ EVP_TEST_END: #else Aes dec[1]; #endif - int dec_inited = 0; byte plain [AES_BLOCK_SIZE]; #endif wc_test_ret_t ret = 0; @@ -9893,26 +9895,28 @@ EVP_TEST_END: #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif -#endif - +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -10042,19 +10046,10 @@ EVP_TEST_END: out: - if (enc_inited) wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) + #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); -#endif - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#endif + #endif return ret; } @@ -10066,7 +10061,6 @@ EVP_TEST_END: #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -10074,7 +10068,6 @@ EVP_TEST_END: #else Aes dec[1]; #endif - int dec_inited = 0; byte plain [AES_BLOCK_SIZE]; #endif wc_test_ret_t ret = 0; @@ -10152,26 +10145,28 @@ EVP_TEST_END: #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -10255,26 +10250,16 @@ EVP_TEST_END: out: - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#endif + wc_AesFree(enc); + #ifdef HAVE_AES_DECRYPT + wc_AesFree(dec); + #endif return ret; } #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ #endif /* WOLFSSL_AES_CFB */ - static wc_test_ret_t aes_key_size_test(void) { wc_test_ret_t ret; @@ -12735,19 +12720,17 @@ static wc_test_ret_t aesecb_test(void) wc_test_ret_t ret = 0; #if defined(WOLFSSL_AES_256) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *enc = NULL; #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE * 4]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *dec = NULL; #else Aes dec[1]; #endif - int dec_inited = 0; byte plain[AES_BLOCK_SIZE * 4]; #endif /* HAVE_AES_DECRYPT */ @@ -12772,16 +12755,27 @@ static wc_test_ret_t aesecb_test(void) 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; - #if defined(HAVE_AES_DECRYPT) + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ XMEMSET(cipher, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); @@ -12872,28 +12866,10 @@ static wc_test_ret_t aesecb_test(void) #endif /* HAVE_AES_DECRYPT */ } - out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#endif -#else - if (enc_inited) + out: + wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) wc_AesFree(dec); -#endif -#endif #endif /* WOLFSSL_AES_256 */ @@ -13674,19 +13650,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *enc = NULL; #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE * 4]; #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *dec = NULL; #else Aes dec[1]; #endif - int dec_inited = 0; byte plain [AES_BLOCK_SIZE * 4]; #endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ @@ -13718,25 +13692,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ defined(WOLFSSL_AES_DIRECT) + enc = wc_AesNew(HEAP_HINT, devId); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + dec = wc_AesNew(HEAP_HINT, devId); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ - +#else +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ + defined(WOLFSSL_AES_DIRECT) + XMEMSET(enc, 0, sizeof(Aes)); + #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; +#endif #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef HAVE_AES_ECB ret = aes_ecb_test(enc, dec, cipher, plain); @@ -14137,31 +14118,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) out: #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#else - if (enc_inited) - wc_AesFree(enc); + wc_AesFree(enc); #endif - (void)cipher; #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#else - if (dec_inited) - wc_AesFree(dec); + wc_AesFree(dec); #endif - (void)plain; -#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ return ret; } @@ -14235,7 +14196,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -14245,9 +14205,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #endif byte plain[AES_BLOCK_SIZE]; #endif -#ifdef HAVE_AES_DECRYPT - int dec_inited = 0; -#endif /* Test vectors from NIST Special Publication 800-38A, 2001 Edition * Appendix F.2.3 */ @@ -14275,24 +14232,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) WOLFSSL_ENTER("aes192_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) @@ -14328,26 +14289,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #endif out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } + + wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#endif -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif + wc_AesFree(dec); #endif #endif /* HAVE_AES_CBC */ @@ -14364,7 +14309,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -14372,7 +14316,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #else Aes dec[1]; #endif - int dec_inited = 0; byte plain[AES_BLOCK_SIZE]; #endif #endif /* HAVE_AES_CBC */ @@ -14411,24 +14354,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) WOLFSSL_ENTER("aes256_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION); if (ret != 0) @@ -14542,27 +14489,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } + wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } + wc_AesFree(dec); #endif -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif /* HAVE_AES_DECRYPT */ -#endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ #endif /* HAVE_AES_CBC */ return ret; @@ -14578,7 +14508,6 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, byte* aad, int aadSz, byte* tag, int tagSz) { wc_test_ret_t ret; - int enc_inited = 0, dec_inited = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = NULL; Aes *dec = NULL; @@ -14591,27 +14520,27 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, byte resultP[AES_BLOCK_SIZE * 3]; byte resultC[AES_BLOCK_SIZE * 3]; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif - XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesGcmSetKey(enc, key, (word32)keySz); if (ret != 0) @@ -14689,23 +14618,8 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); - if (dec_inited) - wc_AesFree(dec); -#endif + wc_AesFree(enc); + wc_AesFree(dec); return ret; } @@ -15033,23 +14947,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif WOLFSSL_ENTER("aesgcm_test"); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif - XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#else ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif #ifdef WOLFSSL_AES_256 ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz); @@ -15623,9 +15539,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif /* WOLFSSL_AES_256 */ #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */ - wc_AesFree(enc); - wc_AesFree(dec); - ret = 0; out: @@ -15637,11 +15550,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + wc_AesFree(enc); + wc_AesFree(dec); return ret; } @@ -15971,19 +15881,20 @@ static wc_test_ret_t aesccm_128_test(void) byte tl2[sizeof(tl)]; byte t_empty2[sizeof(t_empty)]; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - return WC_TEST_RET_ENC_ERRNO; -#endif - - XMEMSET(enc, 0, sizeof *enc); /* clear context */ XMEMSET(t2, 0, sizeof(t2)); XMEMSET(c2, 0, sizeof(c2)); XMEMSET(p2, 0, sizeof(p2)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + return WC_TEST_RET_ENC_ERRNO; +#else + XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesCcmSetKey(enc, k, sizeof(k)); if (ret != 0) @@ -16020,7 +15931,6 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(p2, c2, sizeof(p2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif - wc_AesFree(enc); XMEMSET(enc, 0, sizeof(Aes)); /* clear context */ XMEMSET(t2, 0, sizeof(t2)); @@ -16149,14 +16059,11 @@ static wc_test_ret_t aesccm_128_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - wc_AesFree(enc); - ret = 0; out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + + wc_AesFree(enc); return ret; } @@ -16543,8 +16450,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void) } #endif /* HAVE_AES_KEYWRAP */ +#endif /* !NO_AES */ -#endif /* NO_AES */ #ifdef HAVE_ARIA void printOutput(const char *strName, unsigned char *data, unsigned int dataSz) @@ -21469,14 +21376,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* tmp = NULL; byte* der = NULL; - RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + RsaKey *key = NULL; #else RsaKey key[1]; byte tmp[FOURK_BUF]; #endif #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + RsaKey *keypub = NULL; #else RsaKey keypub[1]; #endif @@ -21519,6 +21426,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + WOLFSSL_ENTER("rsa_test"); #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC @@ -21529,9 +21437,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) XMEMCPY(in, inStr, inLen); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_NewRsaKey(HEAP_HINT, devId); if (key == NULL) ERROR_OUT(MEMORY_E, exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + keypub = wc_NewRsaKey(HEAP_HINT, devId); if (keypub == NULL) ERROR_OUT(MEMORY_E, exit_rsa); #endif @@ -21543,9 +21453,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) /* initialize stack structures */ XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(key, 0, sizeof *key); + /* memset also clears isAllocated bit, so free must be called manually */ + XMEMSET(key, 0, sizeof(RsaKey)); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - XMEMSET(keypub, 0, sizeof *keypub); + XMEMSET(keypub, 0, sizeof(RsaKey)); #endif #if !defined(NO_ASN) @@ -22099,12 +22010,12 @@ exit_rsa: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (key != NULL) { wc_FreeRsaKey(key); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_RSA); } #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) if (keypub != NULL) { wc_FreeRsaKey(keypub); - XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_RSA); } #endif #ifdef WOLFSSL_TEST_CERT @@ -24572,8 +24483,8 @@ static wc_test_ret_t openssl_aes_test(void) return 0; } +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ -#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) { @@ -25787,7 +25698,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) #endif } #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ -#endif /* ifndef NO_AES */ +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ return 0; } @@ -33626,6 +33537,9 @@ done: (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) +/* maximum encrypted message: + * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ +#define MAX_ECIES_TEST_SZ 200 static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -33633,9 +33547,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) byte* encrypted; byte* decrypted; #else - byte plaintext[128]; - byte encrypted[128]; - byte decrypted[128]; + byte plaintext[MAX_ECIES_TEST_SZ]; + byte encrypted[MAX_ECIES_TEST_SZ]; + byte decrypted[MAX_ECIES_TEST_SZ]; #endif ecEncCtx* aCtx = NULL; ecEncCtx* bCtx = NULL; @@ -33644,13 +33558,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) wc_test_ret_t ret = 0; static const char message[] = "Hello wolfSSL!"; word32 plaintextLen; - word32 encryptLen = 128; - word32 decryptLen = 128; + word32 encryptLen = MAX_ECIES_TEST_SZ; + word32 decryptLen = MAX_ECIES_TEST_SZ; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + encrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif wc_ecc_free(a); @@ -33699,7 +33613,7 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) ret = 10473; } - XMEMSET(plaintext, 0, 128); + XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ); XSTRLCPY((char *)plaintext, message, sizeof plaintext); plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; @@ -34954,7 +34868,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) byte exportBuf[32]; #endif word32 x = 0; - curve25519_key userA, userB, pubKey; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL; +#else + curve25519_key userA[1], userB[1], pubKey[1]; +#endif #if defined(HAVE_CURVE25519_SHARED_SECRET) && \ defined(HAVE_CURVE25519_KEY_IMPORT) @@ -35014,29 +34932,39 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - wc_curve25519_init_ex(&userA, HEAP_HINT, devId); - wc_curve25519_init_ex(&userB, HEAP_HINT, devId); - wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userA = wc_curve25519_new(HEAP_HINT, devId); + userB = wc_curve25519_new(HEAP_HINT, devId); + pubKey = wc_curve25519_new(HEAP_HINT, devId); + if (userA == NULL || userB == NULL || pubKey == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } +#else + wc_curve25519_init_ex(userA, HEAP_HINT, devId); + wc_curve25519_init_ex(userB, HEAP_HINT, devId); + wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); +#endif /* make curve25519 keys */ - ret = wc_curve25519_make_key(&rng, 32, &userA); + ret = wc_curve25519_make_key(&rng, 32, userA); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_curve25519_make_key(&rng, 32, &userB); + ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); - if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) { + if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { printf("wc_curve25519_shared_secret 1 failed\n"); return WC_TEST_RET_ENC_EC(ret); } y = sizeof(sharedB); - if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) { + if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { printf("wc_curve25519_shared_secret 2 failed\n"); return WC_TEST_RET_ENC_EC(ret); } @@ -35052,12 +34980,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) #ifdef HAVE_CURVE25519_KEY_EXPORT /* export a public key and import it for another user */ x = sizeof(exportBuf); - ret = wc_curve25519_export_public(&userA, exportBuf, &x); + ret = wc_curve25519_export_public(userA, exportBuf, &x); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); #ifdef HAVE_CURVE25519_KEY_IMPORT - ret = wc_curve25519_import_public(exportBuf, x, &pubKey); + ret = wc_curve25519_import_public(exportBuf, x, pubKey); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); #endif @@ -35068,7 +34996,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) /* test shared key after importing a public key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) { + if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { return WC_TEST_RET_ENC_NC; } @@ -35077,19 +35005,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) /* import RFC test vectors and compare shared key */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), - &userA); + userA); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), - &userB); + userB); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y); + ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -35099,7 +35027,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) /* test swapping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -35108,24 +35036,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) /* test with 1 generated key and 1 from known test vector */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), - &userA); + userA); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - wc_curve25519_free(&userB); - wc_curve25519_init_ex(&userB, HEAP_HINT, devId); + wc_curve25519_free(userB); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userB = wc_curve25519_new(HEAP_HINT, devId); + if (userB == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } +#else + wc_curve25519_init_ex(userB, HEAP_HINT, devId); +#endif - ret = wc_curve25519_make_key(&rng, 32, &userB); + ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); x = sizeof(sharedA); - ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x); + ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -35152,9 +35088,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) #endif /* clean up keys when done */ - wc_curve25519_free(&pubKey); - wc_curve25519_free(&userB); - wc_curve25519_free(&userA); + wc_curve25519_free(pubKey); + wc_curve25519_free(userB); + wc_curve25519_free(userA); wc_FreeRng(&rng); @@ -35677,8 +35613,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ word32 keySz, sigSz; - ed25519_key key; - ed25519_key key2; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key = NULL; + ed25519_key* key2 = NULL; +#else + ed25519_key key[1]; + ed25519_key key2[1]; +#endif + #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ defined(HAVE_ED25519_KEY_IMPORT) @@ -36059,8 +36002,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - ed25519_key key3; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key3 = NULL; + #else + ed25519_key key3[1]; + #endif #endif + WOLFSSL_ENTER("ed25519_test"); /* create ed25519 keys */ @@ -36072,19 +36020,36 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - wc_ed25519_init_ex(&key, HEAP_HINT, devId); - wc_ed25519_init_ex(&key2, HEAP_HINT, devId); -#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - wc_ed25519_init_ex(&key3, HEAP_HINT, devId); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_ed25519_new(HEAP_HINT, devId); + key2 = wc_ed25519_new(HEAP_HINT, devId); + if (key == NULL || key2 == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + key3 = wc_ed25519_new(HEAP_HINT, devId); + if (key3 == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } + #endif +#else + wc_ed25519_init_ex(key, HEAP_HINT, devId); + wc_ed25519_init_ex(key2, HEAP_HINT, devId); + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + wc_ed25519_init_ex(key3, HEAP_HINT, devId); + #endif #endif + #ifdef HAVE_ED25519_MAKE_KEY - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key); + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2); #endif /* helper functions for signature and key size */ - keySz = (word32)wc_ed25519_size(&key); - sigSz = (word32)wc_ed25519_sig_size(&key); + keySz = (word32)wc_ed25519_size(key); + sigSz = (word32)wc_ed25519_sig_size(key); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ defined(HAVE_ED25519_KEY_IMPORT) @@ -36093,10 +36058,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) + pKeySz[i], key) != 0) return WC_TEST_RET_ENC_I(i); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(out, sigs[i], 64)) @@ -36105,55 +36070,55 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) != 0 || verify != 1) + key) != 0 || verify != 1) return WC_TEST_RET_ENC_I(i); #ifdef WOLFSSL_ED25519_STREAMING_VERIFY /* test verify on good msg using streaming interface directly */ if (wc_ed25519_verify_msg_init(out, outlen, - &key, (byte)Ed25519, NULL, 0) != 0) + key, (byte)Ed25519, NULL, 0) != 0) return WC_TEST_RET_ENC_I(i); for (j = 0; j < msgSz[i]; j += i) { - if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0) + if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) return WC_TEST_RET_ENC_I(i); } if (wc_ed25519_verify_msg_final(out, outlen, &verify, - &key) != 0 || verify != 1) + key) != 0 || verify != 1) return WC_TEST_RET_ENC_I(i); #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) == 0 || verify == 1) + key) == 0 || verify == 1) return WC_TEST_RET_ENC_I(i); #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); - if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) + if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0) return WC_TEST_RET_ENC_I(i); - if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0) + if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) return WC_TEST_RET_ENC_I(i); - if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) + if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0) return WC_TEST_RET_ENC_I(i); if (wc_ed25519_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) + exportPKey, exportPSz, key2) != 0) return WC_TEST_RET_ENC_I(i); /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0) return WC_TEST_RET_ENC_I(i); #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key2) != 0 || verify != 1) + key2) != 0 || verify != 1) return WC_TEST_RET_ENC_I(i); if (XMEMCMP(out, sigs[i], 64)) @@ -36209,27 +36174,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) }; ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, - pKeys[0], pKeySz[0], &key); + pKeys[0], pKeySz[0], key); if (ret != 0) return ret; ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return ret; ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return ret; ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return ret; ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E)) return ret; } @@ -36245,33 +36210,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #ifndef NO_ASN /* Try ASN.1 encoded private-only key and public key. */ idx = 0; - ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, + ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3, sizeof(privateEd25519)); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); idx = 0; - if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3, + if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3, sizeof(badPrivateEd25519)) == 0) return WC_TEST_RET_ENC_NC; - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); /* try with a buffer size that is too large */ idx = 0; - if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3, + if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3, sizeof(badPublicEd25519)) == 0) return WC_TEST_RET_ENC_NC; idx = 0; - ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, + ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3, sizeof(publicEd25519)); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); @@ -36280,35 +36245,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3); + ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3); if (ret != 0 || verify != 1) return WC_TEST_RET_ENC_EC(ret); #endif /* HAVE_ED25519_VERIFY */ - wc_ed25519_free(&key3); - wc_ed25519_init(&key3); + wc_ed25519_free(key3); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key3 = wc_ed25519_new(HEAP_HINT, devId); + if (key3 == NULL) { + ret = MEMORY_E; + return WC_TEST_RET_ENC_EC(ret); + } +#else + wc_ed25519_init_ex(key3, HEAP_HINT, devId); +#endif idx = 0; - ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, + ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, sizeof(privPubEd25519)); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); if (XMEMCMP(out, sigs[0], 64)) return WC_TEST_RET_ENC_NC; - wc_ed25519_free(&key3); + wc_ed25519_free(key3); #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* clean up keys when done */ - wc_ed25519_free(&key); - wc_ed25519_free(&key2); + wc_ed25519_free(key); + wc_ed25519_free(key2); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); @@ -48983,7 +48956,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) return ret; } -#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* !NO_AES && WOLFSSL_CMAC */ #if defined(WOLFSSL_SIPHASH) @@ -50241,7 +50214,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; -#endif /* NO_AES */ +#endif /* !NO_AES */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ !defined(NO_SHA) @@ -50874,7 +50847,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; -#endif /* NO_AES */ +#endif /* !NO_AES */ #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) /* encryption key for kekri recipient types */ @@ -50973,12 +50946,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_IANDS.der"); #endif - #else /* NO_AES || !HAVE_AESGCM */ + #else (void)rsaCert; (void)rsaCertSz; (void)rsaPrivKey; (void)rsaPrivKeySz; - #endif /* NO_AES || !HAVE_AESGCM */ + #endif /* !NO_AES && !HAVE_AESGCM */ #endif /* key agreement key encryption technique*/ @@ -51060,7 +51033,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AESGCM */ #endif /* kekri (KEKRecipientInfo) recipient types */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index cf08ec3a5..b52817d22 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -392,6 +392,7 @@ struct Aes { byte nonceSet:1; byte ctrSet:1; #endif + byte isAllocated:1; /* flag indicates if structure was allocated */ #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, * trackable by sanitizers. @@ -725,6 +726,7 @@ WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); #endif +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId); WOLFSSL_API void wc_AesFree(Aes* aes); #ifdef WOLFSSL_AES_SIV diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 4d6d90da4..2d4d85173 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -90,7 +90,7 @@ struct curve25519_key { void* devCtx; int devId; #endif - + void *heap; #ifdef WOLFSSL_SE050 word32 keyId; byte keyIdSet; @@ -99,6 +99,8 @@ struct curve25519_key { /* bit fields */ byte pubSet:1; byte privSet:1; + + unsigned int isAllocated:1; /* flag indicates if structure was allocated */ }; enum { @@ -131,6 +133,8 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian); +WOLFSSL_API +curve25519_key* wc_curve25519_new(void* heap, int devId); WOLFSSL_API int wc_curve25519_init(curve25519_key* key); WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index ff3b26cb0..b8b483ce2 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -106,8 +106,10 @@ struct ed25519_key { void *heap; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 sha; - int sha_clean_flag; + unsigned int sha_clean_flag : 1; #endif + /* flag indicates if structure was allocated */ + unsigned int isAllocated : 1; }; #ifndef WC_ED25519KEY_TYPE_DEFINED @@ -175,7 +177,8 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ #endif /* HAVE_ED25519_VERIFY */ - +WOLFSSL_API +ed25519_key* wc_ed25519_new(void* heap, int devId); WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index 1d12da87a..c8ede51fe 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -97,7 +97,7 @@ struct ed448_key { void *heap; #ifdef WOLFSSL_ED448_PERSISTENT_SHA wc_Shake sha; - int sha_clean_flag; + unsigned int sha_clean_flag : 1; #endif }; diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2f7de32d0..5c1a6d661 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -119,6 +119,7 @@ typedef union { #ifdef WOLFSSL_SM3 wc_Sm3 sm3; #endif + unsigned int isAllocated:1; /* flag indicates if structure was allocated */ } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -175,6 +176,8 @@ WOLFSSL_API int wc_Hash_ex(enum wc_HashType hash_type, byte* hash, word32 hash_len, void* heap, int devId); /* generic hash operation wrappers */ +WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, + int devId); WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId); WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type); diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index c5d211e67..4cff68a43 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,6 +269,7 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif + unsigned int isAllocated:1; /* flag indicates if structure was allocated */ }; #ifndef WC_RSAKEY_TYPE_DEFINED @@ -292,6 +293,7 @@ struct RsaPadding { typedef struct RsaPadding RsaPadding; #endif +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId); WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index 21310463a..537e6cc9b 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -2,7 +2,9 @@ This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples. -* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library) +* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library). +* `wolfCrypt-Test`: wolfCrypt layer wrapper testing. +* `user_settings.h`: wolfCrypt wrapper user settings. Examples: * `wolfSSL-DTLS-PSK-Server` @@ -20,6 +22,12 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you to build the wrapper library and examples. It includes the wolfSSL Visual Studio project directly. +To successfully run and build the solution on Windows Visual Studio you will +need to open a new solution `wolfSSL_CSharp.sln` located in `wrapper\CSharp\wolfSSL_CSharp.sln`. + +Select the CPU type, configuration, and target file. +select `Build` and either `Rebuild Solution` or `Build Solution`. + ## Linux (Ubuntu) using mono Prerequisites for linux: @@ -34,35 +42,40 @@ apt-get install mono-complete ``` ./autogen.sh -./configure --enable-wolftpm +./configure --enable-keygen --enable-eccencrypt --enable-ed25519 --enable-curve25519 --enable-aesgcm make make check sudo make install ``` -### Build and run the wrapper +### Build and run the wolfCrypt test wrapper -From the wolfssl root directory: +From the `wrapper/CSharp` directory (`cd wrapper/CSharp`): + +Compile wolfCrypt test: ``` -cd wrapper/CSharp +mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs -OUT:wolfcrypttest.exe +mono wolfcrypttest.exe ``` +### Build and run the wolfSSL client/server test + +From the `wrapper/CSharp` directory (`cd wrapper/CSharp`): + Compile server: ``` -mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe ``` Compile client: ``` -mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe ``` -### Run the example +#### Run the example In one terminal instance run the server: @@ -76,7 +89,7 @@ And in another terminal instance run the client: mono client.exe ``` -### Enabling SNI +#### Enabling SNI To enable SNI, just pass the `-S` argument with the specified hostname to the client: diff --git a/wrapper/CSharp/include.am b/wrapper/CSharp/include.am index c1a11c8c0..ecd70d015 100644 --- a/wrapper/CSharp/include.am +++ b/wrapper/CSharp/include.am @@ -26,10 +26,13 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/Properties/AssemblyInfo. EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp.sln +EXTRA_DIST+= wrapper/CSharp/user_settings.h +EXTRA_DIST+= wrapper/CSharp/wolfssl.vcxproj EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config @@ -40,3 +43,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/App.config EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/Properties/AssemblyInfo.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/App.config +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h new file mode 100644 index 000000000..b9d2ff738 --- /dev/null +++ b/wrapper/CSharp/user_settings.h @@ -0,0 +1,136 @@ +/* user_settings.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* These are the build settings used by the Visual Studio CSharp wrapper */ + +#ifndef _WIN_CSHARP_USER_SETTINGS_H_ +#define _WIN_CSHARP_USER_SETTINGS_H_ + +/* Features */ +#define NO_OLD_TLS +#define WOLFSSL_TLS13 +#define WOLFSSL_DTLS +#define WOLFSSL_DTLS13 +#define WOLFSSL_SEND_HRR_COOKIE +#define WOLFSSL_DTLS_CID +#define HAVE_EXTENDED_MASTER +#define HAVE_SECURE_RENEGOTIATION +#define HAVE_SUPPORTED_CURVES +#define HAVE_TLS_EXTENSIONS +#define WOLFSSL_CERT_EXT +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_ECC_ENCRYPT +#define WOLFSSL_PUBLIC_MP +#define NO_MULTIBYTE_PRINT +#define WOLFSSL_KEY_GEN /* RSA key gen */ +#define WOLFSSL_ASN_TEMPLATE /* default */ +#define WOLFSSL_SHA3 + +#if 0 + #define OPENSSL_EXTRA +#endif + +#define HAVE_CRL +#if 0 + /* start thread that can monitor CRL directory */ + #define HAVE_CRL_MONITOR +#endif + +/* Algorithms */ +#define HAVE_ED25519 +#define HAVE_CURVE25519 + +#define HAVE_AESGCM +#define WOLFSSL_AESGCM_STREAM +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +#define HAVE_HKDF + +#undef NO_DH +#define HAVE_PUBLIC_FFDHE +#define HAVE_FFDHE_2048 +#define HAVE_FFDHE_4096 + +#undef NO_RSA +#define WC_RSA_PSS +#define WOLFSSL_PSS_LONG_SALT +#define WC_RSA_BLINDING + +#define HAVE_ECC +#define ECC_SHAMIR +#define ECC_TIMING_RESISTANT +#define HAVE_COMP_KEY + +/* Disable features */ +#define NO_PSK + +/* Disable Algorithms */ +#define NO_DES3 +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* Math */ + +/* Single Precision Support for RSA/DH 1024/2048/3072 and + * ECC P-256/P-384 */ +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_RSA + +/* Optional Performance Speedups */ +#if 0 + #ifdef _WIN64 + /* Assembly speedups for SP math */ + #define WOLFSSL_SP_X86_64_ASM + + /* Support for RDSEED instruction */ + #define HAVE_INTEL_RDSEED + + /* AESNI on x64 */ + #define WOLFSSL_AESNI + + /* Intel ASM */ + #define USE_INTEL_SPEEDUP + #define WOLFSSL_X86_64_BUILD + + /* Old versions of MASM compiler do not recognize newer + * instructions. */ + #if 0 + #define NO_AVX2_SUPPORT + #define NO_MOVBE_SUPPORT + #endif + #endif +#endif + +/* Debug logging */ +#if 1 + #define DEBUG_WOLFSSL +#else + /* #define NO_ERROR_STRINGS */ +#endif + +#endif /* !_WIN_CSHARP_USER_SETTINGS_H_ */ diff --git a/wrapper/CSharp/wolfCrypt-Test/App.config b/wrapper/CSharp/wolfCrypt-Test/App.config new file mode 100644 index 000000000..4bfa00561 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/App.config @@ -0,0 +1,6 @@ + + + + + + diff --git a/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs new file mode 100644 index 000000000..ed34d06a0 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs @@ -0,0 +1,36 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("wolfCrypt-Test")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("wolfSSL")] +[assembly: AssemblyProduct("wolfCrypt-Test")] +[assembly: AssemblyCopyright("Copyright wolfSSL 2020")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("a4f4a244-1306-47f4-a168-31f78d7362fa")] + +// Version information for an assembly consists of the following four values: +// +// Major Version +// Minor Version +// Build Number +// Revision +// +// You can specify all the values or you can default the Build and Revision Numbers +// by using the '*' as shown below: +// [assembly: AssemblyVersion("1.0.*")] +[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyFileVersion("1.0.0.0")] diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs new file mode 100644 index 000000000..2dd2e7f77 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs @@ -0,0 +1,920 @@ +/* wolfCrypt-Test.cs + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Tests for the wolfCrypt C# wrapper */ + +using System; +using System.Linq; +using System.Text; +using System.Security.Cryptography; +using wolfSSL.CSharp; +using System.Runtime.InteropServices; +using static wolfSSL.CSharp.wolfcrypt; + +public class wolfCrypt_Test_CSharp +{ + private static void random_test() + { + int ret, i, zeroCount = 0; + Byte[] data = new Byte[128]; + + Console.WriteLine("Starting RNG test"); + + /* Random Test */ + ret = wolfcrypt.Random(data, data.Length); + if (ret == 0) + { + /* Check for 0's */ + for (i = 0; i < (int)data.Length; i++) + { + if (data[i] == 0) + { + zeroCount++; + } + } + if (zeroCount == data.Length) + { + Console.WriteLine("RNG zero check error"); + } + else + { + Console.WriteLine("RNG Test Passed"); + } + } + else + { + Console.WriteLine("RNG Error" + wolfcrypt.GetError(ret)); + } + } /* END random_test */ + + private static void ecc_test(string hashAlgorithm, int keySize) + { + int ret; + IntPtr rng = IntPtr.Zero; + IntPtr PrivKey = IntPtr.Zero; + IntPtr PubKey = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + Console.WriteLine("\nStarting ECC" + (keySize*8) + " test for " + hashAlgorithm + "..."); + + /* Create a new RNG context */ + rng = wolfcrypt.RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("RNG initialization failed."); + } + + /* Generate ECC Key Pair */ + Console.WriteLine("Testing ECC Key Generation..."); + key = wolfcrypt.EccMakeKey(keySize, rng); + if (key == IntPtr.Zero) + { + throw new Exception("EccMakeKey failed"); + } + Console.WriteLine("ECC Key Generation test passed."); + + /* Export and Import Key */ + Console.WriteLine("Testing ECC Key Export and Import..."); + byte[] privateKeyDer; + ret = wolfcrypt.EccExportPrivateKeyToDer(key, out privateKeyDer); + if (ret < 0) { + throw new Exception("ExportPrivateKeyToDer failed"); + } + byte[] publicKeyDer; + ret = wolfcrypt.EccExportPublicKeyToDer(key, out publicKeyDer, true); + if (ret < 0) { + throw new Exception("ExportPublicKeyToDer failed"); + } + PrivKey = wolfcrypt.EccImportKey(privateKeyDer); + if (PrivKey == IntPtr.Zero) + { + throw new Exception("EccImportKey Private failed"); + } + + PubKey = wolfcrypt.EccImportPublicKeyFromDer(publicKeyDer); + if (PubKey == IntPtr.Zero) + { + throw new Exception("ImportPublicKeyFromDer Public failed"); + } + Console.WriteLine("ECC Key Export and Import test passed."); + + /* Generate hash based on selected algorithm */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + byte[] hash; + + switch (hashAlgorithm.ToUpper()) + { + case "SHA256": + using (SHA256 sha256 = SHA256.Create()) + { + hash = sha256.ComputeHash(dataToHash); + } + break; + + case "SHA384": + using (SHA384 sha384 = SHA384.Create()) + { + hash = sha384.ComputeHash(dataToHash); + } + break; + + case "SHA512": + using (SHA512 sha512 = SHA512.Create()) + { + hash = sha512.ComputeHash(dataToHash); + } + break; + + default: + throw new Exception("Unsupported hash algorithm"); + } + Console.WriteLine($"{hashAlgorithm} hash generated."); + + /* Sign Data */ + Console.WriteLine("Testing ECC Signature Creation..."); + byte[] signature = new byte[wolfcrypt.ECC_MAX_SIG_SIZE]; + int signLength = wolfcrypt.EccSign(PrivKey, hash, signature); + if (signLength <= 0) + { + throw new Exception("EccSign failed"); + } + + byte[] actualSignature = new byte[signLength]; + Array.Copy(signature, 0, actualSignature, 0, signLength); + + Console.WriteLine($"ECC Signature Creation test passed. Signature Length: {signLength}"); + + /* Verify Signature */ + Console.WriteLine("Testing ECC Signature Verification..."); + int verifyResult = wolfcrypt.EccVerify(PubKey, actualSignature, hash); + if (verifyResult != 0) + { + throw new Exception("EccVerify failed"); + } + Console.WriteLine("ECC Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.EccFreeKey(key); + if (PubKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PubKey); + if (PrivKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PrivKey); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } /* END ecc_test */ + + private static void ecies_test(int keySize) + { + /* maximum encrypted message: + * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ + int bufferSize = wolfcrypt.MAX_ECIES_TEST_SZ; + const string message = "Hello wolfSSL!"; + byte[] salt = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }; + + IntPtr a = IntPtr.Zero; + IntPtr b = IntPtr.Zero; + IntPtr aCtx = IntPtr.Zero; + IntPtr bCtx = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + + byte[] plaintext = new byte[bufferSize]; + byte[] encrypted = new byte[bufferSize]; + byte[] decrypted = new byte[bufferSize]; + + try + { + Console.WriteLine($"\nStarting ECIES test for {keySize} byte key size..."); + + /* Create a new RNG context */ + rng = wolfcrypt.RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("RNG initialization failed."); + } + + /* Initialize keys */ + a = wolfcrypt.EccMakeKey(keySize, rng); + b = wolfcrypt.EccMakeKey(keySize, rng); + if (a == IntPtr.Zero || b == IntPtr.Zero) + { + throw new Exception("Key generation failed."); + } + Console.WriteLine("ECC key generation passed."); + + /* Create ECIES contexts for encryption and decryption */ + aCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_CLIENT, rng, heap); + bCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_SERVER, rng, heap); + if (aCtx == IntPtr.Zero || bCtx == IntPtr.Zero) + { + throw new Exception("Context creation failed."); + } + Console.WriteLine("ECC context creation passed."); + + /* Set KDF salt */ + if (wolfcrypt.EciesSetKdfSalt(aCtx, salt) != 0 || + wolfcrypt.EciesSetKdfSalt(bCtx, salt) != 0) + { + throw new Exception("Failed to set KDF salt."); + } + Console.WriteLine("KDF salt setup passed."); + + /* Prepare plaintext */ + Array.Clear(plaintext, 0, plaintext.Length); + Array.Copy(Encoding.ASCII.GetBytes(message), plaintext, message.Length); + /* Pad to block size */ + int plaintextLen = ((message.Length + (wolfcrypt.AES_BLOCK_SIZE - 1)) / + wolfcrypt.AES_BLOCK_SIZE) * wolfcrypt.AES_BLOCK_SIZE; + + /* Encrypt message */ + int ret = wolfcrypt.EciesEncrypt(a, b, plaintext, (uint)plaintextLen, encrypted, aCtx); + if (ret < 0) + { + throw new Exception("Encryption failed."); + } + + int encryptedLen = ret; + Console.WriteLine("ECC encryption passed."); + + /* Decrypt message */ + ret = wolfcrypt.EciesDecrypt(b, a, encrypted, (uint)encryptedLen, decrypted, bCtx); + if (ret < 0) + { + throw new Exception("Decryption failed."); + } + + int decryptedLen = ret; + Console.WriteLine("ECC decryption passed."); + + /* Compare decrypted text to original plaintext */ + if (decryptedLen != plaintextLen || !wolfcrypt.ByteArrayVerify(plaintext, decrypted)) + { + throw new Exception("Decrypted text does not match original plaintext."); + } + Console.WriteLine("Decrypted text matches original plaintext."); + } + finally + { + /* Cleanup key and context */ + if (a != IntPtr.Zero) wolfcrypt.EccFreeKey(a); + if (b != IntPtr.Zero) wolfcrypt.EccFreeKey(b); + if (aCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(aCtx); + if (bCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(bCtx); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } + } /* END ecies_test */ + + private static void ecdhe_test(int keySize) + { + int ret; + IntPtr rng = IntPtr.Zero; + IntPtr keyA = IntPtr.Zero; + IntPtr keyB = IntPtr.Zero; + IntPtr publicKeyA = IntPtr.Zero; + IntPtr publicKeyB = IntPtr.Zero; + byte[] derKey; + + Console.WriteLine("\nStarting ECDHE shared secret test for " + keySize + " key size..."); + + /* Create RNG */ + Console.WriteLine("Generating RNG..."); + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to generate RNG."); + } + Console.WriteLine("RNG generation test passed."); + + /* Generate Key Pair A */ + Console.WriteLine("Generating Key Pair A..."); + keyA = wolfcrypt.EccMakeKey(keySize, rng); + if (keyA == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair A."); + } + + /* Generate Key Pair B */ + Console.WriteLine("Generating Key Pair B..."); + keyB = wolfcrypt.EccMakeKey(keySize, rng); + if (keyB == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair B."); + } + Console.WriteLine("ECC Key generation test passed."); + + /* Export Public Key B to DER format */ + Console.WriteLine("Exporting Public Key B to DER format..."); + ret = wolfcrypt.EccExportPublicKeyToDer(keyB, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("EccExportPublicKeyToDer failed"); + } + + /* Decode Public Key B from DER format */ + Console.WriteLine("Decoding Public Key B from DER format..."); + publicKeyB = wolfcrypt.EccImportPublicKeyFromDer(derKey); + if (publicKeyB == IntPtr.Zero) + { + throw new Exception("Failed to decode public key B from DER format."); + } + Console.WriteLine("ECC Export and Import test passed."); + + /* Compute Shared Secret using Private Key A and Public Key B */ + Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B..."); + byte[] sharedSecretA = new byte[keySize]; + int retA = wolfcrypt.EcdheSharedSecret(keyA, publicKeyB, sharedSecretA, rng); + if (retA != 0) + { + throw new Exception("Failed to compute shared secret A. Error code: " + retA); + } + Console.WriteLine("ECC shared secret created using private Key A."); + + /* Export Public Key A to DER format */ + Console.WriteLine("Exporting Public Key A to DER format..."); + ret = wolfcrypt.EccExportPublicKeyToDer(keyA, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("EccExportPublicKeyToDer failed"); + } + + /* Decode Public Key A from DER format */ + Console.WriteLine("Decoding Public Key A from DER format..."); + publicKeyA = wolfcrypt.EccImportPublicKeyFromDer(derKey); + if (publicKeyA == IntPtr.Zero) + { + throw new Exception("Failed to decode public key A from DER format."); + } + + /* Compute Shared Secret using Private Key B and Public Key A */ + Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A..."); + byte[] sharedSecretB = new byte[keySize]; + int retB = wolfcrypt.EcdheSharedSecret(keyB, publicKeyA, sharedSecretB, rng); + if (retB != 0) + { + throw new Exception("Failed to compute shared secret B. Error code: " + retB); + } + Console.WriteLine("ECC shared secret created using private Key B."); + + /* Compare Shared Secrets */ + Console.WriteLine("Comparing Shared Secrets..."); + if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB)) + { + throw new Exception("Shared secrets do not match."); + } + else + { + Console.WriteLine("ECC shared secret match."); + } + + /* Cleanup */ + if (keyA != IntPtr.Zero) wolfcrypt.EccFreeKey(keyA); + if (keyB != IntPtr.Zero) wolfcrypt.EccFreeKey(keyB); + if (publicKeyA != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyA); + if (publicKeyB != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyB); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } /* END ecdhe_test */ + + private static void rsa_test(string hashAlgorithm, int keySize) + { + IntPtr key = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + Console.WriteLine("\nStarting RSA" + keySize + " test for " + hashAlgorithm + "..."); + + /* Generate RSA Key Pair */ + Console.WriteLine("Testing RSA Key Generation..."); + key = wolfcrypt.RsaMakeKey(heap, devId, keySize); + if (key == IntPtr.Zero) + { + throw new Exception("RsaMakeKey failed"); + } + Console.WriteLine("RSA Key Generation test passed."); + + /* Generate hash based on selected algorithm */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + byte[] hash; + + switch (hashAlgorithm.ToUpper()) + { + case "SHA256": + using (SHA256 sha256 = SHA256.Create()) + { + hash = sha256.ComputeHash(dataToHash); + } + break; + + case "SHA384": + using (SHA384 sha384 = SHA384.Create()) + { + hash = sha384.ComputeHash(dataToHash); + } + break; + + case "SHA512": + using (SHA512 sha512 = SHA512.Create()) + { + hash = sha512.ComputeHash(dataToHash); + } + break; + + default: + throw new Exception("Unsupported hash algorithm"); + } + Console.WriteLine($"{hashAlgorithm} hash generated."); + + /* Sign Data */ + Console.WriteLine("Testing RSA Signature Creation..."); + byte[] signature = new byte[keySize / 8]; + int signLength = wolfcrypt.RsaSignSSL(key, hash, signature); + if (signLength <= 0) + { + throw new Exception("RsaSignSSL failed"); + } + + byte[] actualSignature = new byte[signLength]; + Array.Copy(signature, 0, actualSignature, 0, signLength); + + Console.WriteLine($"RSA Signature Creation test passed. Signature Length: {signLength}"); + + /* Verify Signature */ + Console.WriteLine("Testing RSA Signature Verification..."); + int verifyResult = wolfcrypt.RsaVerifySSL(key, actualSignature, hash); + if (verifyResult != 0) + { + throw new Exception("RsaVerifySSL failed"); + } + Console.WriteLine("RSA Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.RsaFreeKey(key); + } /* END rsa_test */ + + private static void ed25519_test() + { + int ret; + IntPtr key = IntPtr.Zero; + byte[] privKey; + byte[] pubKey; + + Console.WriteLine("\nStarting ED25519 tests..."); + + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Generate ED25519 Key Pair */ + Console.WriteLine("Testing ED25519 Key Generation..."); + key = wolfcrypt.Ed25519MakeKey(heap, devId); + if (key == IntPtr.Zero) + { + throw new Exception("Ed25519MakeKey failed"); + } + Console.WriteLine("ED25519 Key Generation test passed."); + + /* Export and Import Key */ + Console.WriteLine("Testing ED25519 Key Export and Import..."); + /* Export Private */ + ret = wolfcrypt.Ed25519ExportKeyToDer(key, out privKey); + if (ret < 0 || privKey == null) + { + throw new Exception("Ed25519ExportKeyToDer failed"); + } + /* Export Public */ + ret = wolfcrypt.Ed25519ExportPublicKeyToDer(key, out pubKey, true); + if (ret < 0 || pubKey == null) + { + throw new Exception("Ed25519ExportKeyToDer failed"); + } + /* Import Private */ + IntPtr importedPrivKey = wolfcrypt.Ed25519PrivateKeyDecode(privKey); + if (importedPrivKey == IntPtr.Zero) + { + throw new Exception("Ed25519PrivateKeyDecode failed"); + } + /* Import Public */ + IntPtr importedPubKey = wolfcrypt.Ed25519PublicKeyDecode(pubKey); + if (importedPubKey == IntPtr.Zero) + { + throw new Exception("Ed25519PublicKeyDecode failed"); + } + Console.WriteLine("ED25519 Key Export and Import test passed."); + + /* Generate a hash */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + + /* Sign Data */ + Console.WriteLine("Testing ED25519 Signature Creation..."); + byte[] signature; + + ret = wolfcrypt.Ed25519SignMsg(dataToHash, out signature, key); + if (ret != 0) + { + throw new Exception("Ed25519SignMsg failed"); + } + Console.WriteLine($"ED25519 Signature Creation test passed. Signature Length: {signature.Length}"); + + /* Verify Signature */ + Console.WriteLine("Testing ED25519 Signature Verification..."); + ret = wolfcrypt.Ed25519VerifyMsg(signature, dataToHash, key); + if (ret != 0) + { + throw new Exception("Ed25519VerifyMsg failed"); + } + Console.WriteLine("ED25519 Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.Ed25519FreeKey(key); + } /* END ed25519_test */ + + private static void curve25519_test() + { + int ret; + IntPtr keyA = IntPtr.Zero; + IntPtr keyB = IntPtr.Zero; + IntPtr publicKeyA = IntPtr.Zero; + IntPtr publicKeyB = IntPtr.Zero; + byte[] derKey; + + Console.WriteLine("\nStarting Curve25519 shared secret test..."); + + /* Generate Key Pair A */ + Console.WriteLine("Generating Key Pair A..."); + keyA = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0); + if (keyA == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair A."); + } + + /* Generate Key Pair B */ + Console.WriteLine("Generating Key Pair B..."); + keyB = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0); + if (keyB == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair B."); + } + Console.WriteLine("Curve25519 Key generation test passed."); + + /* Export Public Key B to DER format */ + Console.WriteLine("Exporting Public Key B to DER format..."); + ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyB, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("Curve25519ExportPublicKeyToDer failed"); + } + + /* Decode Public Key B from DER format */ + Console.WriteLine("Decoding Public Key B from DER format..."); + publicKeyB = wolfcrypt.Curve25519PublicKeyDecode(derKey); + if (publicKeyB == IntPtr.Zero) + { + throw new Exception("Failed to decode public key B from DER format."); + } + Console.WriteLine("Curve25519 Export and Import test passed."); + + /* Compute Shared Secret using Private Key A and Public Key B */ + Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B..."); + byte[] sharedSecretA = new byte[wolfcrypt.ED25519_KEY_SIZE]; + int retA = wolfcrypt.Curve25519SharedSecret(keyA, publicKeyB, sharedSecretA); + if (retA != 0) + { + throw new Exception("Failed to compute shared secret A. Error code: " + retA); + } + Console.WriteLine("Curve25519 shared secret created using private Key A."); + + /* Export Public Key A to DER format */ + Console.WriteLine("Exporting Public Key A to DER format..."); + ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyA, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("Curve25519ExportPublicKeyToDer failed"); + } + + /* Decode Public Key A from DER format */ + Console.WriteLine("Decoding Public Key A from DER format..."); + publicKeyA = wolfcrypt.Curve25519PublicKeyDecode(derKey); + if (publicKeyA == IntPtr.Zero) + { + throw new Exception("Failed to decode public key A from DER format."); + } + + /* Compute Shared Secret using Private Key B and Public Key A */ + Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A..."); + byte[] sharedSecretB = new byte[wolfcrypt.ED25519_KEY_SIZE]; + int retB = wolfcrypt.Curve25519SharedSecret(keyB, publicKeyA, sharedSecretB); + if (retB != 0) + { + throw new Exception("Failed to compute shared secret B. Error code: " + retB); + } + Console.WriteLine("Curve25519 shared secret created using private Key B."); + + /* Compare Shared Secrets */ + Console.WriteLine("Comparing Shared Secrets..."); + if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB)) + { + throw new Exception("Shared secrets do not match."); + } + else + { + Console.WriteLine("Curve25519 shared secret match."); + } + + /* Cleanup */ + if (keyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyA); + if (keyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyB); + if (publicKeyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyA); + if (publicKeyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyB); + } /* END curve25519_test */ + + private static void aes_gcm_test() + { + IntPtr aes = IntPtr.Zero; + byte[] key; + byte[] iv; + byte[] plaintext; + byte[] ciphertext; + byte[] addAuth; + byte[] authTag; + byte[] decrypted; + int ret; + + try + { + Console.WriteLine("\nStarting AES-GCM tests..."); + + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Initialize AES-GCM Context */ + Console.WriteLine("Testing AES-GCM Initialization..."); + + /* + * This is from the Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + + key = new byte[32] + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }; + + iv = new byte[12] + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + + plaintext = new byte[] + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + + ciphertext = new byte[] + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; + + addAuth = new byte[] + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + + authTag = new byte[16]; + + aes = wolfcrypt.AesNew(heap, devId); + if (aes == IntPtr.Zero) + { + throw new Exception($"AesNew failed with error code {aes}"); + } + Console.WriteLine("AesNew test passed."); + + /* Set AES-GCM Key */ + Console.WriteLine("Testing AES-GCM Key Setting..."); + uint len = (uint)key.Length; + ret = wolfcrypt.AesGcmSetKey(aes, key); + if (ret != 0) + { + throw new Exception($"AesGcmSetKey failed with error code {ret}"); + } + Console.WriteLine("AES-GCM Key Setting test passed."); + + /* Encryption */ + Console.WriteLine("Testing AES-GCM Encryption..."); + ret = wolfcrypt.AesGcmEncrypt(aes, iv, plaintext, ciphertext, authTag, addAuth); + if (ret != 0) + { + throw new Exception($"AesGcmEncrypt failed with error code {ret}"); + } + Console.WriteLine($"AES-GCM Encryption test passed. Ciphertext Length: {ciphertext.Length}"); + + /* Decryption */ + Console.WriteLine("Testing AES-GCM Decryption..."); + decrypted = new byte[plaintext.Length]; + + ret = wolfcrypt.AesGcmDecrypt(aes, iv, ciphertext, decrypted, authTag, addAuth); + if (ret != 0) + { + throw new Exception($"AesGcmDecrypt failed with error code {ret}"); + } + + /* Verify Decryption */ + if (!plaintext.SequenceEqual(decrypted)) + { + throw new Exception("Decryption failed: decrypted data does not match original plaintext."); + } + Console.WriteLine("AES-GCM Decryption test passed."); + + } + catch (Exception ex) + { + Console.WriteLine($"AES-GCM test failed: {ex.Message}"); + } + finally + { + /* Cleanup */ + if (aes != IntPtr.Zero) + { + wolfcrypt.AesGcmFree(aes); + } + } + } /* END aes_gcm_test */ + + private static void hash_test(uint hashType) + { + IntPtr hash = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Get the enum name */ + string hashTypeName = Enum.GetName(typeof(wolfcrypt.hashType), hashType); + + Console.WriteLine($"\nStarting hash test for {hashTypeName}..."); + + /* Allocate new hash context */ + Console.WriteLine("Testing hash context allocation..."); + hash = wolfcrypt.HashNew(hashType, heap, devId); + if (hash == IntPtr.Zero) + { + Console.WriteLine($"HashNew failed for {hashTypeName}"); + return; + } + Console.WriteLine("Hash context allocation test passed."); + + /* Initialize the hash context with the specified hash type */ + Console.WriteLine("Testing hash initialization..."); + int initResult = wolfcrypt.InitHash(hash, hashType); + if (initResult != 0) + { + Console.WriteLine($"InitHash failed for {hashTypeName}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine("Hash initialization test passed."); + + /* Update the hash with data */ + byte[] dataToHash = Encoding.UTF8.GetBytes("This is some data to hash"); + Console.WriteLine("Testing hash update..."); + int updateResult = wolfcrypt.HashUpdate(hash, hashType, dataToHash); + if (updateResult != 0) + { + Console.WriteLine($"HashUpdate failed for {hashTypeName}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine("Hash update test passed."); + + /* Finalize the hash and get the result */ + Console.WriteLine("Testing hash finalization..."); + byte[] hashOutput; + int finalResult = wolfcrypt.HashFinal(hash, hashType, out hashOutput); + if (finalResult != 0) + { + Console.WriteLine($"HashFinal failed for {hashType}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine($"Hash finalization test passed for {hashTypeName}. Hash Length: {hashOutput.Length}"); + + /* Output the hash result */ + Console.WriteLine($"Hash Output ({hashTypeName}): {BitConverter.ToString(hashOutput).Replace("-", "")}"); + + /* Cleanup */ + Console.WriteLine("Testing hash cleanup..."); + int freeResult = wolfcrypt.HashFree(hash, hashType); + if (freeResult != 0) + { + Console.WriteLine($"HashFree failed for {hashTypeName}"); + } + else + { + Console.WriteLine("Hash cleanup test passed."); + } + } /* END hash_test */ + + public static void standard_log(int lvl, StringBuilder msg) + { + Console.WriteLine(msg); + } + + public static void Main(string[] args) + { + try + { + Console.WriteLine("Starting Cryptographic Tests...\n"); + + wolfcrypt.Init(); + + /* setup logging to stdout */ + wolfcrypt.SetLogging(standard_log); + + random_test(); + + Console.WriteLine("\nStarting ECC tests"); + + ecc_test("SHA256", 32); /* Uses SHA-256 (32 byte hash) */ + ecc_test("SHA384", 32); /* Uses SHA-384 (32 byte hash) */ + ecc_test("SHA512", 32); /* Uses SHA-512 (32 byte hash) */ + + Console.WriteLine("\nStarting ECIES tests"); + + ecies_test(32); /* ECIES test (32 byte key size) */ + ecies_test(48); /* ECIES test (48 byte key size) */ + ecies_test(66); /* ECIES test (66 byte key size) */ + + Console.WriteLine("\nStarting ECDHE tests"); + + ecdhe_test(32); /* ECDHE shared secret test (32 byte key size) */ + ecdhe_test(48); /* ECDHE shared secret test (48 byte key size) */ + ecdhe_test(66); /* ECDHE shared secret test (66 byte key size) */ + + Console.WriteLine("\nStarting RSA tests"); + + rsa_test("SHA256", 2048); /* Uses SHA-256 (2048 bit hash) */ + rsa_test("SHA384", 2048); /* Uses SHA-384 (2048 bit hash) */ + rsa_test("SHA512", 2048); /* Uses SHA-512 (2048 bit hash) */ + + Console.WriteLine("\nStarting ED25519 test"); + + ed25519_test(); /* ED25519 test */ + + Console.WriteLine("\nStarting curve25519 test"); + + curve25519_test(); /* curve25519 shared secret test */ + + Console.WriteLine("\nStarting AES-GCM test"); + + aes_gcm_test(); /* AES_GCM test */ + + Console.WriteLine("\nStarting HASH tests"); + + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA256); /* SHA-256 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA384); /* SHA-384 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA512); /* SHA-512 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA3_256); /* SHA3_256 HASH test */ + + wolfcrypt.Cleanup(); + + Console.WriteLine("\nAll tests completed successfully"); + } + catch (Exception ex) + { + Console.WriteLine($"An error occurred: {ex.Message}"); + Environment.Exit(-1); + } + } +} diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj new file mode 100644 index 000000000..647d7ce7b --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj @@ -0,0 +1,123 @@ + + + + + Debug + AnyCPU + {A4F4A244-1306-47F4-A168-31F78D7362FA} + Exe + Properties + wolfCrypt_Test + wolfCrypt-Test + v4.8 + 512 + publish\ + true + Disk + false + Foreground + 7 + Days + false + false + true + 0 + 1.0.0.%2a + false + false + true + + + AnyCPU + true + full + false + $(SolutionDir)$(Configuration)\$(Platform)\ + DEBUG;TRACE + prompt + 3 + + + AnyCPU + pdbonly + true + $(SolutionDir)$(Configuration)\$(Platform)\ + TRACE + prompt + 4 + + + + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + DEBUG;TRACE + 4 + full + x64 + prompt + MinimumRecommendedRules.ruleset + true + + + $(SolutionDir)$(Configuration)\$(Platform)\ + TRACE + true + pdbonly + x64 + prompt + MinimumRecommendedRules.ruleset + true + + + + + + + + + + + + + + + + + + + {52609808-0418-46d3-8e17-141927a1a39a} + wolfSSL_CSharp + + + + + False + Microsoft .NET Framework 4.5 %28x86 and x64%29 + true + + + False + .NET Framework 3.5 SP1 Client Profile + false + + + False + .NET Framework 3.5 SP1 + false + + + + + + + + + \ No newline at end of file diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config index 49c50e046..8a99d30db 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj index 9af7a1f42..5bf4e8c8e 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_DTLS_PSK_Server wolfSSL-DTLS-PSK-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config index 49c50e046..8a99d30db 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj index 1c9eb2b12..e0c4a57ea 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_DTLS_Server wolfSSL-DTLS-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -43,7 +44,7 @@ 0 - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config index 49c50e046..8a99d30db 100755 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj index 4e6dae1a6..dc57d74f3 100755 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_Example_IOCallbacks wolfSSL-Example-IOCallbacks - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/App.config b/wrapper/CSharp/wolfSSL-TLS-Client/App.config index f3ec453d9..8a99d30db 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-Client/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj index 3a3d175e4..7afffb9d4 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_Client wolfSSL-TLS-Client - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj index b2113d6ae..5c3e77e47 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj @@ -33,7 +33,7 @@ true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -42,14 +42,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -58,7 +58,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config index 49c50e046..8a99d30db 100755 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj index dab61d537..1f31752ec 100755 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_TLS_PSK_Server wolfSSL-TLS-PSK-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-Server/App.config index 49c50e046..8a99d30db 100755 --- a/wrapper/CSharp/wolfSSL-TLS-Server/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj index 35f8b0666..1cc073e83 100755 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_Server wolfSSL-TLS-Server - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config index 49c50e046..8a99d30db 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj index 7c47cf557..f1468d14f 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_ServerThreaded wolfSSL-TLS-ServerThreaded - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL_CSharp.sln b/wrapper/CSharp/wolfSSL_CSharp.sln index a4898062a..48e170a48 100644 --- a/wrapper/CSharp/wolfSSL_CSharp.sln +++ b/wrapper/CSharp/wolfSSL_CSharp.sln @@ -1,9 +1,11 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 2012 +# Visual Studio Version 17 +VisualStudioVersion = 17.6.33815.320 +MinimumVisualStudioVersion = 10.0.40219.1 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL_CSharp", "wolfSSL_CSharp\wolfSSL_CSharp.csproj", "{52609808-0418-46D3-8E17-141927A1A39A}" ProjectSection(ProjectDependencies) = postProject - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B} + {67932048-D67E-4C86-B55F-90899B9BDA64} = {67932048-D67E-4C86-B55F-90899B9BDA64} EndProjectSection EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-Server", "wolfSSL-TLS-Server\wolfSSL-TLS-Server.csproj", "{8921AD35-4E62-4DAC-8FEE-8C9F8E57DDD2}" @@ -17,11 +19,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-DTLS-PSK-Server", " {52609808-0418-46D3-8E17-141927A1A39A} = {52609808-0418-46D3-8E17-141927A1A39A} EndProjectSection EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfSSL", "wolfSSL", "{252D09D0-D007-4AEB-9F7A-A74408039A8A}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "..\..\testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{67932048-D67E-4C86-B55F-90899B9BDA64}" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-Example-IOCallbacks", "wolfSSL-Example-IOCallbacks\wolfSSL-Example-IOCallbacks.csproj", "{E2415718-0A15-48DB-A774-01FB0093B626}" EndProject @@ -31,6 +29,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-ServerThreaded" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-PSK-Client", "wolfSSL-TLS-PSK-Client\wolfSSL-TLS-PSK-Client.csproj", "{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfCrypt-Test", "wolfCrypt-Test\wolfCrypt-Test.csproj", "{A4F4A244-1306-47F4-A168-31F78D7362FA}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -162,58 +162,35 @@ Global {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.ActiveCfg = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.Build.0 = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.ActiveCfg = Release|Any CPU + {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.Build.0 = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.ActiveCfg = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.Build.0 = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.ActiveCfg = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.ActiveCfg = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.Build.0 = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.ActiveCfg = Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.Build.0 = Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.ActiveCfg = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.Build.0 = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.Build.0 = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.ActiveCfg = Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.Build.0 = Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.ActiveCfg = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.Build.0 = DLL Release|x64 {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.Build.0 = Debug|Any CPU {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Win32.ActiveCfg = Debug|Any CPU @@ -310,14 +287,34 @@ Global {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|Win32.Build.0 = Release|Any CPU {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.ActiveCfg = Release|x64 {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.Build.0 = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.ActiveCfg = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.Build.0 = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.ActiveCfg = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.Build.0 = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.ActiveCfg = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.Build.0 = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.ActiveCfg = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection - GlobalSection(NestedProjects) = preSolution - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {252D09D0-D007-4AEB-9F7A-A74408039A8A} - {611E8971-46E0-4D0A-B5A1-632C3B00CB80} = {252D09D0-D007-4AEB-9F7A-A74408039A8A} - EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {63D316F8-C4EE-449A-B9A6-FC673C4D5D31} EndGlobalSection diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs new file mode 100644 index 000000000..2e5f30e93 --- /dev/null +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs @@ -0,0 +1,2953 @@ +/* wolfCrypt.cs + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +using System; +using System.Runtime.InteropServices; +using System.Security.Cryptography; +using System.Text; + +namespace wolfSSL.CSharp +{ + public class wolfcrypt + { + private const string wolfssl_dll = "wolfssl.dll"; + + /******************************** + * Init wolfSSL library + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfCrypt_Init(); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfCrypt_Cleanup(); + + + /******************************** + * Random + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_rng_free(IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz); + + + /******************************** + * ECC + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_key_new(IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_ecc_key_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve); + + + /******************************** + * ECIES + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_ecc_ctx_free(IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx); + + + /******************************** + * ECDHE + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen); + + + /******************************** + * RSA + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_FreeRsaKey(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key); + + + /******************************** + * ED25519 + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_init(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern void wc_ed25519_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg); + + /* RAW format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_size(IntPtr key); + + + /******************************** + * Curve25519 + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_init(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_curve25519_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg); + + /* RAW format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey); + + + /******************************** + * AES-GCM + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_AesNew(IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesFree(IntPtr aes); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz); + + + /******************************** + * HASH + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashInit(IntPtr hash, uint hashType); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashFree(IntPtr hash, uint hashType); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashGetDigestSize(uint hashType); + + + /******************************** + * Logging + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_GetErrorString(int error); + + public delegate void loggingCb(int lvl, StringBuilder msg); + private static loggingCb internal_log; + + /// + /// Log a message to set logging function + /// + /// Level of log message + /// Message to log + private static void log(int lvl, string msg) + { + /* if log is not set then print nothing */ + if (internal_log == null) + return; + StringBuilder ptr = new StringBuilder(msg); + internal_log(lvl, ptr); + } + + + /******************************** + * Enum types from wolfSSL library + */ + /* Logging levels */ + public static readonly int ERROR_LOG = 0; + public static readonly int INFO_LOG = 1; + public static readonly int ENTER_LOG = 2; + public static readonly int LEAVE_LOG = 3; + public static readonly int OTHER_LOG = 4; + public static readonly int INVALID_DEVID = -2; + public static readonly int ECC_MAX_SIG_SIZE = 141; /* ECC max sig size */ + public static readonly int ECC_KEY_SIZE = 32; /* ECC key size */ + public static readonly int MAX_ECIES_TEST_SZ = 200; /* ECIES max sig size */ + public static readonly int ED25519_SIG_SIZE = 64; /* ED25519 pub + priv */ + public static readonly int ED25519_KEY_SIZE = 32; /* Private key only */ + public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */ + public static readonly int AES_128_KEY_SIZE = 16; /* for 128 bit */ + public static readonly int AES_192_KEY_SIZE = 24; /* for 192 bit */ + public static readonly int AES_256_KEY_SIZE = 32; /* for 256 bit */ + public static readonly int AES_BLOCK_SIZE = 16; + + /* Error codes */ + public static readonly int SUCCESS = 0; + public static readonly int SIG_VERIFY_E = -229; /* wolfcrypt signature verify error */ + public static readonly int MEMORY_E = -125; /* Out of memory error */ + public static readonly int EXCEPTION_E = -1; + public static readonly int BUFFER_E = -131; /* RSA buffer error, output too small/large */ + + + /*********************************************************************** + * Class Public Functions + **********************************************************************/ + + /// + /// Initialize wolfCrypt library + /// + /// 0 on success + public static int Init() + { + int ret; + try + { + ret = wolfCrypt_Init(); + } + catch (Exception e) + { + log(ERROR_LOG, "wolfCrypt init error " + e.ToString()); + ret = EXCEPTION_E; + } + return ret; + } + + /// + /// Clean up wolfCrypt library memory + /// + /// 0 on success + public static int Cleanup() + { + int ret; + try + { + ret = wolfCrypt_Cleanup(); + } + catch (Exception e) + { + log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString()); + ret = EXCEPTION_E; + } + return ret; + } + + + /*********************************************************************** + * Random + **********************************************************************/ + + /// + /// Create new WC_RNG context + /// + /// Pointer to allocated WC_RNG or null + public static IntPtr RandomNew() + { + IntPtr rng; + + try + { + /* Allocate and init new WC_RNG structure */ + rng = wc_rng_new( + IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */ + IntPtr.Zero); /* Heap hint for static memory only */ + } + catch (Exception e) + { + log(ERROR_LOG, "random new exception " + e.ToString()); + rng = IntPtr.Zero; + } + + return rng; + } + + /// + /// Free WC_RNG context + /// + /// Pointer to allocated WC_RNG + public static void RandomFree(IntPtr rng) + { + if (rng != IntPtr.Zero) + { + /* Free WC_RNG structure */ + wc_rng_free(rng); + } + } + + /// + /// Generate random data (use existing WC_RNG context) + /// + /// WC_RNG created from RandomNew() + /// buffer to populate random data + /// size of buffer + /// 0=success or negative for error + public static int Random(IntPtr rng, byte[] buf, int sz) + { + int ret; + IntPtr data; + + try + { + /* Allocate global buffer for wolfAPI random */ + data = Marshal.AllocHGlobal(sz); + if (data != IntPtr.Zero) + { + /* Generate random block */ + ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz)); + if (ret == 0) + { + /* copy returned data */ + Marshal.Copy(data, buf, 0, sz); + } + else + { + log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret)); + } + Marshal.FreeHGlobal(data); + } + else + { + ret = MEMORY_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "random generate block exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Generate random data (single shot) + /// + /// buffer to populate random data + /// size of buffer + /// 0=success or negative for error + public static int Random(byte[] buf, int sz) + { + int ret; + IntPtr rng = RandomNew(); + if (rng == IntPtr.Zero) + { + return MEMORY_E; + } + ret = Random(rng, buf, sz); + RandomFree(rng); + return ret; + } + /* END Random */ + + + /*********************************************************************** + * ECC + **********************************************************************/ + + /// + /// Generate a new ECC private / public key pair + /// + /// Key size in bytes (example: SECP256R1 = 32) + /// Allocated ECC key structure or null + public static IntPtr EccMakeKey(int keysize, IntPtr rng) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + /* Allocate and init new WC_RNG structure */ + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */ + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC make key exception " + e.ToString()); + + EccFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sets the ECC rng structure + /// + /// Supplied key as a pointer + /// rng context as a pointer + /// Returns 0 on success + public static int EccSetRng(IntPtr key, IntPtr rng) + { + int ret = 0; + + try + { + /* Check */ + if (key == IntPtr.Zero) + { + log(ERROR_LOG, "Invalid key or rng pointer."); + return MEMORY_E; + } + + /* Set ECC rng */ + ret = wc_ecc_set_rng(key, rng); + if (ret != 0) + { + log(ERROR_LOG, "ECC set rng failed returned:" + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC set rng exception " + e.ToString()); + } + + return ret; + } + + /// + /// Generate a new ECC private / public key pair + /// + /// ASN.1 private key buffer (see ecc_clikey_der_256) + /// Allocated ECC key structure or null + public static IntPtr EccImportKey(byte[] keyASN1) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); + IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length); + Marshal.WriteInt32(idx, 0); + Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length); + ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length)); + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + Marshal.FreeHGlobal(idx); /* not used */ + Marshal.FreeHGlobal(keydata); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC import key exception " + e.ToString()); + EccFreeKey(key); /* make sure its free'd */ + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sign a hash using ECC + /// + /// ECC key structure + /// Hash to sign + /// Buffer to receive the signature + /// Length of the signature on success, otherwise a negative error code + public static int EccSign(IntPtr key, byte[] hash, byte[] signature) + { + int ret; + int signedLength = 0; + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + IntPtr sigLen = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + + try + { + rng = RandomNew(); + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + sigLen = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(sigLen, signature.Length); + Marshal.Copy(hash, 0, hashPtr, hash.Length); + ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key); + + /* Output actual signature length */ + if (ret == 0) + { + signedLength = Marshal.ReadInt32(sigLen); + if (signedLength <= signature.Length) + { + Marshal.Copy(sigPtr, signature, 0, signedLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC sign exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen); + if (rng != IntPtr.Zero) RandomFree(rng); + } + + return ret == 0 ? signedLength : ret; + } + + /// + /// Verify a signature using ECC + /// + /// ECC key structure + /// Signature to verify + /// Expected hash value + /// 0 on success, otherwise an error code + public static int EccVerify(IntPtr key, byte[] signature, byte[] hash) + { + int ret; + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + IntPtr res = IntPtr.Zero; + + try + { + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + res = Marshal.AllocHGlobal(sizeof(int)); + + Marshal.Copy(hash, 0, hashPtr, hash.Length); + Marshal.Copy(signature, 0, sigPtr, signature.Length); + + ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key); + + if (ret == 0) + { + int verifyResult = Marshal.ReadInt32(res); + ret = verifyResult == 1 ? 0 : EXCEPTION_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC verify exception " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (res != IntPtr.Zero) Marshal.FreeHGlobal(res); + } + + return ret; + } + + /// + /// Export ECC Private Key to DER format + /// + /// ECC key structure + /// DER-encoded private key as byte array + public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + int bufferSize = wc_EccPrivateKeyToDer(key, null, 0); + if (bufferSize < 0) { + log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString()); + return bufferSize; + } + derKey = new byte[bufferSize]; + ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize); + if (ret < 0) + { + log(ERROR_LOG, "ECC private key to der failed " + ret.ToString()); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC export private exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Export ECC Public Key to DER format + /// + /// ECC key structure + /// Include algorithm curve in the output + /// DER-encoded public key as byte array + public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve) + { + int ret; + derKey = null; + + try + { + int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0); + if (bufferSize < 0) { + log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString()); + return bufferSize; + } + derKey = new byte[bufferSize]; + ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "ECC public key to der failed " + ret.ToString()); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC export public exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Import ECC Public Key from DER format + /// + /// DER-encoded public key + /// Allocated ECC key structure or null + public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + uint idx = 0; + ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length); + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC import public key exception " + e.ToString()); + EccFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Free an ECC key structure + /// + /// ECC key structure allocated using EccMakeKey() or EccImportKey() + public static void EccFreeKey(IntPtr key) + { + if (key != IntPtr.Zero) + { + wc_ecc_key_free(key); + } + } + /* END ECC */ + + + /*********************************************************************** + * ECIES + **********************************************************************/ + + /// + /// Create a new ECIES context with flags, RNG, and custom heap. + /// + /// Flags for the context initialization. + /// Random Number Generator (RNG) pointer. + /// Custom heap pointer for memory allocations. + /// Pointer to the newly created ECIES context or IntPtr.Zero on failure. + public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap) + { + IntPtr ctx = IntPtr.Zero; + heap = IntPtr.Zero; + + try + { + ctx = wc_ecc_ctx_new_ex(flags, rng, heap); + if (ctx == IntPtr.Zero) + { + log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString()); + return IntPtr.Zero; + } + + return ctx; + } + + /// + /// Reset the ECIES context with a new RNG. + /// + /// Pointer to the ECIES context to reset. + /// New RNG to set. + /// 0 on success, or a negative error code on failure. + public static int EciesCtxReset(IntPtr ctx, IntPtr rng) + { + int ret; + + try + { + ret = wc_ecc_ctx_reset(ctx, rng); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES context reset exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Set encryption, KDF, and MAC algorithms for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Encryption algorithm identifier. + /// Key Derivation Function (KDF) algorithm identifier. + /// MAC algorithm identifier. + /// 0 on success, or a negative error code on failure. + public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo) + { + int ret; + + try + { + ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Get the ECIES own salt as a byte array. + /// + /// Pointer to the ECIES context. + /// Byte array representing the own salt, or null if there is an error. + public static byte[] EciesGetOwnSalt(IntPtr ctx) + { + IntPtr saltPtr = IntPtr.Zero; + byte[] salt = null; + + try + { + /* Check ctx */ + if (ctx == IntPtr.Zero) + { + log(ERROR_LOG, "Invalid ECIES context pointer."); + return null; + } + + /* Get own salt */ + saltPtr = wc_ecc_ctx_get_own_salt(ctx); + if (saltPtr == IntPtr.Zero) + { + log(ERROR_LOG, "Failed to get own salt."); + return null; + } + + /* Allocate salt size and copy to byte array */ + salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ]; + Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString()); + return null; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return salt; + } + + /// + /// Set the peer salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Peer salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the peer salt */ + ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the own salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Own salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + uint saltSz; + int ret; + + try + { + /* Allocate memory */ + saltSz = (uint)salt.Length; + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the own salt */ + ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the KDF salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// KDF salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + uint saltSz; + int ret; + + try + { + /* Allocate memory */ + saltSz = (uint)salt.Length; + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the KDF salt */ + ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the info for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Info as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetInfo(IntPtr ctx, byte[] info) + { + IntPtr infoPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + infoPtr = Marshal.AllocHGlobal(info.Length); + Marshal.Copy(info, 0, infoPtr, info.Length); + + /* Set the info */ + ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set info exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr); + } + + return ret; + } + + /// + /// Encrypt a message using ECIES. + /// + /// Private key. + /// Public key. + /// Message to encrypt. + /// Message size. + /// Output buffer. + /// ECIES context. + /// 0 on success, or a negative error code on failure. + public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx) + { + int ret; + int outBufferLength = 0; + IntPtr msgPtr = IntPtr.Zero; + IntPtr outBufferPtr = IntPtr.Zero; + IntPtr outSz = IntPtr.Zero; + + try + { + /* Allocate memory */ + msgPtr = Marshal.AllocHGlobal(msg.Length); + outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length); + outSz = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(outSz, outBuffer.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + /* Encrypt */ + ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx); + if (ret < 0) + { + log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret); + } + /* Output actual output buffer length */ + if (ret == 0) + { + outBufferLength = Marshal.ReadInt32(outSz); + if (outBufferLength <= outBuffer.Length) + { + Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES encryption exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr); + if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz); + } + + return ret == 0 ? outBufferLength : ret; + } + + /// + /// Decrypt a message using ECIES. + /// + /// Private key. + /// Public key. + /// Encrypted message. + /// Message size. + /// Output buffer for the decrypted message. + /// ECIES context. + /// 0 on success, or a negative error code on failure. + public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx) + { + int ret; + int outBufferLength = 0; + IntPtr msgPtr = IntPtr.Zero; + IntPtr outBufferPtr = IntPtr.Zero; + IntPtr outSz = IntPtr.Zero; + + try + { + /* Allocate memory */ + msgPtr = Marshal.AllocHGlobal(msg.Length); + outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length); + outSz = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(outSz, outBuffer.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + /* Decrypt */ + ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx); + if (ret < 0) + { + log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret); + } + /* Output actual output buffer length */ + if (ret == 0) + { + outBufferLength = Marshal.ReadInt32(outSz); + if (outBufferLength <= outBuffer.Length) + { + Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES decryption exception: " + e.ToString()); + return EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr); + if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz); + } + + return ret == 0 ? outBufferLength : ret; + } + + /// + /// Free the ECIES context. + /// + /// Pointer to the ECIES context to free. + public static void EciesFreeCtx(IntPtr ctx) + { + if (ctx != IntPtr.Zero) + { + wc_ecc_ctx_free(ctx); + } + } + + /******************************** + * ENUMS + */ + public enum ecEncAlgo { + ecAES_128_CBC = 1, /* default */ + ecAES_256_CBC = 2, + ecAES_128_CTR = 3, + ecAES_256_CTR = 4 + } + + public enum ecKdfAlgo { + ecHKDF_SHA256 = 1, /* default */ + ecHKDF_SHA1 = 2, + ecKDF_X963_SHA1 = 3, + ecKDF_X963_SHA256 = 4, + ecKDF_SHA1 = 5, + ecKDF_SHA256 = 6 + } + + public enum ecMacAlgo { + ecHMAC_SHA256 = 1, /* default */ + ecHMAC_SHA1 = 2 + } + + public enum ecKeySize { + KEY_SIZE_128 = 16, + KEY_SIZE_256 = 32, + IV_SIZE_64 = 8, + IV_SIZE_128 = 16, + ECC_MAX_IV_SIZE = 16, + EXCHANGE_SALT_SZ = 16, + EXCHANGE_INFO_SZ = 23 + } + + public enum ecFlags { + REQ_RESP_CLIENT = 1, + REQ_RESP_SERVER = 2 + } + /* END ECIES */ + + + /*********************************************************************** + * ECDHE + **********************************************************************/ + + /// + /// Generate a shared secret using ECC + /// + /// ECC private key + /// ECC public key + /// Buffer to receive the shared secret + /// 0 on success, otherwise an error code + public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng) + { + int ret; + int secretLength = secret.Length; + + try + { + /* set RNG for Public Key */ + ret = EccSetRng(privateKey, rng); + if (ret != 0) + { + throw new Exception("Failed to set Public Key RNG Error code: " + ret); + } + + /* set RNG for Private Key */ + ret = EccSetRng(publicKey, rng); + if (ret != 0) + { + throw new Exception("Failed to set Private Key RNG. Error code: " + ret); + } + + /* Generate shared secret */ + if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero) + { + ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength); + if (ret != 0) + { + throw new Exception("Failed to compute ECC shared secret. Error code: " + ret); + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC shared secret exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + /* END ECDHE */ + + + /*********************************************************************** + * RSA + **********************************************************************/ + + /// + /// Generate a new RSA private/public key pair + /// + /// Pointer to the heap for memory allocation + /// (use IntPtr.Zero if not applicable) + /// Device ID (if applicable, otherwise use 0) + /// Key size in bits (example: 2048) + /// Exponent for RSA key generation (default is 65537) + /// Allocated RSA key structure or null on failure + public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent) + { + int ret; + IntPtr key = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + + try + { + /* Allocate and init new RSA key structure */ + key = wc_NewRsaKey(heap, devId); + if (key != IntPtr.Zero) + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create rng."); + } + + ret = wc_MakeRsaKey(key, keysize, exponent, rng); + if (ret != 0) + { + RsaFreeKey(key); + key = IntPtr.Zero; + } + + RandomFree(rng); + rng = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA make key exception " + e.ToString()); + if (rng != IntPtr.Zero) RandomFree(rng); + if (key != IntPtr.Zero) RsaFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize) + { + return RsaMakeKey(heap, devId, keysize, 65537); + } + + /// + /// Import an RSA private key from ASN.1 buffer + /// + /// ASN.1 private key buffer + /// Allocated RSA key structure or null + public static IntPtr RsaImportKey(byte[] keyASN1) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID); + if (key != IntPtr.Zero) + { + IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); + IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length); + Marshal.WriteInt32(idx, 0); + Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length); + ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length)); + if (ret != 0) + { + RsaFreeKey(key); + key = IntPtr.Zero; + } + Marshal.FreeHGlobal(idx); /* not used */ + Marshal.FreeHGlobal(keydata); + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA make key exception " + e.ToString()); + RsaFreeKey(key); /* make sure its free'd */ + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sign a hash using RSA and SSL-style padding + /// + /// RSA key structure + /// Hash to sign + /// Buffer to receive the signature + /// Length of the signature on success, otherwise an error code + public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature) + { + IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length); + IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length); + IntPtr rng = IntPtr.Zero; + int ret; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + Marshal.Copy(hash, 0, hashPtr, hash.Length); + + ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng); + if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */ + { + Marshal.Copy(sigPtr, signature, 0, ret); + } + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (rng != IntPtr.Zero) RandomFree(rng); + } + + return ret; + } + + /// + /// Verify a signature using RSA and SSL-style padding + /// + /// RSA key structure + /// Signature to verify + /// Expected hash value + /// 0 on success, otherwise an error code + public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash) + { + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + int ret; + + try + { + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + + Marshal.Copy(signature, 0, sigPtr, signature.Length); + + ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key); + + if (ret == hash.Length) + { + byte[] verifiedHash = new byte[hash.Length]; + Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length); + + if (ByteArrayVerify(verifiedHash, hash)) + { + ret = 0; + } + else + { + ret = SIG_VERIFY_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA verify exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + } + + return ret; + } + + /// + /// Encrypt data using RSA public key encryption + /// + /// RSA key structure + /// Data to encrypt + /// Buffer to receive the encrypted data + /// 0 on success, otherwise an error code + public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output) + { + IntPtr inPtr = Marshal.AllocHGlobal(input.Length); + IntPtr outPtr = Marshal.AllocHGlobal(output.Length); + Marshal.Copy(input, 0, inPtr, input.Length); + + int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key); + + if (ret > 0) + { + Marshal.Copy(outPtr, output, 0, ret); + } + + Marshal.FreeHGlobal(inPtr); + Marshal.FreeHGlobal(outPtr); + + return ret > 0 ? 0 : ret; + } + + /// + /// Decrypt data using RSA private key decryption + /// + /// RSA key structure + /// Encrypted data + /// Buffer to receive the decrypted data + /// 0 on success, otherwise an error code + public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output) + { + IntPtr inPtr = Marshal.AllocHGlobal(input.Length); + IntPtr outPtr = Marshal.AllocHGlobal(output.Length); + Marshal.Copy(input, 0, inPtr, input.Length); + + int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key); + + if (ret > 0) + { + Marshal.Copy(outPtr, output, 0, ret); + } + + Marshal.FreeHGlobal(inPtr); + Marshal.FreeHGlobal(outPtr); + + return ret > 0 ? 0 : ret; + } + + /// + /// Free an RSA key structure + /// + /// RSA key structure allocated using RsaMakeKey() or RsaImportKey() + public static void RsaFreeKey(IntPtr key) + { + if (key != IntPtr.Zero) + { + wc_FreeRsaKey(key); + } + } + /* END RSA */ + + + /*********************************************************************** + * ED25519 + **********************************************************************/ + + /// + /// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG. + /// + /// Heap to use for memory allocations (can be IntPtr.Zero). + /// Device ID for hardware-based keys (can be 0 for software). + /// 0 on success, or an error code on failure. + public static IntPtr Ed25519MakeKey(IntPtr heap, int devId) + { + int ret = 0; + IntPtr rng = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + key = wc_ed25519_new(heap, devId); + if (key != IntPtr.Zero) + { + ret = wc_ed25519_make_key(rng, 32, key); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 make key exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (rng != IntPtr.Zero) RandomFree(rng); + if (ret != 0) + { + wc_ed25519_free(key); + key = IntPtr.Zero; + } + } + + return key; + } + + /// + /// Sign a message with an ED25519 private key. + /// + /// Message to be signed + /// Buffer to receive the signature + /// Private key used for signing + /// 0 on success, otherwise an error code + public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key) + { + int ret; + IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); + IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE); + outMsg = null; + + try + { + Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length); + uint outMsgSize = (uint)ED25519_SIG_SIZE; + ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key); + if (ret == 0) + { + outMsg = new byte[outMsgSize]; + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize); + } + } + finally + { + /* Clenup */ + if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Verify a signature of a message with an ED25519 public key. + /// + /// Signature to verify + /// Message that was signed + /// Public key used for verification + /// 0 if the verification succeeds, otherwise an error code + public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key) + { + IntPtr sigPtr = IntPtr.Zero; + IntPtr msgPtr = IntPtr.Zero; + int ret = 0; + + try + { + /* Allocate memory */ + sigPtr = Marshal.AllocHGlobal(sig.Length); + msgPtr = Marshal.AllocHGlobal(msg.Length); + + Marshal.Copy(sig, 0, sigPtr, sig.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + int verify = 0; + ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key); + + if (ret == 0 && verify == 1) + { + ret = 0; + } + else + { + ret = SIG_VERIFY_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 verify exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + } + + return ret; + } + + /// + /// Decode an ED25519 private key from DER format. + /// + /// DER-encoded private key as byte array. + /// Allocated ED25519 key structure or IntPtr.Zero on failure. + public static IntPtr Ed25519PrivateKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Ed25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Ed25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Decode an ED25519 public key from DER format. + /// + /// DER-encoded public key as byte array. + /// Allocated ED25519 key structure or IntPtr.Zero on failure. + public static IntPtr Ed25519PublicKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Ed25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Ed25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export an ED25519 key to DER format. + /// + /// ED25519 key structure. + /// DER-encoded public key as byte array. + /// DER-encoded key as byte array. + public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey) + { + int ret; + privKey = null; + + try + { + /* Get length */ + int len = wc_Ed25519KeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + privKey = new byte[len]; + ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch(Exception e) + { + log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an ED25519 private key to DER format. + /// + /// ED25519 private key structure. + /// DER-encoded private key as byte array. + /// DER-encoded private key as byte array. + public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Ed25519PrivateKeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an ED25519 public key to DER format. + /// + /// ED25519 public key structure. + /// Whether to include the algorithm identifier in the output. + /// DER-encoded public key as byte array. + /// An error code indicating success (0) or failure (negative value). + public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg) + { + int ret; + pubKey = null; + + try + { + /* Determine length */ + int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + pubKey = new byte[len]; + ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Free an ED25519 key. + /// + /// Key to be freed + public static void Ed25519FreeKey(IntPtr key) + { + wc_ed25519_free(key); + } + /* END ED25519 */ + + + /*********************************************************************** + * RAW ED25519 + **********************************************************************/ + + /// + /// Initialize an ED25519 key. + /// + /// Buffer to receive the initialized key + /// 0 on success, otherwise an error code + public static int Ed25519InitKey(out IntPtr key) + { + key = IntPtr.Zero; + try + { + key = Marshal.AllocHGlobal(ED25519_SIG_SIZE); + int ret = wc_ed25519_init(key); + + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return ret; + } + catch + { + /* Cleanup */ + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + throw; + } + } + + /// + /// Import a public key into an ED25519 key structure. + /// + /// Public key to import + /// Length of the public key + /// Buffer to receive the imported key + /// 0 on success, otherwise an error code + public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key) + { + int ret; + key = IntPtr.Zero; + IntPtr inMsgPtr = IntPtr.Zero; + + try + { + /* Allocate memory */ + key = Marshal.AllocHGlobal(ED25519_PUB_KEY_SIZE); + if (key == IntPtr.Zero) + { + throw new OutOfMemoryException("Failed to allocate memory for the key."); + } + + inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); + if (inMsgPtr == IntPtr.Zero) + { + throw new OutOfMemoryException("Failed to allocate memory for the input message."); + } + Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length); + + ret = wc_ed25519_import_public(inMsgPtr, inLen, key); + if (ret != 0) + { + return ret; + } + } + catch (Exception ex) + { + Console.WriteLine($"Exception in EdImportPublic: {ex.Message}"); + + return EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + } + + return ret; + } + + /// + /// Export a public key from an ED25519 key structure. + /// + /// ED25519 key structure + /// Buffer to receive the exported public key + /// Length of the exported public key + /// 0 on success, otherwise an error code + public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen) + { + int ret; + IntPtr outMsgPtr = IntPtr.Zero; + + try + { + outMsgPtr = Marshal.AllocHGlobal(outMsg.Length); + outLen = (uint)outMsg.Length; + ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen); + if (ret == 0) + { + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen); + } + else + { + outLen = 0; + } + } + finally + { + /* Cleanup */ + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Export a private key from an ED25519 key structure. + /// + /// ED25519 key structure + /// Buffer to receive the exported private key + /// Length of the exported private key + /// 0 on success, otherwise an error code + public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen) + { + int ret; + IntPtr outMsgPtr = IntPtr.Zero; + + try + { + outMsgPtr = Marshal.AllocHGlobal(outMsg.Length); + outLen = (uint)outMsg.Length; + ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen); + if (ret == 0) + { + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen); + } + else + { + outLen = 0; + } + } + finally + { + /* Cleanup */ + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Generate a public key from a private key. + /// + /// The private key used to generate the public key + /// Buffer to receive the public key + /// Size of the public key buffer + /// 0 on success, otherwise an error code + public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz) + { + int ret; + IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length); + + try + { + pubKeySz = (uint)pubKey.Length; + ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz); + if (ret == 0) + { + Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz); + } + } + finally + { + /* Cleanup */ + if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr); + } + + return ret; + } + + /// + /// Get the size of the ED25519 key. + /// + /// ED25519 key structure + /// Size of the key, or an error code if failed + public static int Ed25519GetKeySize(IntPtr key) + { + return wc_ed25519_size(key); + } + /* END RAW ED25519 */ + + + /*********************************************************************** + * Curve25519 + **********************************************************************/ + + /// + /// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG. + /// + /// Heap to use for memory allocations (can be IntPtr.Zero). + /// Device ID for hardware-based keys (can be 0 for software). + /// 0 on success, or an error code on failure. + public static IntPtr Curve25519MakeKey(IntPtr heap, int devId) + { + int ret = 0; + IntPtr rng = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + key = wc_curve25519_new(heap, devId); + if (key != IntPtr.Zero) + { + ret = wc_curve25519_make_key(rng, 32, key); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (rng != IntPtr.Zero) RandomFree(rng); + if (ret != 0) + { + wc_curve25519_free(key); + key = IntPtr.Zero; + } + } + + return key; + } + + /// + /// Decode an Curve25519 private key from DER format. + /// + /// DER-encoded private key as byte array. + /// Allocated Curve25519 key structure or IntPtr.Zero on failure. + public static IntPtr Curve25519PrivateKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Curve25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Curve25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Decode an Curve25519 public key from DER format. + /// + /// DER-encoded public key as byte array. + /// Allocated Curve25519 key structure or IntPtr.Zero on failure. + public static IntPtr Curve25519PublicKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID); + if (key != IntPtr.Zero) + { + ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Curve25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Curve25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export an Curve25519 key to DER format. + /// + /// Curve25519 key structure. + /// DER-encoded public key as byte array. + /// DER-encoded key as byte array. + public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Curve25519PrivateKeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an Curve25519 public key to DER format. + /// + /// Curve25519 public key structure. + /// Whether to include the algorithm identifier in the output. + /// DER-encoded public key as byte array. + /// An error code indicating success (0) or failure (negative value). + public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Free an Curve25519 key. + /// + /// Key to be freed + public static void Curve25519FreeKey(IntPtr key) + { + wc_curve25519_free(key); + } + /* END Curve25519 */ + + + /*********************************************************************** + * RAW Curve25519 + **********************************************************************/ + + /// + /// Generate a shared secret using Curve25519 + /// + /// Curve25519 private key + /// Curve25519 public key + /// Buffer to receive the shared secret + /// 0 on success, otherwise an error code + public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret) + { + int ret; + int secretLength = secret.Length; + + try + { + ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength); + if (ret != 0) + { + throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Import a Curve25519 private key from a byte array + /// + /// Private key byte array + /// Allocated Curve25519 key structure or null + public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) + { + IntPtr key = IntPtr.Zero; + + try + { + key = Marshal.AllocHGlobal(privateKey.Length); + Marshal.Copy(privateKey, 0, key, privateKey.Length); + int ret = wc_curve25519_import_private(key, privateKey.Length, key); + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString()); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Import a Curve25519 public key from a byte array + /// + /// Public key byte array + /// Allocated Curve25519 key structure or null + public static IntPtr Curve25519ImportPublicKey(byte[] publicKey) + { + IntPtr key = IntPtr.Zero; + + try + { + key = Marshal.AllocHGlobal(publicKey.Length); + Marshal.Copy(publicKey, 0, key, publicKey.Length); + int ret = wc_curve25519_import_public(key, publicKey.Length, key); + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString()); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export a Curve25519 private key to a byte array + /// + /// Curve25519 key structure + /// Private key as byte array + public static byte[] Curve25519ExportPrivateKey(IntPtr key) + { + byte[] privateKey = new byte[ED25519_KEY_SIZE]; + uint privSize = (uint)privateKey.Length; + int ret = wc_curve25519_export_public(key, privateKey, ref privSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 private key. Error code: " + ret); + } + return privateKey; + } + + /// + /// Export a Curve25519 public key to a byte array + /// + /// Curve25519 key structure + /// Public key as byte array + public static byte[] Curve25519ExportPublicKey(IntPtr key) + { + byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE]; + uint pubSize = (uint)publicKey.Length; + int ret = wc_curve25519_export_public(key, publicKey, ref pubSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 public key. Error code: " + ret); + } + return publicKey; + } + + /// + /// Export both private and public keys from a Curve25519 key structure + /// + /// Curve25519 key structure + /// A tuple containing the private key and public key as byte arrays + public static (byte[] privateKey, byte[] publicKey) Curve25519ExportKeyRaw(IntPtr key) + { + byte[] privateKey = new byte[ED25519_KEY_SIZE]; + byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE]; + uint privSize = (uint)privateKey.Length; + uint pubSize = (uint)publicKey.Length; + int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 keys. Error code: " + ret); + } + return (privateKey, publicKey); + } + /* END RAW Curve25519 */ + + + /*********************************************************************** + * AES-GCM + **********************************************************************/ + + /// + /// Creates a new AES context. + /// + /// Pointer to a memory heap, or IntPtr.Zero to use the default heap. + /// The device ID to associate with this AES context. + /// A pointer to the newly created AES context, or IntPtr.Zero on failure. + public static IntPtr AesNew(IntPtr heap, int devId) + { + IntPtr aesPtr = IntPtr.Zero; + + try + { + aesPtr = wc_AesNew(heap, devId); + + if (aesPtr == IntPtr.Zero) + { + throw new Exception("Failed to create AES context."); + } + + } + catch (Exception e) + { + Console.WriteLine($"AES context creation failed: {e.Message}"); + } + + return aesPtr; + } + + /// + /// Initialize and set the AES key for AES-GCM operations. + /// + /// AES-GCM context pointer. + /// The AES key (either 128, 192, or 256 bits). + /// 0 on success, otherwise an error code. + public static int AesGcmSetKey(IntPtr aes, byte[] key) + { + IntPtr keyPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + keyPtr = Marshal.AllocHGlobal(key.Length); + Marshal.Copy(key, 0, keyPtr, key.Length); + + ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length); + if (ret != 0) + { + throw new Exception($"AES-GCM initialization failed with error code {ret}"); + } + } + finally + { + /* Cleanup */ + if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); + } + + return ret; + } + + /// + /// Wrapper method to initialize the AES-GCM context with a given key and IV. + /// + /// Pointer to the AES-GCM context that needs to be initialized. + /// Byte array containing the AES key. + /// Byte array containing the initialization vector (IV). + public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv) + { + IntPtr keyPtr = IntPtr.Zero; + IntPtr ivPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory for key and IV */ + keyPtr = Marshal.AllocHGlobal(key.Length); + Marshal.Copy(key, 0, keyPtr, key.Length); + + ivPtr = Marshal.AllocHGlobal(iv.Length); + Marshal.Copy(iv, 0, ivPtr, iv.Length); + + ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length); + if (ret != 0) + { + throw new Exception($"AES-GCM initialization failed with error code {ret}"); + } + } + finally + { + /* Cleanup */ + if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + } + + return ret; + } + + /// + /// Encrypt data using AES-GCM + /// + /// AES-GCM context pointer. + /// Initialization Vector (IV) + /// Data to encrypt + /// Buffer to receive the encrypted data + /// Buffer to receive the authentication tag + /// 0 on success, otherwise an error code + public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext, + byte[] ciphertext, byte[] authTag, byte[] addAuth = null) + { + int ret; + IntPtr ivPtr = IntPtr.Zero; + IntPtr ciphertextPtr = IntPtr.Zero; + IntPtr plaintextPtr = IntPtr.Zero; + IntPtr authTagPtr = IntPtr.Zero; + IntPtr addAuthPtr = IntPtr.Zero; + uint addAuthSz = 0; + + try + { + /* Allocate memory */ + ivPtr = Marshal.AllocHGlobal(iv.Length); + ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length); + plaintextPtr = Marshal.AllocHGlobal(plaintext.Length); + authTagPtr = Marshal.AllocHGlobal(authTag.Length); + if (addAuth != null) { + addAuthSz = (uint)addAuth.Length; + addAuthPtr = Marshal.AllocHGlobal(addAuth.Length); + Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length); + } + + Marshal.Copy(iv, 0, ivPtr, iv.Length); + Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length); + + /* Encrypt data */ + ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length, + ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz); + if (ret < 0) + { + log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret); + } + else { + Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length); + Marshal.Copy(authTagPtr, authTag, 0, authTag.Length); + ret = 0; + } + } + catch (Exception e) + { + log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr); + if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); + if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); + if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); + } + + return ret; + } + + /// + /// Decrypt data using AES-GCM + /// + /// AES-GCM context pointer. + /// Initialization Vector (IV) + /// Data to decrypt + /// Buffer to receive the decrypted data + /// Authentication tag for verification + /// 0 on success, otherwise an error code + public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext, + byte[] plaintext, byte[] authTag, byte[] addAuth = null) + { + int ret; + IntPtr ivPtr = IntPtr.Zero; + IntPtr ciphertextPtr = IntPtr.Zero; + IntPtr plaintextPtr = IntPtr.Zero; + IntPtr authTagPtr = IntPtr.Zero; + IntPtr addAuthPtr = IntPtr.Zero; + uint addAuthSz = 0; + + try + { + /* Allocate memory */ + ivPtr = Marshal.AllocHGlobal(iv.Length); + ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length); + plaintextPtr = Marshal.AllocHGlobal(plaintext.Length); + authTagPtr = Marshal.AllocHGlobal(authTag.Length); + if (addAuth != null) { + addAuthSz = (uint)addAuth.Length; + addAuthPtr = Marshal.AllocHGlobal(addAuth.Length); + Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length); + } + + Marshal.Copy(iv, 0, ivPtr, iv.Length); + Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length); + Marshal.Copy(authTag, 0, authTagPtr, authTag.Length); + + /* Decrypt data */ + ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length, + ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz); + if (ret < 0) + { + log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret); + } + else { + Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length); + ret = 0; + } + } + catch (Exception e) + { + log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr); + if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); + if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); + if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); + } + + return ret; + } + + /// + /// Free AES-GCM context + /// + /// AES-GCM context + public static void AesGcmFree(IntPtr aes) + { + if (aes != IntPtr.Zero) + { + wc_AesFree(aes); + } + } + /* END AES-GCM */ + + + /*********************************************************************** + * HASH + **********************************************************************/ + + /// + /// Allocate and set up a new hash context with proper error handling + /// + /// The type of hash (SHA-256, SHA-384, etc.) + /// Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable) + /// Device ID (if applicable, otherwise use INVALID_DEVID) + /// Allocated hash context pointer or IntPtr.Zero on failure + public static IntPtr HashNew(uint hashType, IntPtr heap, int devId) + { + IntPtr hash = IntPtr.Zero; + + try + { + /* Allocate new hash */ + hash = wc_HashNew(hashType, heap, devId); + if (hash == IntPtr.Zero) + { + throw new Exception("Failed to allocate new hash context."); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashNew Exception: " + e.ToString()); + } + + return hash; + } + + /// + /// Initialize the hash context for a specific hash type with proper error handling + /// + /// Hash context pointer + /// The type of hash (SHA-256, SHA-384, etc.) + /// 0 on success, otherwise an error code + public static int InitHash(IntPtr hash, uint hashType) + { + int ret = 0; + + try + { + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + + ret = wc_HashInit(hash, hashType); + if (ret != 0) + { + throw new Exception($"Failed to initialize hash context. Error code: {ret}"); + } + } + catch (Exception e) + { + /* Cleanup */ + log(ERROR_LOG, "InitHash Exception: " + e.ToString()); + if (hash != IntPtr.Zero) wc_HashFree(hash, hashType); + } + + return ret; + } + + /// + /// Update the hash with data + /// + /// Hash context pointer + /// The type of hash + /// Byte array of the data to hash + /// 0 on success, otherwise an error code + public static int HashUpdate(IntPtr hash, uint hashType, byte[] data) + { + int ret = 0; + IntPtr dataPtr = IntPtr.Zero; + + try + { + /* Check parameters */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + if (data == null || data.Length == 0) + throw new Exception("Invalid data array."); + + /* Allocate memory */ + dataPtr = Marshal.AllocHGlobal(data.Length); + Marshal.Copy(data, 0, dataPtr, data.Length); + + /* Update hash */ + ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length); + if (ret != 0) + { + throw new Exception($"Failed to update hash. Error code: {ret}"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashUpdate Exception: " + e.ToString()); + } + finally + { + /* Cleanup */ + if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr); + } + + return ret; + } + + /// + /// Finalize the hash and output the result + /// + /// Hash context pointer + /// The type of hash + /// Byte array where the hash output will be stored + /// 0 on success, otherwise an error code + public static int HashFinal(IntPtr hash, uint hashType, out byte[] output) + { + int ret = 0; + IntPtr outputPtr = IntPtr.Zero; + + try + { + /* Get hash size and initialize */ + int hashSize = wc_HashGetDigestSize(hashType); + output = new byte[hashSize]; + + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + if (hashSize <= 0) + throw new Exception("Invalid hash size."); + + /* Allocate memory */ + outputPtr = Marshal.AllocHGlobal(hashSize); + + ret = wc_HashFinal(hash, hashType, outputPtr); + if (ret != 0) + { + throw new Exception($"Failed to finalize hash. Error code: {ret}"); + } + + Marshal.Copy(outputPtr, output, 0, hashSize); + } + catch (Exception e) + { + log(ERROR_LOG, "HashFinal Exception: " + e.ToString()); + output = null; + } + finally + { + /* Cleanup */ + if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr); + } + + return ret; + } + + /// + /// Free the allocated hash context with proper error handling + /// + /// Hash context pointer to be freed + /// The type of hash + /// 0 on success, otherwise an error code + public static int HashFree(IntPtr hash, uint hashType) + { + int ret = 0; + + try + { + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null, cannot free."); + + /* Free hash */ + ret = wc_HashFree(hash, hashType); + if (ret != 0) + { + throw new Exception($"Failed to free hash context. Error code: {ret}"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashFree Exception: " + e.ToString()); + } + + return ret; + } + + /// + /// Hash type enum values + /// + public enum hashType + { + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 15, + } + /* END HASH */ + + + /*********************************************************************** + * Logging / Other + **********************************************************************/ + + /// + /// Set the function to use for logging + /// + /// Function that conforms as to loggingCb + /// 0 on success + public static int SetLogging(loggingCb input) + { + internal_log = input; + return SUCCESS; + } + + /// + /// Get error string for wolfCrypt error codes + /// + /// Negative error number from wolfCrypt API + /// Error string + public static string GetError(int error) + { + try + { + IntPtr errStr = wc_GetErrorString(error); + return Marshal.PtrToStringAnsi(errStr); + } + catch (Exception e) + { + log(ERROR_LOG, "Get error exception " + e.ToString()); + return string.Empty; + } + } + + /// + /// Compares two byte arrays. + /// + /// The first byte array to compare. + /// The second byte array to compare. + /// True if both arrays are equal; otherwise, false. + public static bool ByteArrayVerify(byte[] array1, byte[] array2) + { + if (ReferenceEquals(array1, array2)) return true; + if (array1 == null || array2 == null) return false; + if (array1.Length != array2.Length) return false; + + for (int i = 0; i < array1.Length; i++) + { + if (array1[i] != array2[i]) return false; + } + return true; + } + } +} + + diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj index c7df2aafc..a560347cc 100755 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj @@ -17,7 +17,7 @@ true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -25,14 +25,14 @@ pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 3 full @@ -41,7 +41,7 @@ MinimumRecommendedRules.ruleset - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly @@ -60,6 +60,7 @@ + diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj new file mode 100644 index 000000000..534c4255c --- /dev/null +++ b/wrapper/CSharp/wolfssl.vcxproj @@ -0,0 +1,456 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + Release + Win32 + + + Release + x64 + + + + {67932048-d67e-4c86-b55f-90899b9bda64} + wolfssl + Win32Proj + + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\AnyCPU\ + $(Configuration)\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\AnyCPU\ + $(Configuration)\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)Release\$(Platform)\ + Release\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)Release\AnyCPU\ + Release\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)Debug\$(Platform)\ + Debug\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)Debug\AnyCPU\ + Debug\AnyCPU\$(ProjectName)_obj\ + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + false + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + true + true + true + true + + + + + + From 7989dd87132334df2fad4d610835aead806ab512 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 24 Sep 2024 15:54:17 -0700 Subject: [PATCH 097/325] Refactor the AES ECB/Direct, CBC and CTR tests. --- wolfcrypt/test/test.c | 667 ++++++++++++++++++++---------------------- 1 file changed, 323 insertions(+), 344 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 45d97755f..f0113962a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -570,6 +570,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void); #if defined(WOLFSSL_AES_CFB) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void); #endif @@ -1882,6 +1884,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifndef NO_AES + /* key sizes, ECB and Direct tests */ if ( (ret = aes_test()) != 0) TEST_FAIL("AES test failed!\n", ret); else @@ -1902,6 +1905,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("AES256 test passed!\n"); #endif +#ifdef HAVE_AES_CBC + if ( (ret = aes_cbc_test()) != 0) + TEST_FAIL("AES-CBC test failed!\n", ret); + else + TEST_PASS("AES-CBC test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_COUNTER + if ( (ret = aes_ctr_test()) != 0) + TEST_FAIL("AES-CTR test failed!\n", ret); + else + TEST_PASS("AES-CTR test passed!\n"); +#endif + #ifdef WOLFSSL_AES_OFB if ( (ret = aesofb_test()) != 0) TEST_FAIL("AES-OFB test failed!\n", ret); @@ -10260,11 +10277,12 @@ EVP_TEST_END: #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ #endif /* WOLFSSL_AES_CFB */ +#ifndef HAVE_RENESAS_SYNC static wc_test_ret_t aes_key_size_test(void) { wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *aes; + Aes *aes = NULL; #else Aes aes[1]; #endif @@ -10285,8 +10303,14 @@ static wc_test_ret_t aes_key_size_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + aes = wc_AesNew(HEAP_HINT, devId); + if (aes == NULL) return WC_TEST_RET_ENC_ERRNO; +#else + ret = wc_AesInit(aes, HEAP_HINT, devId); + /* 0 check OK for FIPSv1 */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #if !defined(HAVE_FIPS) || \ @@ -10298,11 +10322,6 @@ static wc_test_ret_t aes_key_size_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - ret = wc_AesInit(aes, HEAP_HINT, devId); - /* 0 check OK for FIPSv1 */ - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef HAVE_FIPS /* Parameter Validation testing. */ ret = wc_AesGetKeySize(NULL, NULL); @@ -10386,12 +10405,10 @@ static wc_test_ret_t aes_key_size_test(void) out: wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif return ret; } +#endif /* !HAVE_RENESAS_SYNC */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) @@ -12669,8 +12686,9 @@ static wc_test_ret_t aes_xts_args_test(void) #endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */ -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -static wc_test_ret_t aes_cbc_test(void) +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(HAVE_RENESAS_SYNC) +static wc_test_ret_t aes_cbc_oneshot_test(void) { byte cipher[AES_BLOCK_SIZE]; byte plain[AES_BLOCK_SIZE]; @@ -12714,172 +12732,18 @@ static wc_test_ret_t aes_cbc_test(void) } #endif -#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -static wc_test_ret_t aesecb_test(void) +#if defined(WOLFSSL_AES_COUNTER) && defined(HAVE_AES_DECRYPT) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { - wc_test_ret_t ret = 0; -#if defined(WOLFSSL_AES_256) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = NULL; -#else - Aes enc[1]; -#endif - byte cipher[AES_BLOCK_SIZE * 4]; -#ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = NULL; #else + Aes enc[1]; Aes dec[1]; #endif - byte plain[AES_BLOCK_SIZE * 4]; -#endif /* HAVE_AES_DECRYPT */ - - { - WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); - if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); - if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - #endif -#else - XMEMSET(enc, 0, sizeof(Aes)); - XMEMSET(dec, 0, sizeof(Aes)); - ret = wc_AesInit(enc, HEAP_HINT, devId); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, devId); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif - -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) - XMEMSET(plain, 0, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif -#endif /* HAVE_AES_DECRYPT */ - } - - out: - - wc_AesFree(enc); - wc_AesFree(dec); - -#endif /* WOLFSSL_AES_256 */ - - return ret; -} -#endif /* HAVE_AES_ECB */ - -#ifdef WOLFSSL_AES_COUNTER -static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) -{ + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; wc_test_ret_t ret = 0; /* test vectors from "Recommendation for Block Cipher Modes of @@ -13443,6 +13307,26 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) }; #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + WOLFSSL_ENTER("aes_ctr_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, @@ -13556,8 +13440,11 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ - out: + wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(dec); +#endif return ret; } #endif /* WOLFSSL_AES_COUNTER */ @@ -13566,8 +13453,9 @@ out: static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) { wc_test_ret_t ret = 0; - - WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef "; + /* keys padded to block size (16 bytes) */ + WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = + "0123456789abcdef "; WOLFSSL_SMALL_STACK_STATIC const byte key_192[] = "0123456789abcdef01234567 "; WOLFSSL_SMALL_STACK_STATIC const byte key_256[] = @@ -13590,16 +13478,33 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82 }; + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + int i; struct { const byte* key; int keySz; - const byte* iv; + const byte* iv; /* null uses 0's */ + const byte* plain; const byte* verify; } testVec[] = { - { key_128, 16, iv, verify_ecb_128 }, - { key_192, 24, iv, verify_ecb_192 }, - { key_256, 32, iv, verify_ecb_256 }, + { key_128, 16, iv, msg, verify_ecb_128 }, + { key_192, 24, iv, msg, verify_ecb_192 }, + { key_256, 32, iv, msg, verify_ecb_256 }, + { niKey, 32, NULL, niPlain, niCipher } }; #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) @@ -13615,8 +13520,8 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -13627,14 +13532,14 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } #ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); + XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + if (XMEMCMP(plain, testVec[i].plain, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); #endif /* HAVE_AES_DECRYPT */ (void)dec; @@ -13644,126 +13549,192 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) out: return ret; } -#endif +#endif /* HAVE_AES_ECB */ -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) +#ifdef WOLFSSL_AES_DIRECT +static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_direct_test"); + +#if defined(WOLFSSL_AES_256) + { + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_LINUXKM) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesEncryptDirect(enc, cipher, niPlain); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesEncryptDirect(enc, cipher, niPlain); +#endif + if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_LINUXKM) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesDecryptDirect(dec, plain, niCipher); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesDecryptDirect(dec, plain, niCipher); +#endif + if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + } + (void)dec; + (void)plain; +#endif /* WOLFSSL_AES_256 */ + +out: + return ret; +} +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef HAVE_AES_CBC + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) { -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = NULL; #else Aes enc[1]; #endif - byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = NULL; #else Aes dec[1]; #endif +#endif + byte cipher[AES_BLOCK_SIZE * 4]; +#ifdef HAVE_AES_DECRYPT byte plain [AES_BLOCK_SIZE * 4]; -#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ +#endif wc_test_ret_t ret = 0; -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - #ifdef HAVE_RENESAS_SYNC - const byte *key = - (byte*)guser_PKCbInfo.wrapped_key_aes128; - #else - WOLFSSL_SMALL_STACK_STATIC const - byte key[] = "0123456789abcdef "; /* align */ - #endif - WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */ - WOLFSSL_ENTER("aes_test"); + WOLFSSL_ENTER("aes_cbc_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_DIRECT) enc = wc_AesNew(HEAP_HINT, devId); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT dec = wc_AesNew(HEAP_HINT, devId); if (dec == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); #endif #else -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_DIRECT) XMEMSET(enc, 0, sizeof(Aes)); - #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + #ifdef HAVE_AES_DECRYPT XMEMSET(dec, 0, sizeof(Aes)); #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ -#ifdef HAVE_AES_ECB - ret = aes_ecb_test(enc, dec, cipher, plain); - if (ret != 0) - return ret; -#endif - - ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - WOLFSSL_MSG("failed wc_AesCbcDecrypt"); - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - } - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) { - WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare"); - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - } -#endif /* HAVE_AES_DECRYPT */ - /* skipped because wrapped key use in case of renesas sm */ - #ifndef HAVE_RENESAS_SYNC - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) { - WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare"); - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - } +#ifdef WOLFSSL_AES_128 + { + /* "Now is the time for all " w/o trailing 0 */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + #ifdef HAVE_RENESAS_SYNC + const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128; + #else + /* padded to 16-byye */ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; #endif + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; + + ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + WOLFSSL_MSG("failed wc_AesCbcDecrypt"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif /* HAVE_AES_DECRYPT */ + /* skipped because wrapped key use in case of renesas sm */ + #ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif + } #endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) @@ -13819,11 +13790,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 }; - WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210"; + WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = + "0123456789abcdeffedcba9876543210"; + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; word32 keySz, msgSz; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if ((bigCipher == NULL) || (bigPlain == NULL)) { @@ -14028,73 +14004,91 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) #endif /* HAVE_AES_DECRYPT */ } #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */ + + out: + + wc_AesFree(enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(dec); +#endif + + return ret; +} #endif /* HAVE_AES_CBC */ -#ifdef WOLFSSL_AES_COUNTER - ret = aesctr_test(enc, dec, cipher, plain); +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) +static wc_test_ret_t aes_ecb_direct_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif +#if !defined(HAVE_AES_DECRYPT) || \ + (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif + byte cipher[AES_BLOCK_SIZE]; + byte plain [AES_BLOCK_SIZE]; + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_ecb/direct_test"); + +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#else + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef HAVE_AES_ECB + ret = aes_ecb_test(enc, dec, cipher, plain); if (ret != 0) return ret; #endif -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - { - WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if !defined(HAVE_SELFTEST) && \ - (defined(WOLFSSL_LINUXKM) || \ - !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wc_AesEncryptDirect(enc, cipher, niPlain); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#else - wc_AesEncryptDirect(enc, cipher, niPlain); +#ifdef WOLFSSL_AES_DIRECT + ret = aes_direct_test(enc, dec, cipher, plain); + if (ret != 0) + return ret; #endif - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if !defined(HAVE_SELFTEST) && \ - (defined(WOLFSSL_LINUXKM) || \ - !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wc_AesDecryptDirect(dec, plain, niCipher); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#else - wc_AesDecryptDirect(dec, plain, niCipher); -#endif - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif /* HAVE_AES_DECRYPT */ - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + out: + + wc_AesFree(enc); + wc_AesFree(dec); + + return ret; +} +#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_test"); #ifndef HAVE_RENESAS_SYNC ret = aes_key_size_test(); @@ -14102,28 +14096,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) goto out; #endif -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ - !defined(HAVE_RENESAS_SYNC) - ret = aes_cbc_test(); +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) + ret = aes_ecb_direct_test(); if (ret != 0) - goto out; -#endif - -#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - ret = aesecb_test(); - if (ret != 0) - goto out; + return ret; #endif out: - -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) - wc_AesFree(enc); -#endif -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - wc_AesFree(dec); -#endif - return ret; } From 0bb41e1eb4e102a5852a910db2e5a3e2ff2df0d4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 24 Sep 2024 17:01:42 -0700 Subject: [PATCH 098/325] Resolve hash new leak due to improper heap hint check. Make sure isAllocated is initialized to 0. --- wolfcrypt/src/hash.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index d5988341d..5c9d3ff1e 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -710,6 +710,7 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; + hash->isAllocated = 0; switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 @@ -1146,8 +1147,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; - if (isAllocated && heap) + if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + } return ret; } From dbd3484fdc22ea57b270d5ab0f1833bbca97af1d Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 24 Sep 2024 17:17:35 -0700 Subject: [PATCH 099/325] Fix for issue with `wc_HashAlg` being a union. --- wolfcrypt/src/hash.c | 175 ++++++++++++++++++++++----------------- wolfssl/wolfcrypt/hash.h | 56 +++++++------ wolfssl/wolfcrypt/hmac.h | 29 +------ 3 files changed, 131 insertions(+), 129 deletions(-) diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 5c9d3ff1e..3e0c173c9 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -711,42 +711,44 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, return BAD_FUNC_ARG; hash->isAllocated = 0; + hash->type = type; + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_InitMd5_ex(&hash->md5, heap, devId); + ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_InitSha_ex(&hash->sha, heap, devId); + ret = wc_InitSha_ex(&hash->alg.sha, heap, devId); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_InitSha224_ex(&hash->sha224, heap, devId); + ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_InitSha256_ex(&hash->sha256, heap, devId); + ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_InitSha384_ex(&hash->sha384, heap, devId); + ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_InitSha512_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -755,35 +757,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_InitSha3_224(&hash->sha3, heap, devId); + ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_InitSha3_256(&hash->sha3, heap, devId); + ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_InitSha3_384(&hash->sha3, heap, devId); + ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_InitSha3_512(&hash->sha3, heap, devId); + ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_InitSm3(&hash->sm3, heap, devId); + ret = wc_InitSm3(&hash->alg.sm3, heap, devId); break; #endif @@ -823,42 +825,49 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash update type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Update(&hash->md5, data, dataSz); + ret = wc_Md5Update(&hash->alg.md5, data, dataSz); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaUpdate(&hash->sha, data, dataSz); + ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Update(&hash->sha224, data, dataSz); + ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Update(&hash->sha256, data, dataSz); + ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&hash->sha384, data, dataSz); + ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Update(&hash->sha512, data, dataSz); + ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -867,35 +876,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Update(&hash->sm3, data, dataSz); + ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz); break; #endif @@ -926,42 +935,49 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) if (hash == NULL || out == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash final type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Final(&hash->md5, out); + ret = wc_Md5Final(&hash->alg.md5, out); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaFinal(&hash->sha, out); + ret = wc_ShaFinal(&hash->alg.sha, out); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Final(&hash->sha224, out); + ret = wc_Sha224Final(&hash->alg.sha224, out); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Final(&hash->sha256, out); + ret = wc_Sha256Final(&hash->alg.sha256, out); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Final(&hash->sha384, out); + ret = wc_Sha384Final(&hash->alg.sha384, out); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Final(&hash->sha512, out); + ret = wc_Sha512Final(&hash->alg.sha512, out); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Final(&hash->sha512, out); + ret = wc_Sha512_224Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -970,35 +986,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Final(&hash->sha512, out); + ret = wc_Sha512_256Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Final(&hash->sha3, out); + ret = wc_Sha3_224_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Final(&hash->sha3, out); + ret = wc_Sha3_256_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Final(&hash->sha3, out); + ret = wc_Sha3_384_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Final(&hash->sha3, out); + ret = wc_Sha3_512_Final(&hash->alg.sha3, out); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Final(&hash->sm3, out); + ret = wc_Sm3Final(&hash->alg.sm3, out); break; #endif @@ -1031,48 +1047,55 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) if (hash == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash free type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + isAllocated = hash->isAllocated; switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - heap = hash->md5.heap; - wc_Md5Free(&hash->md5); + heap = hash->alg.md5.heap; + wc_Md5Free(&hash->alg.md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - heap = hash->sha.heap; - wc_ShaFree(&hash->sha); + heap = hash->alg.sha.heap; + wc_ShaFree(&hash->alg.sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - heap = hash->sha224.heap; - wc_Sha224Free(&hash->sha224); + heap = hash->alg.sha224.heap; + wc_Sha224Free(&hash->alg.sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - heap = hash->sha256.heap; - wc_Sha256Free(&hash->sha256); + heap = hash->alg.sha256.heap; + wc_Sha256Free(&hash->alg.sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - heap = hash->sha384.heap; - wc_Sha384Free(&hash->sha384); + heap = hash->alg.sha384.heap; + wc_Sha384Free(&hash->alg.sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - heap = hash->sha512.heap; - wc_Sha512Free(&hash->sha512); + heap = hash->alg.sha512.heap; + wc_Sha512Free(&hash->alg.sha512); ret = 0; #endif break; @@ -1080,7 +1103,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - wc_Sha512_224Free(&hash->sha512); + wc_Sha512_224Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1090,7 +1113,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - wc_Sha512_256Free(&hash->sha512); + wc_Sha512_256Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1098,34 +1121,34 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - heap = hash->sha3.heap; - wc_Sha3_224_Free(&hash->sha3); + heap = hash->alg.sha3.heap; + wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wc_Sha3_256_Free(&hash->sha3); + wc_Sha3_256_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - wc_Sha3_384_Free(&hash->sha3); + wc_Sha3_384_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - wc_Sha3_512_Free(&hash->sha3); + wc_Sha3_512_Free(&hash->alg.sha3); ret = 0; #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - heap = hash->sm3.heap; - wc_Sm3Free(&hash->sm3); + heap = hash->alg.sm3.heap; + wc_Sm3Free(&hash->alg.sm3); ret = 0; break; #endif @@ -1165,27 +1188,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5SetFlags(&hash->md5, flags); + ret = wc_Md5SetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaSetFlags(&hash->sha, flags); + ret = wc_ShaSetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224SetFlags(&hash->sha224, flags); + ret = wc_Sha224SetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256SetFlags(&hash->sha256, flags); + ret = wc_Sha256SetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384SetFlags(&hash->sha384, flags); + ret = wc_Sha384SetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1196,7 +1219,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512SetFlags(&hash->sha512, flags); + ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); #endif break; @@ -1205,13 +1228,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_SetFlags(&hash->sha3, flags); + ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3SetFlags(&hash->sm3, flags); + ret = wc_Sm3SetFlags(&hash->alg.sm3, flags); break; #endif @@ -1244,27 +1267,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5GetFlags(&hash->md5, flags); + ret = wc_Md5GetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaGetFlags(&hash->sha, flags); + ret = wc_ShaGetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224GetFlags(&hash->sha224, flags); + ret = wc_Sha224GetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256GetFlags(&hash->sha256, flags); + ret = wc_Sha256GetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384GetFlags(&hash->sha384, flags); + ret = wc_Sha384GetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1275,7 +1298,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512GetFlags(&hash->sha512, flags); + ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); #endif break; @@ -1284,13 +1307,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_GetFlags(&hash->sha3, flags); + ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3GetFlags(&hash->sm3, flags); + ret = wc_Sm3GetFlags(&hash->alg.sm3, flags); break; #endif diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 5c1a6d661..838d06665 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -93,32 +93,38 @@ enum wc_HashFlags { WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) }; -#ifndef NO_HASH_WRAPPER +/* hash union */ typedef union { - #ifndef NO_MD5 - wc_Md5 md5; - #endif - #ifndef NO_SHA - wc_Sha sha; - #endif - #ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; - #endif - #ifndef NO_SHA256 - wc_Sha256 sha256; - #endif - #ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; - #endif - #ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; - #endif - #ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; - #endif - #ifdef WOLFSSL_SM3 - wc_Sm3 sm3; - #endif +#ifndef NO_MD5 + wc_Md5 md5; +#endif +#ifndef NO_SHA + wc_Sha sha; +#endif +#ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; +#endif +#ifndef NO_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +#ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; +#endif +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; +#endif +} wc_Hashes; + +#ifndef NO_HASH_WRAPPER +typedef struct { + wc_Hashes alg; + enum wc_HashType type; /* sanity check */ unsigned int isAllocated:1; /* flag indicates if structure was allocated */ } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 98270ee7b..fd5d8d3a2 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -119,34 +119,7 @@ enum { #error "You have to have some kind of hash if you want to use HMAC." #endif - -/* hmac hash union */ -typedef union { -#ifndef NO_MD5 - wc_Md5 md5; -#endif -#ifndef NO_SHA - wc_Sha sha; -#endif -#ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; -#endif -#ifndef NO_SHA256 - wc_Sha256 sha256; -#endif -#ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; -#endif -#ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; -#endif -#ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; -#endif -#ifdef WOLFSSL_SM3 - wc_Sm3 sm3; -#endif -} wc_HmacHash; +typedef wc_Hashes wc_HmacHash; /* Hmac digest */ struct Hmac { From b9de3bbf1ab90f9120ac50f20d505f75dbcab938 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 25 Sep 2024 10:07:55 -0700 Subject: [PATCH 100/325] Fixes for memory leaks in test.c with wc_AesNew and wc_HashNew. --- wolfcrypt/test/test.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f0113962a..12c681279 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6265,8 +6265,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - hash->isAllocated = 1; /* free manually */ - (void)wc_HashFree(hash, WC_HASH_TYPE_NONE); + if (hash != NULL) { + hash->isAllocated = 1; /* free manually */ + (void)wc_HashFree(hash, hash->type); + } #endif return 0; @@ -15686,7 +15688,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void) static wc_test_ret_t aesccm_256_test(void) { - wc_test_ret_t ret; + wc_test_ret_t ret = 0; /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */ WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, @@ -15708,15 +15710,14 @@ static wc_test_ret_t aesccm_256_test(void) byte atag[sizeof(exp_tag)]; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES); + Aes* aes = wc_AesNew(HEAP_HINT, devId); if (aes == NULL) { - return MEMORY_E; + ret = WC_TEST_RET_ENC_EC(MEMORY_E); } #else Aes aes[1]; -#endif - ret = wc_AesInit(aes, HEAP_HINT, devId); +#endif if (ret == 0) { ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key)); } @@ -15751,10 +15752,6 @@ static wc_test_ret_t aesccm_256_test(void) wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif - return ret; } @@ -15766,7 +15763,7 @@ static wc_test_ret_t aesccm_128_test(void) { wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc; + Aes *enc = NULL; #else Aes enc[1]; #endif @@ -15867,7 +15864,7 @@ static wc_test_ret_t aesccm_128_test(void) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) enc = wc_AesNew(HEAP_HINT, devId); if (enc == NULL) - return WC_TEST_RET_ENC_ERRNO; + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); #else XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); @@ -15911,15 +15908,22 @@ static wc_test_ret_t aesccm_128_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif - XMEMSET(enc, 0, sizeof(Aes)); /* clear context */ XMEMSET(t2, 0, sizeof(t2)); XMEMSET(c2, 0, sizeof(c2)); XMEMSET(p2, 0, sizeof(p2)); XMEMSET(iv2, 0, sizeof(iv2)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesFree(enc); + enc = wc_AesNew(HEAP_HINT, devId); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif #ifndef HAVE_SELFTEST /* selftest build does not have wc_AesCcmSetNonce() or From 59389a0ef59852cb2f6e9bc8bb8525e5c0d9b6bb Mon Sep 17 00:00:00 2001 From: David Garske Date: Sat, 5 Oct 2024 11:52:22 -0700 Subject: [PATCH 101/325] Fix possible AES leaks detected with sanitizer and clang-tidy. --- wolfcrypt/src/aes.c | 11 ++++++++--- wolfcrypt/test/test.c | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index d7c12f21a..25b7be1c1 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -14060,11 +14060,16 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } - aes->isAllocated = 0; - wc_AesFree(aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + if (aes != NULL) #endif + { + aes->isAllocated = 0; + wc_AesFree(aes); + #ifdef WOLFSSL_SMALL_STACK + XFREE(aes, NULL, DYNAMIC_TYPE_AES); + #endif + } return ret; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 12c681279..dba82bcc9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -15913,8 +15913,8 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(p2, 0, sizeof(p2)); XMEMSET(iv2, 0, sizeof(iv2)); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) enc = wc_AesNew(HEAP_HINT, devId); if (enc == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); From 92faa915e417c3be6a227c292e14b6234ae83aa0 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 7 Oct 2024 08:53:00 +0000 Subject: [PATCH 102/325] sniffer: set ssl->curSize before invoking Do* routines commit 99a99e3d6e470c6eecb536d18f4042f6433afe93 changes DoApplication to use ssl->curSize as the size of the current decrypted record. Fix sniffer code to set this value. --- src/sniffer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/sniffer.c b/src/sniffer.c index 7be98cdef..d64e9099a 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -5006,6 +5006,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, return NULL; } + ssl->curSize = sz; ssl->keys.encryptSz = sz; if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) { output += ssl->specs.block_size; /* go past TLSv1.1 IV */ From cd5ddeb1c5fb9ede18f80d485eea98a1cae7d112 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 7 Oct 2024 14:20:50 -0500 Subject: [PATCH 103/325] Clear ctx in wolfSSL_EVP_DigestInit --- wolfcrypt/src/evp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 9a7ed5f9b..231222404 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -10505,6 +10505,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return WOLFSSL_FAILURE; } + wolfSSL_EVP_MD_CTX_init(ctx); + /* Set to 0 if no match */ ctx->macType = EvpMd2MacType(md); if (md == NULL) { From b4146bad184788b354ded4287129ce78d048e1aa Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 7 Oct 2024 13:09:47 -0700 Subject: [PATCH 104/325] Free X509 store ref on store free --- src/x509_str.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/x509_str.c b/src/x509_str.c index 9b90c4b72..dfb11fb02 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -869,6 +869,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) store->lookup.dirs = NULL; } #endif + wolfSSL_RefFree(&store->ref); XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } From f878220b81d81690a76b429f388b9d772a8cc8e2 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 4 Sep 2024 17:06:34 -0600 Subject: [PATCH 105/325] add WOLFSSL_LEFT_MOST_WILDCARD_ONLY support to X509_check_host() --- src/internal.c | 49 +++++++++++++++++++--------- src/x509.c | 3 +- tests/api.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++ wolfssl/internal.h | 10 ++++-- wolfssl/ssl.h | 2 ++ 5 files changed, 125 insertions(+), 20 deletions(-) diff --git a/src/internal.c b/src/internal.c index c61dfb341..6cb48bd0d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12508,16 +12508,20 @@ int CipherRequires(byte first, byte second, int requirement) #ifndef NO_CERTS - /* Match names with wildcards, each wildcard can represent a single name component or fragment but not multiple names, i.e., *.z.com matches y.z.com but not x.y.z.com + If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies + to left-most name component, compatible with RFC 2830 identity checking. + return 1 on success */ int MatchDomainName(const char* pattern, int patternLen, const char* str, - word32 strLen) + word32 strLen, unsigned int flags) { int ret = 0; + byte wildcardEligible = 1; + byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY; if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; @@ -12530,11 +12534,16 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, pattern++; - if (p == '*') { + if ((p == '*') && wildcardEligible) { char s; /* We will always match '*' */ patternLen--; + /* Only single wildcard allowed with strict left only */ + if (leftWildcardOnly) { + wildcardEligible = 0; + } + /* Consume any extra '*' chars until the next non '*' char. */ while (patternLen > 0) { p = (char)XTOLOWER((unsigned char)*pattern); @@ -12543,6 +12552,10 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, return 0; if (p != '*') break; + if (leftWildcardOnly && (p == '*')) { + /* RFC2830 only allows single left-most wildcard */ + return 0; + } patternLen--; } @@ -12574,6 +12587,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, } } else { + /* Past left-most wildcard location, not eligible if flag set*/ + if (leftWildcardOnly && wildcardEligible) { + wildcardEligible = 0; + } + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; @@ -12605,7 +12623,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, * -1 : No matches and wild pattern match failed. */ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, - int* checkCN) + int* checkCN, unsigned int flags) { int match = 0; DNS_entry* altName = NULL; @@ -12636,7 +12654,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, len = (word32)altName->len; } - if (MatchDomainName(buf, (int)len, domain, domainLen)) { + if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) { match = 1; if (checkCN != NULL) { *checkCN = 0; @@ -12665,13 +12683,14 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, * domainNameLen The length of the domain name. * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success. */ -int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) +int CheckHostName(DecodedCert* dCert, const char *domainName, + size_t domainNameLen, unsigned int flags) { int checkCN; int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH); if (CheckForAltNames(dCert, domainName, (word32)domainNameLen, - &checkCN) != 1) { + &checkCN, flags) != 1) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_MSG("DomainName match on alt names failed"); } @@ -12682,7 +12701,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY if (checkCN == 1) { if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, - domainName, (word32)domainNameLen) == 1) { + domainName, (word32)domainNameLen, flags) == 1) { ret = 0; } else { @@ -12699,7 +12718,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc) { WOLFSSL_MSG("Checking IPAddr"); - return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc)); + return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0); } @@ -13843,7 +13862,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, /* If altNames names is present, then subject common name is ignored */ if (args->dCert->altNames != NULL) { if (CheckForAltNames(args->dCert, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) { + (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -13857,7 +13876,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, args->dCert->subjectCN, args->dCert->subjectCNLen, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName)) == 0) { + (word32)XSTRLEN(ssl->param->hostName), 0) == 0) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -15747,7 +15766,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG("DomainName match on alt names failed"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; @@ -15762,7 +15781,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer) - )) == 0) + ), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); ret = DOMAIN_NAME_MISMATCH; @@ -15775,14 +15794,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->subjectCNLen, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : - (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0) + (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); if (CheckForAltNames(args->dCert, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN(ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG( "DomainName match on alt names failed too"); /* try to get peer key still */ diff --git a/src/x509.c b/src/x509.c index be1d36f2b..72563c4e6 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14338,7 +14338,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, WOLFSSL_ENTER("wolfSSL_X509_check_host"); /* flags and peername not needed for Nginx. */ - (void)flags; (void)peername; if ((x == NULL) || (chk == NULL)) { @@ -14390,7 +14389,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, chklen--; } - ret = CheckHostName(dCert, (char *)chk, chklen); + ret = CheckHostName(dCert, (char *)chk, chklen, flags); out: diff --git a/tests/api.c b/tests/api.c index 57587996f..9da4a0174 100644 --- a/tests/api.c +++ b/tests/api.c @@ -55652,20 +55652,42 @@ static int test_wolfSSL_X509_check_host(void) && !defined(NO_SHA) && !defined(NO_RSA) X509* x509 = NULL; const char altName[] = "example.com"; + const char badAltName[] = "a.example.com"; + /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + X509_free(x509); ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); #endif return EXPECT_RESULT(); } @@ -63359,6 +63381,12 @@ static int test_wolfSSL_X509_bad_altname(void) * name of "a*\0*". Ensure that it does not match "aaaaa" */ ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), 1); + X509_free(x509); #endif @@ -63479,6 +63507,26 @@ static int test_wolfSSL_X509_name_match(void) ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*' alt name does not have wildcard left-most */ + + /* Ensure that "a*" does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "a" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "abbbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); #endif @@ -63601,6 +63649,21 @@ static int test_wolfSSL_X509_name_match2(void) ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*b*' alt name does not have wildcard left-most */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication * on check len input handling, 0 for len is OK as it should then use * strlen(name1) */ @@ -63714,6 +63777,8 @@ static int test_wolfSSL_X509_name_match3(void) int nameLen1 = (int)(XSTRLEN(name1)); const char *name2 = "x.y.example.com"; int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "example.com"; + int nameLen3 = (int)(XSTRLEN(name3)); ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); @@ -63724,6 +63789,22 @@ static int test_wolfSSL_X509_name_match3(void) /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c7b7b6097..af76dcfd1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2240,9 +2240,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); -WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str, word32 strLen); +WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, + const char* str, word32 strLen, + unsigned int flags); #if !defined(NO_CERTS) && !defined(NO_ASN) -WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN); +WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, + word32 domainLen, int* checkCN, + unsigned int flags); WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType); #endif @@ -6252,7 +6256,7 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ #ifndef NO_ASN WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, - size_t domainNameLen); + size_t domainNameLen, unsigned int flags); #endif #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index fed17f656..bf5067d84 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -606,6 +606,8 @@ struct WOLFSSL_X509_STORE { #define WOLFSSL_NO_WILDCARDS 0x2 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 #define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 +/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */ +#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 From 4753e1c32e664903254fcb0db5d61c3fac85e230 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 8 Oct 2024 10:37:45 -0700 Subject: [PATCH 106/325] Use `byte` for `isAllocated` bit-field. Cleanup some of the "heap" hint logic. --- wolfcrypt/src/aes.c | 10 ++++++---- wolfcrypt/src/curve25519.c | 4 ++-- wolfcrypt/src/ed25519.c | 4 ++-- wolfcrypt/src/hash.c | 3 ++- wolfcrypt/src/rsa.c | 6 +++--- wolfssl/wolfcrypt/curve25519.h | 3 +-- wolfssl/wolfcrypt/ed25519.h | 4 ++-- wolfssl/wolfcrypt/hash.h | 2 +- wolfssl/wolfcrypt/rsa.h | 2 +- 9 files changed, 20 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 25b7be1c1..72dbe696d 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11448,16 +11448,18 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) /* Free Aes from use with async hardware */ void wc_AesFree(Aes* aes) { - unsigned int isAllocated; + void* heap; + byte isAllocated; if (aes == NULL) { return; } + heap = aes->heap; isAllocated = aes->isAllocated; #ifdef WC_DEBUG_CIPHER_LIFECYCLE - (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); + (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) @@ -11495,7 +11497,7 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + XFREE(aes->streamData, heap, DYNAMIC_TYPE_AES); aes->streamData = NULL; #endif @@ -11524,7 +11526,7 @@ void wc_AesFree(Aes* aes) #endif if (isAllocated) { - XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + XFREE(aes, heap, DYNAMIC_TYPE_AES); } } diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 304fa3b95..db3205a04 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -707,14 +707,14 @@ int wc_curve25519_init(curve25519_key* key) /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) { - int isAllocated = 0; void* heap; + byte isAllocated = 0; if (key == NULL) return; - isAllocated = key->isAllocated; heap = key->heap; + isAllocated = key->isAllocated; #ifdef WOLFSSL_SE050 se050_curve25519_free_key(key); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 363ecc4aa..d4610d3d9 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1023,14 +1023,14 @@ int wc_ed25519_init(ed25519_key* key) /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) { - int isAllocated = 0; void* heap; + byte isAllocated = 0; if (key == NULL) return; - isAllocated = key->isAllocated; heap = key->heap; + isAllocated = key->isAllocated; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 3e0c173c9..dc3521c11 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1041,8 +1041,8 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ - int isAllocated = 0; void* heap = NULL; + byte isAllocated = 0; if (hash == NULL) return BAD_FUNC_ARG; @@ -1172,6 +1172,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + (void)heap; } return ret; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 29295716b..3cd4c324b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -542,15 +542,15 @@ int wc_RsaGetKeyId(RsaKey* key, word32* keyId) int wc_FreeRsaKey(RsaKey* key) { int ret = 0; - int isAllocated = 0; void* heap; + byte isAllocated = 0; if (key == NULL) { return BAD_FUNC_ARG; } - isAllocated = key->isAllocated; heap = key->heap; + isAllocated = key->isAllocated; wc_RsaCleanup(key); @@ -587,7 +587,7 @@ int wc_FreeRsaKey(RsaKey* key) mp_clear(&key->n); #ifdef WOLFSSL_XILINX_CRYPT - XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); + XFREE(key->mod, heap, DYNAMIC_TYPE_KEY); key->mod = NULL; #endif diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 2d4d85173..d6240d626 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -99,8 +99,7 @@ struct curve25519_key { /* bit fields */ byte pubSet:1; byte privSet:1; - - unsigned int isAllocated:1; /* flag indicates if structure was allocated */ + byte isAllocated:1; /* flag indicates if structure was allocated */ }; enum { diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index b8b483ce2..763553ffa 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -106,10 +106,10 @@ struct ed25519_key { void *heap; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 sha; - unsigned int sha_clean_flag : 1; + byte sha_clean_flag : 1; #endif /* flag indicates if structure was allocated */ - unsigned int isAllocated : 1; + byte isAllocated : 1; }; #ifndef WC_ED25519KEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 838d06665..0fe45bb13 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -125,7 +125,7 @@ typedef union { typedef struct { wc_Hashes alg; enum wc_HashType type; /* sanity check */ - unsigned int isAllocated:1; /* flag indicates if structure was allocated */ + byte isAllocated:1; /* flag indicates if structure was allocated */ } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 4cff68a43..0cf701dc9 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,7 +269,7 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif - unsigned int isAllocated:1; /* flag indicates if structure was allocated */ + byte isAllocated:1; /* flag indicates if structure was allocated */ }; #ifndef WC_RSAKEY_TYPE_DEFINED From e4f4274b4a32101f69a3e87908c6ad2765b85b47 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 8 Oct 2024 12:11:15 -0700 Subject: [PATCH 107/325] Fix AesSivCipher heap hint on cleanup. --- wolfcrypt/src/aes.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 72dbe696d..193b216dc 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -14033,6 +14033,13 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } +#ifndef WOLFSSL_SMALL_STACK + /* make aes has heap hint and isAllocated initialized for cleanup below */ + if (ret != 0) { + XMEMSET(aes, 0, sizeof(Aes)); + } +#endif + if (ret == 0 && dataSz > 0) { sivTmp[12] &= 0x7f; sivTmp[8] &= 0x7f; @@ -14066,7 +14073,6 @@ static WARN_UNUSED_RESULT int AesSivCipher( if (aes != NULL) #endif { - aes->isAllocated = 0; wc_AesFree(aes); #ifdef WOLFSSL_SMALL_STACK XFREE(aes, NULL, DYNAMIC_TYPE_AES); From 052cf77233172959ec928d071e8b572ecdd5b883 Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 8 Oct 2024 16:11:46 -0500 Subject: [PATCH 108/325] acert: fix defines, cleanup, more testing. --- src/x509.c | 756 ++++++++++++++++++--------------- tests/api.c | 148 +++++++ wolfcrypt/src/asn.c | 25 ++ wolfssl/internal.h | 3 +- wolfssl/ssl.h | 21 +- wolfssl/wolfcrypt/asn.h | 1 - wolfssl/wolfcrypt/asn_public.h | 13 + 7 files changed, 613 insertions(+), 354 deletions(-) diff --git a/src/x509.c b/src/x509.c index 72563c4e6..91b305322 100644 --- a/src/x509.c +++ b/src/x509.c @@ -6049,25 +6049,6 @@ static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio, return ret; } -/* Sets buf pointer and len to raw Attribute buffer and buffer len - * in X509 struct. - * - * Returns WOLFSSL_SUCCESS on success. - * Returns BAD_FUNC_ARG if input pointers are null. - * */ -WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, - const byte ** rawAttr, - word32 * rawAttrLen) -{ - if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) { - return BAD_FUNC_ARG; - } - - *rawAttr = x509->rawAttr; - *rawAttrLen = x509->rawAttrLen; - - return WOLFSSL_SUCCESS; -} #endif /* if WOLFSSL_ACERT*/ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, @@ -7220,168 +7201,6 @@ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) } #if defined(WOLFSSL_ACERT) -WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( - const unsigned char* buf, int sz, int format) -{ - int ret = 0; - WOLFSSL_X509_ACERT * x509 = NULL; - DerBuffer * der = NULL; - #ifdef WOLFSSL_SMALL_STACK - DecodedAcert * acert = NULL; - #else - DecodedAcert acert[1]; - #endif - - WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer"); - - if (format == WOLFSSL_FILETYPE_PEM) { - #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buf, sz, ACERT_TYPE, &der, NULL, NULL, NULL); - - if (ret != 0 || der == NULL || der->buffer == NULL) { - WOLFSSL_ERROR(ret); - - if (der != NULL) { - FreeDer(&der); - } - - return NULL; - } - #else - WOLFSSL_ERROR(NOT_COMPILED_IN); - return NULL; - #endif - } - else { - ret = AllocDer(&der, (word32)sz, ACERT_TYPE, NULL); - - if (ret != 0 || der == NULL || der->buffer == NULL) { - WOLFSSL_ERROR(ret); - return NULL; - } - - XMEMCPY(der->buffer, buf, sz); - } - - #ifdef WOLFSSL_SMALL_STACK - acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (acert == NULL) { - WOLFSSL_ERROR(MEMORY_ERROR); - FreeDer(&der); - return NULL; - } - #endif - - InitDecodedAcert(acert, der->buffer, der->length, NULL); - - ret = ParseX509Acert(acert, VERIFY_SKIP_DATE); - - if (ret == 0) { - x509 = (WOLFSSL_X509_ACERT*)XMALLOC(sizeof(WOLFSSL_X509_ACERT), NULL, - DYNAMIC_TYPE_X509_ACERT); - if (x509 != NULL) { - wolfSSL_X509_ACERT_init(x509, NULL); - ret = CopyDecodedAcertToX509(x509, acert); - - if (ret != 0) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - } - else { - ret = MEMORY_ERROR; - } - } - - FreeDecodedAcert(acert); - - #ifdef WOLFSSL_SMALL_STACK - XFREE(acert, NULL, DYNAMIC_TYPE_DCERT); - #endif - - FreeDer(&der); - - if (ret != 0) { - WOLFSSL_ERROR(ret); - } - - return x509; -} - -void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, void* heap) -{ - if (x509 == NULL) { - WOLFSSL_MSG("error: InitX509Acert: null parameter"); - return; - } - - XMEMSET(x509, 0, sizeof(*x509)); - - x509->heap = heap; -} - -void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509) -{ - if (x509 == NULL) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); - return; - } - - /* Free holder and att cert issuer structures. */ - if (x509->holderIssuerName) { - FreeAltNames(x509->holderIssuerName, x509->heap); - x509->holderIssuerName = NULL; - } - - if (x509->AttCertIssuerName) { - FreeAltNames(x509->AttCertIssuerName, x509->heap); - x509->AttCertIssuerName = NULL; - } - - if (x509->rawAttr != NULL) { - XFREE(x509->rawAttr, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->rawAttr = NULL; - x509->rawAttrLen = 0; - } - - /* Free derCert source and signature buffer. */ - FreeDer(&x509->derCert); - - if (x509->sig.buffer != NULL) { - XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); - x509->sig.buffer = NULL; - } - - /* Finally memset and free x509 acert structure. */ - XMEMSET(x509, 0, sizeof(*x509)); - XFREE(x509, NULL, DYNAMIC_TYPE_X509_ACERT); - - return; -} - -long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509) -{ - int version = 0; - - if (x509 == NULL) { - return 0L; - } - - version = x509->version; - - return version != 0 ? (long)version - 1L : 0L; -} - -int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509) -{ - if (x509 == NULL) { - return 0; - } - - return x509->version; -} - /* Retrieve sig NID from an ACERT. * * returns NID on success @@ -7396,43 +7215,6 @@ int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509) return oid2nid((word32)x509->sigOID, oidSigType); } -/* Retrieve the signature from an ACERT. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] buf the signature buffer pointer - * @param [in, out] bufSz the signature buffer size pointer - * - * buf may be null, but bufSz is required. On success, sets - * bufSz pointer to signature length, and copies signature - * to buf if provided. - * - * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. - * Returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, - unsigned char* buf, int* bufSz) -{ - WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature"); - - if (x509 == NULL || bufSz == NULL) { - return WOLFSSL_FATAL_ERROR; - } - - /* If buf array is provided, it must be long enough. */ - if (buf != NULL && *bufSz < (int)x509->sig.length) { - return WOLFSSL_FATAL_ERROR; - } - - if (buf != NULL) { - /* Copy in buffer if provided. */ - XMEMCPY(buf, x509->sig.buffer, x509->sig.length); - } - - *bufSz = (int)x509->sig.length; - - return WOLFSSL_SUCCESS; -} - static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, int algOnly, int indent) { @@ -7475,43 +7257,6 @@ static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, return WOLFSSL_SUCCESS; } -/* Retrieve the serial number from an ACERT. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] buf the serial number buffer pointer - * @param [in, out] bufSz the serial number buffer size pointer - * - * buf may be null, but bufSz is required. On success, sets - * bufSz pointer to signature length, and copies signature - * to buf if provided. - * - * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. - * Returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, - byte* buf, int* bufSz) -{ - WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number"); - - if (x509 == NULL || bufSz == NULL) { - WOLFSSL_MSG("error: null argument passed in"); - return BAD_FUNC_ARG; - } - - if (buf != NULL) { - if (*bufSz < x509->serialSz) { - WOLFSSL_MSG("error: serial buffer too small"); - return BUFFER_E; - } - - XMEMCPY(buf, x509->serial, x509->serialSz); - } - - *bufSz = x509->serialSz; - - return WOLFSSL_SUCCESS; -} - static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, int indent) { @@ -8385,95 +8130,6 @@ int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey) } #endif /* WOLFSSL_CERT_REQ */ -#if defined(WOLFSSL_ACERT) - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, - WOLFSSL_EVP_PKEY * pkey, - const WOLFSSL_EVP_MD * md) -{ - WOLFSSL_STUB("X509_ACERT_sign"); - (void) x509; - (void) pkey; - (void) md; - return WOLFSSL_NOT_IMPLEMENTED; -} -#endif /* NO_WOLFSSL_STUB */ - -/* Helper function for ACERT_verify. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] outSz the x509 der length - * - * @return der buffer on success - * @return NULL on error - * */ -static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz) -{ - if (x509 == NULL || x509->derCert == NULL || outSz == NULL) { - return NULL; - } - - *outSz = (int)x509->derCert->length; - return x509->derCert->buffer; -} - -/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature. - * - * @param [in] x509 the x509 attribute certificate - * @param [in] pkey the evp_pkey - * - * @return WOLFSSL_SUCCESS on verify success - * @return < 0 on error - * */ -int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) -{ - int ret = 0; - const byte * der = NULL; - int derSz = 0; - int pkey_type; - - if (x509 == NULL || pkey == NULL) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg"); - return WOLFSSL_FATAL_ERROR; - } - - WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify"); - - der = acert_get_der(x509, &derSz); - - if (der == NULL || derSz <= 0) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed"); - return WOLFSSL_FATAL_ERROR; - } - - switch (pkey->type) { - case EVP_PKEY_RSA: - pkey_type = RSAk; - break; - - case EVP_PKEY_EC: - pkey_type = ECDSAk; - break; - - case EVP_PKEY_DSA: - pkey_type = DSAk; - break; - - default: - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type"); - return WOLFSSL_FATAL_ERROR; - } - - - ret = VerifyX509Acert(der, (word32)derSz, - (const byte *)pkey->pkey.ptr, pkey->pkey_sz, - pkey_type, x509->heap); - - return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif /* WOLFSSL_ACERT */ - #if !defined(NO_FILESYSTEM) static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { @@ -15588,7 +15244,417 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr) XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL); } } -#endif +#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) && + (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */ + +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + +/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer. + * + * @param [in] heap heap hint + * + * @return pointer on success + * @return NULL on error + * */ +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap) +{ + WOLFSSL_X509_ACERT* x509; + + x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap, + DYNAMIC_TYPE_X509_ACERT); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_init(x509, 1, heap); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void) +{ + return wolfSSL_X509_ACERT_new_ex(NULL); +} + +/* Initialize a WOLFSSL_X509_ACERT struct. + * + * If dynamic == 1, then the x509 pointer will be freed + * in wolfSSL_X509_ACERT_free. + * + * @param [in] x509 x509 acert pointer + * @param [in] dynamic dynamic mem flag + * @param [in] heap heap hint + * + * @return void + * */ +void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap) +{ + if (x509 == NULL) { + WOLFSSL_MSG("error: InitX509Acert: null parameter"); + return; + } + + XMEMSET(x509, 0, sizeof(*x509)); + + x509->heap = heap; + x509->dynamic = dynamic; +} + +/* Free a WOLFSSL_X509_ACERT struct and its sub-fields. + * + * If this ACERT was initialized with dynamic == 1, then + * the x509 pointer itself will be freed as well. + * + * @param [in] x509 x509 acert pointer + * + * @return void + * */ +void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509) +{ + int dynamic = 0; + void * heap = NULL; + + if (x509 == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); + return; + } + + dynamic = x509->dynamic; + heap = x509->heap; + + /* Free holder and att cert issuer structures. */ + if (x509->holderIssuerName) { + FreeAltNames(x509->holderIssuerName, heap); + x509->holderIssuerName = NULL; + } + + if (x509->AttCertIssuerName) { + FreeAltNames(x509->AttCertIssuerName, heap); + x509->AttCertIssuerName = NULL; + } + + if (x509->rawAttr != NULL) { + XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT); + x509->rawAttr = NULL; + x509->rawAttrLen = 0; + } + + /* Free derCert source and signature buffer. */ + FreeDer(&x509->derCert); + + if (x509->sig.buffer != NULL) { + XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE); + x509->sig.buffer = NULL; + } + + /* Finally memset and free x509 acert structure. */ + XMEMSET(x509, 0, sizeof(*x509)); + + if (dynamic == 1) { + XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT); + } + + return; +} + +#if defined(OPENSSL_EXTRA) +long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509) +{ + int version = 0; + + if (x509 == NULL) { + return 0L; + } + + version = x509->version; + + return version != 0 ? (long)version - 1L : 0L; +} +#endif /* OPENSSL_EXTRA */ + +int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509) +{ + if (x509 == NULL) { + return 0; + } + + return x509->version; +} + +/* Retrieve the serial number from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the serial number buffer pointer + * @param [in, out] bufSz the serial number buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, + byte* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number"); + + if (x509 == NULL || bufSz == NULL) { + WOLFSSL_MSG("error: null argument passed in"); + return BAD_FUNC_ARG; + } + + if (buf != NULL) { + if (*bufSz < x509->serialSz) { + WOLFSSL_MSG("error: serial buffer too small"); + return BUFFER_E; + } + + XMEMCPY(buf, x509->serial, x509->serialSz); + } + + *bufSz = x509->serialSz; + + return WOLFSSL_SUCCESS; +} + +/* Sets buf pointer and len to raw Attribute buffer and buffer len + * in X509 struct. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns BAD_FUNC_ARG if input pointers are null. + * */ +WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, + const byte ** rawAttr, + word32 * rawAttrLen) +{ + if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) { + return BAD_FUNC_ARG; + } + + *rawAttr = x509->rawAttr; + *rawAttrLen = x509->rawAttrLen; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, + WOLFSSL_EVP_PKEY * pkey, + const WOLFSSL_EVP_MD * md) +{ + WOLFSSL_STUB("X509_ACERT_sign"); + (void) x509; + (void) pkey; + (void) md; + return WOLFSSL_NOT_IMPLEMENTED; +} +#endif /* NO_WOLFSSL_STUB */ + +/* Helper function for ACERT_verify. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] outSz the x509 der length + * + * @return der buffer on success + * @return NULL on error + * */ +static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz) +{ + if (x509 == NULL || x509->derCert == NULL || outSz == NULL) { + return NULL; + } + + *outSz = (int)x509->derCert->length; + return x509->derCert->buffer; +} + +/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature. + * + * @param [in] x509 the x509 attribute certificate + * @param [in] pkey the evp_pkey + * + * @return WOLFSSL_SUCCESS on verify success + * @return < 0 on error + * */ +int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) +{ + int ret = 0; + const byte * der = NULL; + int derSz = 0; + int pkey_type; + + if (x509 == NULL || pkey == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg"); + return WOLFSSL_FATAL_ERROR; + } + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify"); + + der = acert_get_der(x509, &derSz); + + if (der == NULL || derSz <= 0) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed"); + return WOLFSSL_FATAL_ERROR; + } + + switch (pkey->type) { + case EVP_PKEY_RSA: + pkey_type = RSAk; + break; + + case EVP_PKEY_EC: + pkey_type = ECDSAk; + break; + + case EVP_PKEY_DSA: + pkey_type = DSAk; + break; + + default: + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type"); + return WOLFSSL_FATAL_ERROR; + } + + + ret = VerifyX509Acert(der, (word32)derSz, + (const byte *)pkey->pkey.ptr, pkey->pkey_sz, + pkey_type, x509->heap); + + return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap) +{ + int ret = 0; + WOLFSSL_X509_ACERT * x509 = NULL; + DerBuffer * der = NULL; + #ifdef WOLFSSL_SMALL_STACK + DecodedAcert * acert = NULL; + #else + DecodedAcert acert[1]; + #endif + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer"); + + if (format == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + + if (der != NULL) { + FreeDer(&der); + } + + return NULL; + } + #else + WOLFSSL_ERROR(NOT_COMPILED_IN); + return NULL; + #endif + } + else { + ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + return NULL; + } + + XMEMCPY(der->buffer, buf, sz); + } + + #ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap, + DYNAMIC_TYPE_DCERT); + if (acert == NULL) { + WOLFSSL_ERROR(MEMORY_ERROR); + FreeDer(&der); + return NULL; + } + #endif + + InitDecodedAcert(acert, der->buffer, der->length, heap); + + ret = ParseX509Acert(acert, VERIFY_SKIP_DATE); + + if (ret == 0) { + x509 = wolfSSL_X509_ACERT_new_ex(heap); + + if (x509 != NULL) { + ret = CopyDecodedAcertToX509(x509, acert); + + if (ret != 0) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + } + else { + ret = MEMORY_ERROR; + } + } + + FreeDecodedAcert(acert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(acert, heap, DYNAMIC_TYPE_DCERT); + #endif + + FreeDer(&der); + + if (ret != 0) { + WOLFSSL_ERROR(ret); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL); +} + +/* Retrieve the signature from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the signature buffer pointer + * @param [in, out] bufSz the signature buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, + unsigned char* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature"); + + if (x509 == NULL || bufSz == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + /* If buf array is provided, it must be long enough. */ + if (buf != NULL && *bufSz < (int)x509->sig.length) { + return WOLFSSL_FATAL_ERROR; + } + + if (buf != NULL) { + /* Copy in buffer if provided. */ + XMEMCPY(buf, x509->sig.buffer, x509->sig.length); + } + + *bufSz = (int)x509->sig.length; + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ #endif /* !NO_CERTS */ diff --git a/tests/api.c b/tests/api.c index 19b510746..d3310cf53 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14004,6 +14004,152 @@ static int test_wolfSSL_X509_ACERT_misc_api(void) return EXPECT_RESULT(); } +static int test_wolfSSL_X509_ACERT_buffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + X509_ACERT * x509 = NULL; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte serial[64]; + int serial_len = sizeof(serial); + const byte * raw_attr = NULL; + word32 attr_len = 0; + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, + sizeof(acert_ietf), + WOLFSSL_FILETYPE_PEM, + HEAP_HINT); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } +#endif + return EXPECT_RESULT(); +} + +/* Test ACERT support, but with ASN functions only. + * */ +static int test_wolfSSL_X509_ACERT_asn(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + DerBuffer * der = NULL; + #ifdef WOLFSSL_SMALL_STACK + DecodedAcert * acert = NULL; + #else + DecodedAcert acert[1]; + #endif + + rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, + HEAP_HINT, NULL, NULL); + + ExpectIntEQ(rc, 0); + ExpectNotNull(der); + + if (der != NULL) { + ExpectNotNull(der->buffer); + } + + #ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, + DYNAMIC_TYPE_DCERT); + ExpectNotNull(acert); + #endif + + #ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) + #endif + { + if (der != NULL && der->buffer != NULL) { + wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); + rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + } + + ExpectIntEQ(acert->serialSz, 20); + ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), + 0); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(acert->rawAttr); + ExpectIntEQ(acert->rawAttrLen, 65); + } + + #ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) { + XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); + acert = NULL; + } + #endif + + if (der != NULL) { + wc_FreeDer(&der); + } + +#endif + return EXPECT_RESULT(); +} + #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) @@ -97322,6 +97468,8 @@ TEST_CASE testCases[] = { /* X509 ACERT tests */ TEST_DECL(test_wolfSSL_X509_ACERT_verify), TEST_DECL(test_wolfSSL_X509_ACERT_misc_api), + TEST_DECL(test_wolfSSL_X509_ACERT_buffer), + TEST_DECL(test_wolfSSL_X509_ACERT_asn), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 979326527..11a7226f0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -41444,6 +41444,31 @@ int VerifyX509Acert(const byte* der, word32 derSz, FREE_ASNGETDATA(dataASN, heap); return ret; } + +void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, + void* heap) +{ + InitDecodedAcert(acert, source, inSz, heap); +} + +void wc_FreeDecodedAcert(DecodedAcert * acert) +{ + FreeDecodedAcert(acert); +} + +int wc_ParseX509Acert(DecodedAcert* acert, int verify) +{ + return ParseX509Acert(acert, verify); +} + +int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap) +{ + return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz, + pubKeyOID, heap); +} + #endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_SEP diff --git a/wolfssl/internal.h b/wolfssl/internal.h index af76dcfd1..8469f277e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5367,7 +5367,8 @@ struct WOLFSSL_X509_ACERT { #ifndef NO_CERTS DerBuffer * derCert; #endif - void* heap; + void * heap; + int dynamic; /* whether struct was dynamically allocated */ /* copy of raw Attributes field from */ byte holderSerial[EXTERNAL_SERIAL_SIZE]; int holderSerialSz; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bf5067d84..3d4f492d8 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3011,9 +3011,12 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif -#if defined(WOLFSSL_ACERT) +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void); WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, - void* heap); + int dynamic, void * heap); WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509); #ifndef NO_WOLFSSL_STUB WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, @@ -3022,8 +3025,14 @@ WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, #endif /* !NO_WOLFSSL_STUB */ WOLFSSL_API int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey); +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x); WOLFSSL_API int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509_acert); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( + WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x); +#endif /* OPENSSL_EXTRA */ WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, const byte ** rawAttr, word32 * rawAttrLen); @@ -3031,16 +3040,14 @@ WOLFSSL_API int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, unsigned char* in, int * inOutSz); WOLFSSL_API int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509); -WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x); -WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x); WOLFSSL_API int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, unsigned char* buf, int* bufSz); -WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( - WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap); WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( const unsigned char* buf, int sz, int format); -#endif +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ WOLFSSL_API const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 0ab2cb73f..ef3f352b3 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2719,7 +2719,6 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); /* Minimal structure for x509 attribute certificate (rfc 5755). * * The attributes field is not parsed, but is stored as raw buffer. - * * */ struct DecodedAcert { word32 certBegin; /* Offset to start of acert. */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 50663e8fd..fe15ab09d 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -969,6 +969,19 @@ WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der, int derSz); #endif +#if defined(WOLFSSL_ACERT) +/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/ +struct DecodedAcert; +WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert, + const byte* source, word32 inSz, + void* heap); +WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert); +WOLFSSL_API int wc_ParseX509Acert(struct DecodedAcert* acert, int verify); +WOLFSSL_API int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap); +#endif /* WOLFSSL_ACERT */ + #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \ defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT) #undef WOLFSSL_ASN_PRINT From 410e2f148c1a4fe1427a49019d3de34e2563ee26 Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 8 Oct 2024 16:17:16 -0500 Subject: [PATCH 109/325] Missing free call. --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index d3310cf53..5ec4bea86 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14133,6 +14133,8 @@ static int test_wolfSSL_X509_ACERT_asn(void) /* This cert has a 65 byte attributes field. */ ExpectNotNull(acert->rawAttr); ExpectIntEQ(acert->rawAttrLen, 65); + + wc_FreeDecodedAcert(acert); } #ifdef WOLFSSL_SMALL_STACK From deda5125983aeced94fb40400c0e0010f132100e Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 8 Oct 2024 17:05:53 -0500 Subject: [PATCH 110/325] acert: fix unused store error. --- tests/api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5ec4bea86..5e618619b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14071,8 +14071,7 @@ static int test_wolfSSL_X509_ACERT_buffer(void) static int test_wolfSSL_X509_ACERT_asn(void) { EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) const byte acert_ietf[] = \ "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" @@ -14124,6 +14123,7 @@ static int test_wolfSSL_X509_ACERT_asn(void) if (der != NULL && der->buffer != NULL) { wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + ExpectIntEQ(rc, 0); } ExpectIntEQ(acert->serialSz, 20); From bed680a96c8cb4a5aa7022b7a1fe43aa1c4af76d Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 8 Oct 2024 20:47:49 -0500 Subject: [PATCH 111/325] acert: line length. --- wolfssl/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 3d4f492d8..288bccb8d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3026,7 +3026,8 @@ WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, WOLFSSL_API int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey); #if defined(OPENSSL_EXTRA) -WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x); +WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid( + const WOLFSSL_X509_ACERT* x); WOLFSSL_API int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509_acert); WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( From 244fff844fe4f3562bb896ff2914304210c6074c Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 8 Oct 2024 21:21:25 -0500 Subject: [PATCH 112/325] acert: pacify c++ style comment warning. --- tests/api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5e618619b..d9c7df0ab 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14020,7 +14020,7 @@ static int test_wolfSSL_X509_ACERT_buffer(void) "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" @@ -14082,7 +14082,7 @@ static int test_wolfSSL_X509_ACERT_asn(void) "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" From a23d384e06c157aa79645a2b4c920d60ebd19e51 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 12:41:55 +0200 Subject: [PATCH 113/325] Improve guards to build with -mthumb-interwork --- wolfcrypt/src/port/arm/armv8-32-aes-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 2 +- wolfcrypt/src/port/arm/armv8-32-curve25519_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-kyber-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-sha256-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 6 +++--- wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 2 +- wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c | 6 +++--- 16 files changed, 32 insertions(+), 32 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index 553acadc2..a98ae9454 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_AES #ifdef HAVE_AES_DECRYPT diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index c21fbea52..14a8922e6 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -4854,7 +4854,7 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* !NO_AES */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S index b19bf515c..53ccdaaaa 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_CHACHA .text diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index 201cf2ee3..16039f247 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -570,7 +570,7 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, #endif /* HAVE_CHACHA */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index 669c3c023..73c3151cb 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index cd778c1d5..709b7d60b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -9430,7 +9430,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S index e24888a27..3ccd894d0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_WC_KYBER .text diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index df4285015..acf3a39b2 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -9233,7 +9233,7 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, #endif /* WOLFSSL_WC_KYBER */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index 63409c849..5e8814dd6 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_POLY1305 .text diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index b1985b9a2..dc0dffed8 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -389,7 +389,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) #endif /* HAVE_POLY1305 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index bcbf3273a..58464f60e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_SHA256 #ifdef WOLFSSL_ARMASM_NO_NEON diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 0a2e15e9b..22f112338 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -2812,7 +2812,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #endif /* !NO_SHA256 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 7d2c60a89..53c54901c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index 832aac1cb..d3208d9d3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -2357,7 +2357,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_SHA3 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 1df40cfc8..429af4b2c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_ARMASM_NO_NEON diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index eaaa6c7e8..aa71f6235 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -42,7 +42,7 @@ #ifdef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm @@ -9169,7 +9169,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #endif /* WOLFSSL_SHA512 */ #endif /* !__aarch64__ && __arm__ && !__thumb__ */ #endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ From 43574e22551515cbe9a3814031c914216a40a998 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 13:44:03 +0200 Subject: [PATCH 114/325] Allow building with WOLFSSL_NO_MALLOC again --- wolfcrypt/src/ed25519.c | 5 +++++ wolfcrypt/src/hash.c | 4 ++++ wolfssl/wolfcrypt/types.h | 3 ++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index d4610d3d9..5a06cb771 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -968,6 +968,7 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ +#ifndef WOLFSSL_NO_MALLOC ed25519_key* wc_ed25519_new(void* heap, int devId) { ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, @@ -983,6 +984,7 @@ ed25519_key* wc_ed25519_new(void* heap, int devId) } return key; } +#endif /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) @@ -1045,10 +1047,13 @@ void wc_ed25519_free(ed25519_key* key) wc_MemZero_Check(key, sizeof(ed25519_key)); #endif +#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); (void)heap; } +#endif + } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index dc3521c11..fdffa6030 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -686,6 +686,7 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } +#ifndef WOLFSSL_NO_MALLOC wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) { wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, @@ -701,6 +702,7 @@ wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) } return hash; } +#endif int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) @@ -1170,10 +1172,12 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; +#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); (void)heap; } +#endif return ret; } diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 4b08b430e..6735d02a6 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -943,7 +943,8 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif - #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) &&\ + !defined (WOLFSSL_NO_MALLOC) #define USE_WOLF_STRDUP #endif #ifdef USE_WOLF_STRDUP From 56a96ba6093714d7143ddd7e0eb43982faec4d77 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 13:55:42 +0200 Subject: [PATCH 115/325] Allow compiling aes.c with WOLFSSL_NO_MALLOC --- wolfcrypt/src/aes.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 193b216dc..ed31f53dd 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11299,6 +11299,7 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ +#ifndef WOLFSSL_NO_MALLOC Aes* wc_AesNew(void* heap, int devId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -11313,6 +11314,7 @@ Aes* wc_AesNew(void* heap, int devId) } return aes; } +#endif /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) @@ -11525,9 +11527,11 @@ void wc_AesFree(Aes* aes) wc_MemZero_Check(aes, sizeof(Aes)); #endif +#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(aes, heap, DYNAMIC_TYPE_AES); } +#endif } From 06195a2e2a703966a36589673f4aa108c53bf5c1 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 14:06:38 +0200 Subject: [PATCH 116/325] fix unused variables --- wolfcrypt/src/aes.c | 5 +++++ wolfcrypt/src/ed25519.c | 7 +++++-- wolfcrypt/src/hash.c | 10 ++++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index ed31f53dd..2762f8571 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11451,14 +11451,18 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) void wc_AesFree(Aes* aes) { void* heap; +#ifndef WOLFSSL_NO_MALLOC byte isAllocated; +#endif if (aes == NULL) { return; } +#ifndef WOLFSSL_NO_MALLOC heap = aes->heap; isAllocated = aes->isAllocated; +#endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); @@ -11532,6 +11536,7 @@ void wc_AesFree(Aes* aes) XFREE(aes, heap, DYNAMIC_TYPE_AES); } #endif + (void)heap; } diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 5a06cb771..c9386f17f 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1026,13 +1026,16 @@ int wc_ed25519_init(ed25519_key* key) void wc_ed25519_free(ed25519_key* key) { void* heap; +#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; - +#endif if (key == NULL) return; +#ifndef WOLFSSL_NO_MALLOC heap = key->heap; isAllocated = key->isAllocated; +#endif #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); @@ -1050,9 +1053,9 @@ void wc_ed25519_free(ed25519_key* key) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); - (void)heap; } #endif + (void)heap; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index fdffa6030..d727171d8 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -712,7 +712,9 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; +#ifndef WOLFSSL_NO_MALLOC hash->isAllocated = 0; +#endif hash->type = type; switch (type) { @@ -1044,11 +1046,13 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ void* heap = NULL; +#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; - +#endif if (hash == NULL) return BAD_FUNC_ARG; + #ifdef DEBUG_WOLFSSL if (hash->type != type) { WOLFSSL_MSG("Hash free type mismatch!"); @@ -1056,7 +1060,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif +#ifndef WOLFSSL_NO_MALLOC isAllocated = hash->isAllocated; +#endif switch (type) { case WC_HASH_TYPE_MD5: @@ -1175,9 +1181,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); - (void)heap; } #endif + (void)heap; return ret; } From a3f6babfdcf85b5f20ebc871f58a70adc1b6972e Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 14:58:53 +0200 Subject: [PATCH 117/325] Move heap variable to all sha implementations --- wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index dd9d8b90a..5f7a78d21 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif - void* heap; #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c435cf061..0ab81abb6 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 9bcebdc62..1dc875dcb 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,6 +144,7 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; + void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; From d3f143aa2a8c9eb82e0e46d11b25572ff44462ec Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 9 Oct 2024 09:20:17 -0400 Subject: [PATCH 118/325] Test was never called --- wolfcrypt/test/test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index dba82bcc9..b379327c0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -14004,6 +14004,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #endif /* HAVE_AES_DECRYPT */ + + aes_cbc_oneshot_test(); } #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */ From c8840a53adae583b2df6290e68fdac452c2e124c Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 9 Oct 2024 11:51:56 -0400 Subject: [PATCH 119/325] Add several fixes to coverity scan --- .github/workflows/coverity-scan-fixes.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml index 687a2394e..99ccc8483 100644 --- a/.github/workflows/coverity-scan-fixes.yml +++ b/.github/workflows/coverity-scan-fixes.yml @@ -1,16 +1,13 @@ -name: Coverity Scan master branch on a weekly basis +name: Coverity Scan master branch on a daily basis on: workflow_dispatch: schedule: - - cron: "0 0,12 * * *" -# - cron: "0 0 * * 1" -#on: -# push: -# branches: [ 'master', 'main', 'release/**' ] + - cron: "0 0 * * *" jobs: coverity: + if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From e81ae7bcb6f9a1189b04aa21e8024e29c71854c1 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 9 Oct 2024 11:14:28 -0700 Subject: [PATCH 120/325] Run win-csharp-test only for wolfssl owner --- .github/workflows/win-csharp-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml index 4ba24f9e9..12b294b6b 100644 --- a/.github/workflows/win-csharp-test.yml +++ b/.github/workflows/win-csharp-test.yml @@ -9,6 +9,7 @@ on: jobs: build: + if: github.repository_owner == 'wolfssl' runs-on: windows-latest # This should be a safe limit for the tests to run. From 7b805d7a7dfec0ad94d0d18cea6633715ed59b07 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 8 Oct 2024 17:53:44 -0600 Subject: [PATCH 121/325] Add lock around static ECC ecc_oid_cache --- wolfcrypt/src/ecc.c | 57 +++++++++++++++++++++++++++++++++++++---- wolfcrypt/src/wc_port.c | 11 ++++++++ wolfssl/wolfcrypt/ecc.h | 5 ++++ 3 files changed, 68 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee031a6aa..81e29c8f3 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1426,7 +1426,13 @@ size_t wc_ecc_get_sets_count(void) { byte oid[ECC_MAX_OID_LEN]; } oid_cache_t; static oid_cache_t ecc_oid_cache[ECC_SET_COUNT]; + + static wolfSSL_Mutex ecc_oid_cache_lock + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock); +#ifndef WOLFSSL_MUTEX_INITIALIZER + static volatile int eccOidLockInit = 0; #endif +#endif /* HAVE_OID_ENCODING */ /* Forward declarations */ #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT) @@ -15418,22 +15424,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen #endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_COMP_KEY */ +#ifdef HAVE_OID_ENCODING +int wc_ecc_oid_cache_init(void) +{ + int ret = 0; +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + ret = wc_InitMutex(&ecc_oid_cache_lock); +#endif + return ret; +} + +void wc_ecc_oid_cache_free(void) +{ +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + wc_FreeMutex(&ecc_oid_cache_lock); +#endif +} +#endif /* HAVE_OID_ENCODING */ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) { int x; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); +#ifdef HAVE_OID_ENCODING + oid_cache_t* o = NULL; +#endif if (oidSum == 0) { return BAD_FUNC_ARG; } +#ifdef HAVE_OID_ENCODING + #ifndef WOLFSSL_MUTEX_INITIALIZER + /* extra sanity check if wolfCrypt_Init not called */ + if (eccOidLockInit == 0) { + wc_InitMutex(&ecc_oid_cache_lock); + eccOidLockInit = 1; + } + #endif + + if (wc_LockMutex(&ecc_oid_cache_lock) != 0) { + return BAD_MUTEX_E; + } +#endif + /* find matching OID sum (based on encoded value) */ for (x = 0; ecc_sets[x].size != 0; x++) { if (ecc_sets[x].oidSum == oidSum) { #ifdef HAVE_OID_ENCODING - int ret = 0; /* check cache */ - oid_cache_t* o = &ecc_oid_cache[x]; + ret = 0; + o = &ecc_oid_cache[x]; if (o->oidSz == 0) { o->oidSz = sizeof(o->oid); ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz, @@ -15445,11 +15486,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = o->oid; } + /* on success return curve id */ if (ret == 0) { ret = ecc_sets[x].id; } - return ret; + break; #else if (oidSz) { *oidSz = ecc_sets[x].oidSz; @@ -15457,12 +15499,17 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = ecc_sets[x].oid; } - return ecc_sets[x].id; + ret = ecc_sets[x].id; + break; #endif } } - return NOT_COMPILED_IN; +#ifdef HAVE_OID_ENCODING + wc_UnLockMutex(&ecc_oid_cache_lock); +#endif + + return ret; } #ifdef WOLFSSL_CUSTOM_CURVES diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 772231ba0..7fe2d35ab 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -365,6 +365,13 @@ int wolfCrypt_Init(void) return ret; } #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + if ((ret = wc_ecc_oid_cache_init()) != 0) { + WOLFSSL_MSG("Error creating ECC oid cache"); + return ret; + } + #endif #endif #ifdef WOLFSSL_SCE @@ -456,6 +463,10 @@ int wolfCrypt_Cleanup(void) #ifdef ECC_CACHE_CURVE wc_ecc_curve_cache_free(); #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + wc_ecc_oid_cache_free(); + #endif #endif /* HAVE_ECC */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index ba8c88b88..4a607aaa8 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -1027,6 +1027,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void); WOLFSSL_API void wc_ecc_curve_cache_free(void); #endif +#ifdef HAVE_OID_ENCODING +WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void); +WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void); +#endif + WOLFSSL_API int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order); From 74d14d968799343cae44d16c9898795eeff8b854 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 9 Oct 2024 16:40:48 -0500 Subject: [PATCH 122/325] wolfcrypt/test/test.c: fix for FIPS <6.0.0 with WOLFSSL_SMALL_STACK. --- wolfcrypt/test/test.c | 111 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index dba82bcc9..8108c4a37 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -920,6 +920,38 @@ static void myFipsCb(int ok, int err, const char* hash) } #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */ +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + +#ifndef NO_AES +static struct Aes *wc_AesNew(void *heap, int thisDevId) { + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes != NULL) { + if (wc_AesInit(aes, heap, thisDevId) != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + return aes; +} +#endif + +#ifndef NO_RSA +static RsaKey* wc_NewRsaKey(void* heap, int thisDevId) +{ + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key != NULL) { + if (wc_InitRsaKey_ex(key, heap, thisDevId) != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + return key; +} +#endif + +#endif /* FIPS_VERSION3_LT(6,0,0) */ + + #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; @@ -9491,8 +9523,15 @@ EVP_TEST_END: out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif #endif /* WOLFSSL_AES_256 */ @@ -9812,8 +9851,14 @@ EVP_TEST_END: out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif return ret; @@ -10066,8 +10111,14 @@ EVP_TEST_END: out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif return ret; @@ -10270,8 +10321,14 @@ EVP_TEST_END: out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif return ret; @@ -10407,6 +10464,9 @@ static wc_test_ret_t aes_key_size_test(void) out: wc_AesFree(aes); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } @@ -13444,8 +13504,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif return ret; } @@ -14010,8 +14076,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif return ret; @@ -14080,7 +14152,13 @@ static wc_test_ret_t aes_ecb_direct_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } @@ -14272,8 +14350,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif #endif /* HAVE_AES_CBC */ @@ -14471,8 +14555,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #ifdef HAVE_AES_DECRYPT wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #endif #endif /* HAVE_AES_CBC */ @@ -14600,7 +14690,13 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } @@ -15532,7 +15628,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } @@ -15751,6 +15853,9 @@ static wc_test_ret_t aesccm_256_test(void) #endif wc_AesFree(aes); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } @@ -15914,6 +16019,9 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(iv2, 0, sizeof(iv2)); wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) enc = wc_AesNew(HEAP_HINT, devId); if (enc == NULL) @@ -16047,6 +16155,9 @@ static wc_test_ret_t aesccm_128_test(void) out: wc_AesFree(enc); +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif return ret; } From 12ba4355d2fa9ecb0815fb39ffd373abca1fa219 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 9 Oct 2024 17:58:31 -0500 Subject: [PATCH 123/325] configure.ac and wolfssl/wolfcrypt/settings.h: define WOLFSSL_FIPS_READY for fips=ready, WOLFSSL_FIPS_DEV for fips=dev, and add predefined override FIPS version values when defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV). --- configure.ac | 6 ++++++ wolfssl/wolfcrypt/settings.h | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/configure.ac b/configure.ac index f9122fb6e..ef4a525cd 100644 --- a/configure.ac +++ b/configure.ac @@ -5217,6 +5217,12 @@ AC_ARG_ENABLE([aeskeywrap], ) # FIPS feature and macro setup + +AS_IF([test "$FIPS_VERSION" = "dev"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"]) +AS_IF([test "$FIPS_VERSION" = "ready"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"]) + AS_CASE([$FIPS_VERSION], [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF AM_CFLAGS="$AM_CFLAGS \ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2ed7647d6..6c5c24cb7 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -328,6 +328,18 @@ #include /*------------------------------------------------------------*/ +#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV) + #undef HAVE_FIPS_VERSION_MAJOR + #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */ + /* of most recent FIPS certificate */ + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR + #undef HAVE_FIPS_VERSION_MINOR + #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */ + #undef HAVE_FIPS_VERSION_PATCH + #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */ +#endif + #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \ (((major) * 65536) + ((minor) * 256) + (patch)) #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \ From b5475f3d81764f1e9aa57b010d31185ffeaa5019 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Oct 2024 00:25:39 -0500 Subject: [PATCH 124/325] wolfcrypt/test/test.c: add WOLFSSL_WOLFCRYPT_TEST_LINT, allowing testing for -Wunused-function in enable-all configurations. No functional changes, but several missing or inconsistent gates fixed. --- wolfcrypt/test/test.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 410e1adb2..4affbb805 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -491,12 +491,16 @@ typedef struct testVector { size_t outLen; } testVector; -#ifndef WOLFSSL_TEST_SUBROUTINE -#define WOLFSSL_TEST_SUBROUTINE +#ifdef WOLFCRYPT_TEST_LINT + #define WOLFSSL_TEST_SUBROUTINE static +#else + PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"") + PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"") #endif -PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"") -PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"") +#ifndef WOLFSSL_TEST_SUBROUTINE + #define WOLFSSL_TEST_SUBROUTINE +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); @@ -521,7 +525,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void); +#ifdef WOLFSSL_SM3 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void); +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void); @@ -606,7 +612,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); #endif /* WC_NO_RNG */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ @@ -711,7 +722,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); #endif #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void); #endif #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ @@ -18638,7 +18649,7 @@ done: #endif /* WOLFSSL_TEST_CERT */ #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) { DecodedCert cert; @@ -18836,7 +18847,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) return 0; } #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && - !NO_FILESYSTEM && WOLFSSL_CERT_GEN */ + !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */ #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) From bcc65a09ca86d9a1f985061db46f57087359d9d5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Oct 2024 01:06:05 -0500 Subject: [PATCH 125/325] wolfcrypt/test/test.c: harmonize gating for hpke_test() and berder_test(), so that --enable-all-crypto passes -DWOLFCRYPT_TEST_LINT. --- wolfcrypt/test/test.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4affbb805..66e81cbe3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -561,7 +561,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); +#endif #ifdef WC_SRTP_KDF WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); #endif @@ -738,7 +740,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); #endif -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); @@ -56960,7 +56964,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void) #endif /* WOLFSSL_PUBLIC_MP */ -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) /* wc_BerToDer is only public facing in the case of test cert or opensslextra */ typedef struct berDerTestData { const byte *in; @@ -57076,7 +57082,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void) return 0; } -#endif /* ASN_BER_TO_DER */ +#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA || + OPENSSL_EXTRA_X509_SMALL */ #ifdef DEBUG_WOLFSSL static THREAD_LS_T int log_cnt = 0; From 864eaaeef92b769ad209d4a60bb4cd617eeccba3 Mon Sep 17 00:00:00 2001 From: Jack Tjaden Date: Thu, 10 Oct 2024 12:50:09 -0600 Subject: [PATCH 126/325] Added more discriptive README for NDS and MelonDS C-flag --- IDE/NDS/README.md | 82 ++++++++++++++++++++++++++++++++++++++++--- wolfcrypt/test/test.c | 6 +++- 2 files changed, 83 insertions(+), 5 deletions(-) diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md index 3a846d587..4bacccb98 100644 --- a/IDE/NDS/README.md +++ b/IDE/NDS/README.md @@ -2,11 +2,34 @@ ## Requirements -[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds. +[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds, nds-tool and nds-dev. ## Building +For MelonDS +``` +$ ./configure \ + --host=arm-none-eabi \ + CC=$DEVKITARM/bin/arm-none-eabi-g++ \ + AR=$DEVKITARM/bin/arm-none-eabi-ar \ + STRIP=$DEVKITARM/bin/arm-none-eabi-strip \ + RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \ + LIBS="-lfat -lnds9" \ + LDFLAGS="-L/opt/devkitpro/libnds/lib" \ + --prefix=$DEVKITPRO/portlibs/nds \ + CFLAGS="-march=armv5te -mtune=arm946e-s \ + --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \ + -DWOLFSSL_MELONDS \ + -DWOLFSSL_USER_IO \ + -I$DEVKITPRO/libnds/include" \ + --enable-fastmath --disable-benchmark \ + --disable-shared --disable-examples --disable-ecc +$ make +$ sudo make install +``` + +For Hardware ``` $ ./configure \ --host=arm-none-eabi \ @@ -30,7 +53,58 @@ $ sudo make install ## Run the Tests To run the Crypttests type the following. -1. Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt -c ./wolfcrypt/test/testwolfcrypt.nds` -2. copy `./certs` to `your_nds_sd_card/_nds/certs` +Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt -c ./wolfcrypt/test/testwolfcrypt.nds` -3. Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware. +copy `./certs` to `your_nds_sd_card/_nds/certs` (Follow Virtual SD card steps below for Emulator) + +Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware. + +If running on MelonDS it must be using the DSi mode in order to use certs from an SD card. + +## Making a virtual SD card (MacOS) + +``` +Create Virtual SD card image + +$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64 + +Format image to FAT32 + +$ hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount ~/my_sd_card.img +$ diskutil eraseDisk FAT32 MYSDCARD MBRFormat /dev/diskX +$ hdiutil detach /dev/diskX + +Mount to Create Folder Structure and Copy Certs + +$ mkdir -p /Volumes/MYSDCARD/_nds +$ cp -r ~/wolfssl/certs /Volumes/MYSDCARD/_nds/ + +Unmount + +hdiutil detach /dev/diskX +``` + +## Making a virtual SD card (Linux) + +``` +Create Virtual SD card image + +$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64 + +Format image to FAT32 + +$ sudo losetup -fP ~/my_sd_card.img +$ sudo losetup -l +$ sudo mkfs.vfat -F 32 /dev/loop0 +$ sudo losetup -d /dev/loop0 + +Mount to Create Folder Structure and Copy Certs + +$ sudo mount ~/my_sd_card.img /mnt +$ sudo mkdir -p /mnt/_nds +$ sudo cp -r ~/wolfssl/certs /mnt/_nds/ + +Unmount + +hdiutil detach /dev/diskX +``` diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 410e1adb2..d734ce7a6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18114,7 +18114,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #define CERT_PATH_SEP "\\" #elif defined(WOLFSSL_NDS) #undef CERT_PREFIX - #define CERT_PREFIX "fat:/_nds/" + #ifndef WOLFSSL_MELONDS + #define CERT_PREFIX "fat:/_nds/" + #else + #define CERT_PREFIX "_nds/" + #endif #define CERT_PATH_SEP "/" #endif From 5f1ddadf71a6e5bd4c14c509cd079bec24a219a8 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 11 Oct 2024 11:01:25 +1000 Subject: [PATCH 127/325] Regression test fixes Fix unit tests to not compile when NO_RSA is defined and RSA used. test_wc_PKCS7_EncodeSignedData: only RSA supported with streaming. test_wolfSSL_RSA when SP math and SP: CRT parameters required. test_wolfSSL_OCSP_REQ_CTX to compile with NO_ASN_TIME. test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS: make sure all objects freed even on memory allocation failure. test_wolfSSL_error_cb: don't use bio if is NULL. test_wolfSSL_BN_enc_dec: don't free a twice on memory allocation error. test_wc_dilithium_der: remove debug printing test_othername_and_SID_ext: make sid_oid NULL after free to ensure no double free on later memory allocation failure. test_wolfSSL_RSA: don't leak when BN_dup fails. test_wolfSSL_i2d_ASN1_TYPE: free ASN1 string whn no ASN1 type to put it into. test_tls13_rpk_handshake: don't leak on failure test_dtls_client_hello_timeout_downgrade: only move memory when test is wolfSSL_certs_clear, wolfSSL_set_SSL_CTX, SetSSL_CTX: Check return from AllocCopyDer. d2i_generic: make sure impBuf is only freed once. wolfSSL_BIO_write: don't dereference front unless it is not NULL. wolfssl_dns_entry_othername_to_gn: don't free obj twice wolfSSL_X509_REQ_add1_attr_by_NID: don't access reqAttributes if NULL. succeeding. --- src/bio.c | 4 +- src/internal.c | 17 ++++- src/ssl.c | 35 +++++++-- src/ssl_asn1.c | 1 + src/x509.c | 7 +- tests/api.c | 195 ++++++++++++++++++++++++++++++++++++++----------- 6 files changed, 204 insertions(+), 55 deletions(-) diff --git a/src/bio.c b/src/bio.c index 2921e5a98..ac4eb0332 100644 --- a/src/bio.c +++ b/src/bio.c @@ -834,7 +834,9 @@ exit_chain: (const char*)data, len, 0, ret); } - XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (front != NULL) { + XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #ifdef WOLFSSL_BASE64_ENCODE if (retB64 > 0 && ret > 0) diff --git a/src/internal.c b/src/internal.c index 6cb48bd0d..d0f834e7b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6849,10 +6849,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ssl->buffers.key != NULL) { FreeDer(&ssl->buffers.key); } - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return ret; + } ssl->buffers.weOwnKey = 1; + ret = WOLFSSL_SUCCESS; } else { ssl->buffers.key = ctx->privateKey; @@ -6862,9 +6866,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return ret; + } ssl->buffers.weOwnKey = 1; /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); @@ -6885,9 +6892,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return ret; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, @@ -6895,6 +6905,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ret != 0) { return ret; } + ret = WOLFSSL_SUCCESS; } #endif ssl->buffers.altKeyType = ctx->altPrivateKeyType; diff --git a/src/ssl.c b/src/ssl.c index 9398f1170..039aaf133 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19789,11 +19789,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) return; /* ctx still owns certificate, certChain, key, dh, and cm */ - if (ssl->buffers.weOwnCert) + if (ssl->buffers.weOwnCert) { FreeDer(&ssl->buffers.certificate); + ssl->buffers.weOwnCert = 0; + } ssl->buffers.certificate = NULL; - if (ssl->buffers.weOwnCertChain) + if (ssl->buffers.weOwnCertChain) { FreeDer(&ssl->buffers.certChain); + ssl->buffers.weOwnCertChain = 0; + } ssl->buffers.certChain = NULL; #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = 0; @@ -19803,6 +19807,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.keyMask); #endif + ssl->buffers.weOwnKey = 0; } ssl->buffers.key = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -19819,6 +19824,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.altKeyMask); #endif + ssl->buffers.weOwnAltKey = 0; } ssl->buffers.altKey = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -20398,11 +20404,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ctx->certificate != NULL) { if (ssl->buffers.certificate != NULL) { FreeDer(&ssl->buffers.certificate); + ssl->buffers.certificate = NULL; } ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, ctx->certificate->length, ctx->certificate->type, ctx->certificate->heap); if (ret != 0) { + ssl->buffers.weOwnCert = 0; return NULL; } @@ -20412,11 +20420,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ctx->certChain != NULL) { if (ssl->buffers.certChain != NULL) { FreeDer(&ssl->buffers.certChain); + ssl->buffers.certChain = NULL; } ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, ctx->certChain->length, ctx->certChain->type, ctx->certChain->heap); if (ret != 0) { + ssl->buffers.weOwnCertChain = 0; return NULL; } @@ -20436,10 +20446,15 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ctx->privateKey != NULL) { if (ssl->buffers.key != NULL) { FreeDer(&ssl->buffers.key); + ssl->buffers.key = NULL; } - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + ssl->buffers.weOwnKey = 0; + return NULL; + } ssl->buffers.weOwnKey = 1; } else { @@ -20450,15 +20465,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, &ssl->buffers.keyMask); if (ret != 0) { - return ret; + return NULL; } } #endif @@ -20480,15 +20498,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, &ssl->buffers.altKeyMask); if (ret != 0) { - return ret; + return NULL; } } #endif diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index d1b036c3e..3e4de554a 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -580,6 +580,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem, if (impBuf != NULL) { tmp = *src + (tmp - impBuf); /* for the next calculation */ XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + impBuf = NULL; } if (asnLen >= 0 && (int)(tmp - *src) != asnLen) { WOLFSSL_MSG("ptr not advanced enough"); diff --git a/src/x509.c b/src/x509.c index 72563c4e6..9ca3731b8 100644 --- a/src/x509.c +++ b/src/x509.c @@ -562,7 +562,6 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, /* Create a WOLFSSL_ASN1_STRING from the DER. */ str = wolfSSL_ASN1_STRING_type_new(tag); if (str == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); goto err; } wolfSSL_ASN1_STRING_set(str, p, (int)len); @@ -15431,12 +15430,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; } } - if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) { + if ((req->reqAttributes != NULL) && + (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) { ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } - else + else { ret = WOLFSSL_FAILURE; + } if (ret != WOLFSSL_SUCCESS) wolfSSL_X509_ATTRIBUTE_free(attr); } diff --git a/tests/api.c b/tests/api.c index 19b510746..88ecf27fd 100644 --- a/tests/api.c +++ b/tests/api.c @@ -34819,15 +34819,6 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, 1), pubDerLen); idx = 0; -{ - fprintf(stderr, "\n"); - for (int ii = 0; ii < pubDerLen; ii++) { - if ((ii % 8) == 0) fprintf(stderr, " "); - fprintf(stderr, "0x%02x,", der[ii]); - if ((ii % 8) == 7) fprintf(stderr, "\n"); - else fprintf(stderr, " "); - } -} ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, @@ -49034,6 +49025,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) word32 badOutSz = 0; byte data[] = "Test data to encode."; #ifndef NO_RSA + int encryptOid = RSAk; #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; @@ -49076,6 +49068,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) XFCLOSE(fp); #endif #elif defined(HAVE_ECC) + int encryptOid = ECDSAk; #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; @@ -49123,7 +49116,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -49140,8 +49133,9 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && !defined(NO_RSA) wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; /* reinitialize and test setting stream mode */ { @@ -49158,7 +49152,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -49181,7 +49175,8 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* use exact signed buffer size since BER encoded */ - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), + 0); wc_PKCS7_Free(pkcs7); /* now try with using callbacks for IO */ @@ -49194,7 +49189,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = FOURK_BUF*2; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -51551,10 +51546,10 @@ static int test_wc_PKCS7_BER(void) byte decoded[2048]; #endif word32 derSz = 0; -#ifndef NO_PKCS7_STREAM +#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA) word32 z; int ret; -#endif /* !NO_PKCS7_STREAM */ +#endif /* !NO_PKCS7_STREAM && !NO_RSA */ ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE); ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); @@ -54923,8 +54918,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) group_obj = OBJ_nid2obj(NID_secp256k1); ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj, V_ASN1_OBJECT, group_obj), 1); - ec_obj = NULL; - group_obj = NULL; + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1), 1); /* nested_asn1->asn1_obj->key */ @@ -54932,8 +54933,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) group_obj = OBJ_nid2obj(NID_secp256k1); ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj, V_ASN1_OBJECT, group_obj), 1); - ec_obj = NULL; - group_obj = NULL; + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key, 500, 1), 1); /* nested_asn1->asn1_obj->asnNum */ @@ -54951,13 +54958,18 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectIntGT( sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList, genStr), 0); + if (EXPECT_FAIL()) { + ASN1_GENERALSTRING_free(genStr); + } } /* nested_asn1->asn1_obj->str */ ExpectNotNull(nested_asn1->asn1_obj->str->d.str2 = ASN1_BIT_STRING_new()); ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2, 150, 1), 1); - nested_asn1->asn1_obj->str->type = 2; + if (nested_asn1 != NULL) { + nested_asn1->asn1_obj->str->type = 2; + } der = NULL; ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285); @@ -54988,6 +55000,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectNotNull(asn1_num = ASN1_INTEGER_new()); ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1); ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0); + if (EXPECT_FAIL()) { + ASN1_INTEGER_free(asn1_num); + } } der = NULL; @@ -55027,6 +55042,9 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void) ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE)); ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1); ExpectNotNull(asn1type = ASN1_TYPE_new()); + if (EXPECT_FAIL()) { + ASN1_STRING_free(str); + } ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); } @@ -61460,6 +61478,7 @@ static int test_wolfSSL_BN_enc_dec(void) ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a)); BN_free(a); + a = NULL; ExpectNotNull(a = BN_new()); ExpectIntEQ(BN_set_word(a, 2), 1); ExpectNull(BN_bin2bn(binNum, -1, a)); @@ -65547,7 +65566,9 @@ static int test_wolfSSL_ERR_print_errors(void) defined(DEBUG_WOLFSSL) static int test_wolfSSL_error_cb(const char *str, size_t len, void *u) { - wolfSSL_BIO_write((BIO*)u, str, (int)len); + if (u != NULL) { + wolfSSL_BIO_write((BIO*)u, str, (int)len); + } return 0; } #endif @@ -68330,7 +68351,7 @@ static int test_GENERAL_NAME_set0_othername(void) { defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ - defined(WOLFSSL_FPKI) + defined(WOLFSSL_FPKI) && !defined(NO_RSA) /* ./configure --enable-opensslall --enable-certgen --enable-certreq * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ @@ -68414,7 +68435,7 @@ static int test_othername_and_SID_ext(void) { defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ - defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) + defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA) /* ./configure --enable-opensslall --enable-certgen --enable-certreq * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ @@ -68526,6 +68547,7 @@ static int test_othername_and_SID_ext(void) { exts = NULL; ASN1_OBJECT_free(upn_oid); ASN1_OBJECT_free(sid_oid); + sid_oid = NULL; ASN1_OCTET_STRING_free(sid_data); X509_REQ_free(x509); EVP_PKEY_free(priv); @@ -75539,7 +75561,8 @@ static int test_wolfSSL_OCSP_parse_url(void) } #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \ - defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) + defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \ + !defined(NO_ASN_TIME) static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t) { if (t != NULL) { @@ -75761,10 +75784,12 @@ static int test_wolfSSL_OCSP_REQ_CTX(void) ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1); ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)), sizeof(ocspRespBin)); +#ifndef NO_ASN_TIME ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0); ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1); ExpectIntEQ(wc_SetTimeCb(NULL), 0); ExpectNotNull(rsp); +#endif OCSP_REQ_CTX_free(ctx); OCSP_REQUEST_free(req); @@ -82290,6 +82315,14 @@ static int test_wolfSSL_RSA(void) unsigned char hash[SHA256_DIGEST_LENGTH]; unsigned char signature[2048/8]; unsigned int signatureLen = 0; + BIGNUM* n2 = NULL; + BIGNUM* e2 = NULL; + BIGNUM* d2 = NULL; + BIGNUM* p2 = NULL; + BIGNUM* q2 = NULL; + BIGNUM* dmp12 = NULL; + BIGNUM* dmq12 = NULL; + BIGNUM* iqmp2 = NULL; XMEMSET(hash, 0, sizeof(hash)); RSA_get0_key(rsa, &n, &e, &d); @@ -82303,42 +82336,121 @@ static int test_wolfSSL_RSA(void) signatureLen, rsa), 1); /* Verifying */ + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + ExpectNotNull(rsa2 = RSA_new()); - ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); - ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); - ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), - BN_dup(iqmp)), 1); + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); RSA_free(rsa2); rsa2 = NULL; + BN_free(iqmp2); + iqmp2 = NULL; + BN_free(dmq12); + dmq12 = NULL; + BN_free(dmp12); + dmp12 = NULL; + BN_free(q2); + q2 = NULL; + BN_free(p2); + p2 = NULL; + BN_free(e2); + e2 = NULL; + BN_free(n2); + n2 = NULL; + + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(d2 = BN_dup(d)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + /* Signing */ XMEMSET(signature, 0, sizeof(signature)); ExpectNotNull(rsa2 = RSA_new()); - ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + d2 = NULL; + } +#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM) + /* SP is not support signing without CRT parameters. */ + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); +#else ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); - ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } XMEMSET(signature, 0, sizeof(signature)); ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); - ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), - BN_dup(iqmp)), 1); +#endif + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); RSA_free(rsa2); rsa2 = NULL; + + BN_free(iqmp2); + BN_free(dmq12); + BN_free(dmp12); + BN_free(q2); + BN_free(p2); + BN_free(d2); + BN_free(e2); + BN_free(n2); } #endif @@ -92513,8 +92625,7 @@ static int test_tls13_rpk_handshake(void) * expecting default settings works and no negotiation performed. */ - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* confirm no negotiation occurred */ ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), @@ -92571,8 +92682,7 @@ static int test_tls13_rpk_handshake(void) * expecting default settings works and no negotiation performed. */ - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* confirm no negotiation occurred */ ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), @@ -92641,8 +92751,7 @@ static int test_tls13_rpk_handshake(void) ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), WOLFSSL_SUCCESS); - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), WOLFSSL_SUCCESS); @@ -94188,9 +94297,11 @@ static int test_dtls_client_hello_timeout_downgrade(void) /* Drop the SH */ dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff); len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); - XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + + if (EXPECT_SUCCESS()) { + XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len - (sizeof(DtlsRecordLayerHeader) + len)); + } test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len; /* Read the remainder of the flight */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); @@ -94219,9 +94330,11 @@ static int test_dtls_client_hello_timeout_downgrade(void) /* Drop the SH */ dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff); len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); - XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + + if (EXPECT_SUCCESS()) { + XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len - (sizeof(DtlsRecordLayerHeader) + len)); + } test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len; /* Read the remainder of the flight */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); From 65742c4a7a21d58c5a065ae80a1b02541b839e43 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 11 Oct 2024 09:55:46 +1000 Subject: [PATCH 128/325] ARM32 ASM: regenerated with fixes Fix thumb interwork def check to be consistent and update #endif. Remove duplicate check in generated C files. --- wolfcrypt/src/port/arm/armv8-32-aes-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-curve25519_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-kyber-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-sha256-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 10 +++------- wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 5 +++-- wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c | 10 +++------- 16 files changed, 48 insertions(+), 72 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index a98ae9454..45441ead1 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_AES #ifdef HAVE_AES_DECRYPT @@ -5305,7 +5306,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index 14a8922e6..3c34f3ef6 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -4852,9 +4850,7 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S index 53ccdaaaa..3c4119eb1 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_CHACHA .text @@ -514,7 +515,7 @@ L_chacha_arm32_over_done: .size wc_chacha_use_over,.-wc_chacha_use_over #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index 16039f247..aebcff155 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -568,9 +566,7 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index 73c3151cb..1dea1e1d1 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) @@ -9180,7 +9181,7 @@ sc_muladd: #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 709b7d60b..6871aaade 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -9428,9 +9426,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S index 3ccd894d0..ec2f1352b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_WC_KYBER .text @@ -9433,7 +9434,7 @@ L_kyber_arm32_rej_uniform_done: pop {r4, r5, r6, r7, r8, pc} .size kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index acf3a39b2..4650b9bc8 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -9231,9 +9229,7 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, } #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index 5e8814dd6..a7a1b9433 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_POLY1305 .text @@ -348,7 +349,7 @@ poly1305_final: pop {r4, r5, r6, r7, r8, r9, pc} .size poly1305_final,.-poly1305_final #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index dc0dffed8..aaf596d4c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -387,9 +385,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) } #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index 58464f60e..62fc8eb1c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_SHA256 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -2866,7 +2867,7 @@ L_SHA256_transform_neon_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 22f112338..05086af07 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -2810,9 +2808,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 53c54901c..46a75cedc 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON @@ -2394,7 +2395,7 @@ L_sha3_arm32_begin: .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index d3208d9d3..e9e227ec3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -2355,9 +2353,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 429af4b2c..3316e6006 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -31,7 +31,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -9367,7 +9368,7 @@ L_SHA512_transform_neon_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index aa71f6235..32506f64e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -32,7 +32,8 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ + defined(__THUMB_INTERWORK__)) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +42,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -9167,9 +9165,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || defined(__THUMB_INTERWORK__)) */ +#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ From 5d3f7c2528d9c249d6c5864cc81f279fa7704524 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 14 Oct 2024 16:46:45 +0000 Subject: [PATCH 129/325] ci: github: fix ubuntu version to 22.04 --- .github/workflows/async.yml | 2 +- .github/workflows/coverity-scan-fixes.yml | 2 +- .github/workflows/curl.yml | 4 ++-- .github/workflows/cyrus-sasl.yml | 4 ++-- .github/workflows/disabled/haproxy.yml | 2 +- .github/workflows/docker-Espressif.yml | 6 +++--- .github/workflows/docker-OpenWrt.yml | 4 ++-- .github/workflows/grpc.yml | 4 ++-- .github/workflows/hitch.yml | 4 ++-- .github/workflows/hostap-vm.yml | 6 +++--- .github/workflows/ipmitool.yml | 4 ++-- .github/workflows/jwt-cpp.yml | 4 ++-- .github/workflows/krb5.yml | 4 ++-- .github/workflows/libssh2.yml | 4 ++-- .github/workflows/libvncserver.yml | 4 ++-- .github/workflows/memcached.yml | 4 ++-- .github/workflows/mosquitto.yml | 4 ++-- .github/workflows/multi-arch.yml | 2 +- .github/workflows/multi-compiler.yml | 12 ++++++------ .github/workflows/net-snmp.yml | 4 ++-- .github/workflows/nginx.yml | 4 ++-- .github/workflows/no-malloc.yml | 2 +- .github/workflows/ntp.yml | 4 ++-- .github/workflows/ocsp.yml | 2 +- .github/workflows/openldap.yml | 4 ++-- .github/workflows/openssh.yml | 4 ++-- .github/workflows/openvpn.yml | 4 ++-- .github/workflows/os-check.yml | 8 ++++---- .github/workflows/packaging.yml | 2 +- .github/workflows/pam-ipmi.yml | 4 ++-- .github/workflows/rng-tools.yml | 4 ++-- .github/workflows/socat.yml | 4 ++-- .github/workflows/sssd.yml | 4 ++-- .github/workflows/stunnel.yml | 4 ++-- .github/workflows/zephyr.yml | 2 +- 35 files changed, 70 insertions(+), 70 deletions(-) diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 3ad8e8686..07a2b5088 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -24,7 +24,7 @@ jobs: ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml index 99ccc8483..5034e884f 100644 --- a/.github/workflows/coverity-scan-fixes.yml +++ b/.github/workflows/coverity-scan-fixes.yml @@ -8,7 +8,7 @@ on: jobs: coverity: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 06cd338cb..43ae74605 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -40,7 +40,7 @@ jobs: test_curl: name: ${{ matrix.curl_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 15 needs: build_wolfssl diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 790d8886a..910c87122 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: ref: [ 2.1.28 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml index 0a92dac0c..c7a927a94 100644 --- a/.github/workflows/disabled/haproxy.yml +++ b/.github/workflows/disabled/haproxy.yml @@ -21,7 +21,7 @@ jobs: ref: [ master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml index 184dced8d..e702dd304 100644 --- a/.github/workflows/docker-Espressif.yml +++ b/.github/workflows/docker-Espressif.yml @@ -15,7 +15,7 @@ jobs: espressif_latest: name: latest Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 12 container: @@ -27,7 +27,7 @@ jobs: espressif_v4_4: name: v4.4 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 container: image: espressif/idf:release-v4.4 steps: @@ -37,7 +37,7 @@ jobs: espressif_v5_0: name: v5.0 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 container: image: espressif/idf:release-v5.0 steps: diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index 0a3768d61..05890ffae 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -18,7 +18,7 @@ jobs: build_library: name: Compile libwolfssl.so if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 container: @@ -42,7 +42,7 @@ jobs: compile_container: name: Compile container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 2 needs: build_library diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index e8d549b7a..2804756eb 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -52,7 +52,7 @@ jobs: h2_ssl_cert_test h2_ssl_session_reuse_test name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index 5f0b58986..54eee9c6f 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -49,7 +49,7 @@ jobs: test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 94f305d1f..80075d030 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -28,7 +28,7 @@ jobs: --enable-tlsv10 --enable-oldtls name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -66,7 +66,7 @@ jobs: build_uml_linux: name: Build UML (UserMode Linux) if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -143,7 +143,7 @@ jobs: name: hwsim test # For openssl 1.1 if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 45 needs: [build_wolfssl, build_uml_linux] diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 36411261c..3fcc04428 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -17,7 +17,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 if: github.repository_owner == 'wolfssl' # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -48,7 +48,7 @@ jobs: git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 2b82ca6b3..fa7bc9c1c 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 0.6.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Install dependencies diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index 2b69761d2..af6f9e795 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 5 steps: @@ -50,7 +50,7 @@ jobs: ref: [ 1.21.1 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 8 needs: build_wolfssl diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index 121595954..1658cbbbb 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 1.11.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 8 needs: build_wolfssl diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml index 942b7aa3f..371ba2a56 100644 --- a/.github/workflows/libvncserver.yml +++ b/.github/workflows/libvncserver.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 0.9.13 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index a111e3002..bdd0c0593 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 @@ -48,7 +48,7 @@ jobs: - ref: 1.6.22 name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 44a47ce92..e95169e1a 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -45,7 +45,7 @@ jobs: ref: [ 2.0.18 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml index 33ea970ae..729048a6c 100644 --- a/.github/workflows/multi-arch.yml +++ b/.github/workflows/multi-arch.yml @@ -37,7 +37,7 @@ jobs: ARCH: armel EXTRA_OPTS: --enable-sp-asm if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 3edf533f2..d2ede71aa 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -21,16 +21,16 @@ jobs: include: - CC: gcc-9 CXX: g++-9 - OS: ubuntu-latest + OS: ubuntu-22.04 - CC: gcc-10 CXX: g++-10 - OS: ubuntu-latest + OS: ubuntu-22.04 - CC: gcc-11 CXX: g++-11 - OS: ubuntu-latest + OS: ubuntu-22.04 - CC: gcc-12 CXX: g++-12 - OS: ubuntu-latest + OS: ubuntu-22.04 - CC: clang-10 CXX: clang++-10 OS: ubuntu-20.04 @@ -42,10 +42,10 @@ jobs: OS: ubuntu-20.04 - CC: clang-13 CXX: clang++-13 - OS: ubuntu-latest + OS: ubuntu-22.04 - CC: clang-14 CXX: clang++-14 - OS: ubuntu-latest + OS: ubuntu-22.04 if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.OS }} # This should be a safe limit for the tests to run. diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 0275e0f12..7ce030b80 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: test_opts: -e 'agentxperl' name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index e6729f11e..868a02aba 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -107,7 +107,7 @@ jobs: stream_proxy_ssl_verify.t name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 needs: build_wolfssl diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml index a5888caa4..25c9c8288 100644 --- a/.github/workflows/no-malloc.yml +++ b/.github/workflows/no-malloc.yml @@ -22,7 +22,7 @@ jobs: ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index 89f330f9a..56e405f08 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 4.2.8p15 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml index fab41650a..b7c8f8ef5 100644 --- a/.github/workflows/ocsp.yml +++ b/.github/workflows/ocsp.yml @@ -16,7 +16,7 @@ jobs: ocsp_stapling: name: ocsp stapling if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 timeout-minutes: 10 steps: - name: Checkout wolfSSL diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index 950435b5c..e20743118 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: - osp_ref: 2.5.13 git_ref: OPENLDAP_REL_ENG_2_5_13 name: ${{ matrix.osp_ref }} - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 20 needs: build_wolfssl diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 586d21edf..83b122773 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -49,7 +49,7 @@ jobs: osp_ver: '9.6' name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 97274daf8..5e731d031 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ jobs: ref: [ release/2.6, v2.6.0, master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index d4c1a8bc2..223ac8c30 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -17,7 +17,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-22.04, macos-latest ] config: [ # Add new configs here '', @@ -57,7 +57,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-22.04, macos-latest ] user-settings: [ # Add new user_settings.h here 'examples/configs/user_settings_all.h', @@ -79,7 +79,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-22.04, macos-latest ] user-settings: [ # Add new user_settings.h here 'examples/configs/user_settings_min_ecc.h', @@ -109,7 +109,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-22.04, macos-latest ] name: make user_setting.h (with sed) if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index 83eff907a..e498e33af 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Package wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index af127651f..9a22aac8c 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -18,7 +18,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build_wolfssl steps: - name: Install dependencies diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml index 859c6e6bd..44d3a20e2 100644 --- a/.github/workflows/rng-tools.yml +++ b/.github/workflows/rng-tools.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 6.16 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index 270c005fc..ba7bba371 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 timeout-minutes: 4 steps: - name: Build wolfSSL @@ -39,7 +39,7 @@ jobs: socat_check: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 31011e187..22f3c315e 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -45,7 +45,7 @@ jobs: # List of releases to test ref: [ 2.9.1 ] name: ${{ matrix.ref }} - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 container: image: quay.io/sssd/ci-client-devel:ubuntu-latest env: diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 0bef67a8f..701a4e51b 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ jobs: ref: [ 5.67 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 52f1a21eb..68a488eba 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -26,7 +26,7 @@ jobs: - zephyr-ref: v2.7.4 zephyr-sdk: 0.16.3 if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 25 steps: From 886ebb6ec0f986a91ccaaf743ae5e04a8ac37133 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Oct 2024 23:06:46 -0500 Subject: [PATCH 130/325] fixes for enable-all-crypto enable-cryptonly WOLFSSL_NO_MALLOC: wolfcrypt/src//asn.c: add stack buffer codepaths in ParseKeyUsageStr(), SetKeyIdFromPublicKey(), and EncodePolicyOID; wolfcrypt/src/dh.c: add stack buffer codepath in wc_DhGenerateParams(); wolfcrypt/src/ecc.c: add always-fail codepath to find_hole() to preempt heap allocation attempts; wolfcrypt/test/test.c: gate out several heap-dependent subtests when defined(WOLFSSL_NO_MALLOC), and add a stack buffer codepath in ed448_test(); wolfssl/wolfcrypt/types.h: harmonize macro definitions of XFREE() to use do { ... } while (0) wrappers to assure syntactic indivisibility. --- wolfcrypt/src/asn.c | 30 +++++++++++++++++++++++-- wolfcrypt/src/dh.c | 14 +++++++++++- wolfcrypt/src/ecc.c | 4 ++++ wolfcrypt/test/test.c | 47 ++++++++++++++++++++++++++------------- wolfssl/wolfcrypt/types.h | 22 +++++++++--------- 5 files changed, 88 insertions(+), 29 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 11a7226f0..8e00c26ed 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -28314,7 +28314,12 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) { int ret = 0; - char *token, *str, *ptr; +#ifdef WOLFSSL_NO_MALLOC + char str[1024]; +#else + char *str; +#endif + char *token, *ptr; word32 len = 0; word16 usage = 0; @@ -28324,10 +28329,15 @@ int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(value); +#ifdef WOLFSSL_NO_MALLOC + if (len >= sizeof(str)) + return MEMORY_E; +#else str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { return MEMORY_E; } +#endif XMEMCPY(str, value, len + 1); /* parse value, and set corresponding Key Usage value */ @@ -32302,7 +32312,11 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, dilithium_key* dilithiumKey, sphincs_key *sphincsKey, int kid_type) { +#ifdef WOLFSSL_NO_MALLOC + byte buf[MAX_PUBLIC_KEY_SZ]; +#else byte *buf; +#endif int bufferSz, ret; if (cert == NULL || @@ -32312,10 +32326,12 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) return BAD_FUNC_ARG; +#ifndef WOLFSSL_NO_MALLOC buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) return MEMORY_E; +#endif /* Public Key */ bufferSz = -1; @@ -33322,7 +33338,12 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { word32 idx = 0, nb_val; - char *token, *str, *ptr; +#ifdef WOLFSSL_NO_MALLOC + char str[1024]; +#else + char *str; +#endif + char *token, *ptr; word32 len; (void)heap; @@ -33332,9 +33353,14 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(in); +#ifdef WOLFSSL_NO_MALLOC + if (len >= sizeof(str)) + return MEMORY_E; +#else str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; +#endif XMEMCPY(str, in, len+1); nb_val = 0; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c830d7a91..df902e116 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) primeCheckCount = 0; int primeCheck = MP_NO, ret = 0; +#ifdef WOLFSSL_NO_MALLOC + unsigned char buf[4096 / WOLFSSL_BIT_SIZE]; +#else unsigned char *buf = NULL; +#endif #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) XMEMSET(tmp, 0, sizeof(tmp)); @@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { bufSz = (word32)modSz - groupSz; +#ifdef WOLFSSL_NO_MALLOC + if (bufSz > sizeof(buf)) + ret = MEMORY_E; +#else /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) ret = MEMORY_E; +#endif } /* make a random string that will be multiplied against q */ @@ -3167,7 +3176,10 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) RESTORE_VECTOR_REGISTERS(); - if (buf != NULL) { +#ifndef WOLFSSL_NO_MALLOC + if (buf != NULL) +#endif + { ForceZero(buf, bufSz); if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee4ea34af..aedca835c 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -12441,6 +12441,9 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { +#ifdef WOLFSSL_NO_MALLOC + return -1; +#else int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { @@ -12469,6 +12472,7 @@ static int find_hole(void) fp_cache[z].lru_count = 0; } return z; +#endif /* !WOLFSSL_NO_MALLOC */ } /* determine if a base is already in the cache and if so, where */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 66e81cbe3..ff8a4ffc3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2652,7 +2652,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, #ifndef WOLFSSL_NO_MALLOC byte* pem; #else - byte pem[1024]; + byte pem[2048]; #endif int pemSz; @@ -2668,7 +2668,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, } #else if (pemSz > (int)sizeof(pem)) - return BAD_FUNC_ARG; + return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG); #endif /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); @@ -18163,7 +18163,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef WOLFSSL_CERT_GEN static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \ + defined(HAVE_PKCS7) static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; #endif #ifdef HAVE_PKCS7 @@ -18208,7 +18209,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_RSA static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; #endif - #ifndef NO_ASN_TIME + #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -18264,7 +18265,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC #ifndef NO_ECC_SECP - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif @@ -18286,7 +18288,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif /* HAVE_ECC */ #ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; @@ -20482,7 +20485,7 @@ exit_rsa_even_mod: } #endif /* WOLFSSL_HAVE_SP_RSA */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -21969,7 +21972,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) goto exit_rsa; #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for RSA cert and RSA CA */ ret = rsa_certgen_test(key, keypub, &rng, tmp); if (ret != 0) @@ -32575,7 +32579,8 @@ static int test_sm2_verify(void) #endif /* WOLFSSL_SM2 */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for ECC cert and ECC CA */ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) @@ -33612,7 +33617,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #elif defined(HAVE_ECC_KEY_IMPORT) (void)ecc_test_make_pub; /* for compiler warning */ #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) ret = ecc_test_cert_gen(&rng); if (ret != 0) { printf("ecc_test_cert_gen failed!\n"); @@ -33647,6 +33653,8 @@ done: #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) +#if !defined(WOLFSSL_NO_MALLOC) + #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) /* maximum encrypted message: * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ @@ -33765,6 +33773,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) } #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ +#endif /* !WOLFSSL_NO_MALLOC */ + /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in * wolfFIPS 5.3. * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test(). @@ -34007,6 +34017,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) } #endif +#ifndef WOLFSSL_NO_MALLOC static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB, byte encAlgo, byte kdfAlgo, byte macAlgo) { @@ -34275,6 +34286,7 @@ done: return ret; } +#endif #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ @@ -34350,7 +34362,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, @@ -34386,7 +34398,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR, @@ -34406,7 +34418,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif /* !NO_AES && WOLFSSL_AES_COUNTER */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) if (ret == 0) { ret = ecc_ctx_kdf_salt_test(&rng, userA, userB); } @@ -37865,15 +37877,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) /* test api for import/exporting keys */ { - byte *exportPKey = NULL; - byte *exportSKey = NULL; word32 exportPSz = ED448_KEY_SIZE; word32 exportSSz = ED448_KEY_SIZE; +#ifdef WOLFSSL_NO_MALLOC + byte exportPKey[exportPSz]; + byte exportSKey[exportSSz]; +#else + byte *exportPKey = NULL; + byte *exportSKey = NULL; exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if ((exportPKey == NULL) || (exportSKey == NULL)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif ret = 0; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6735d02a6..305ad1974 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -511,7 +511,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) m2mb_os_free(xp) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) @@ -527,11 +527,11 @@ typedef struct w64wrapper { return NULL; }; #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) (void)(p); (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif #else @@ -539,9 +539,9 @@ typedef struct w64wrapper { #include #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); if (xp) free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) \ ((void)(h), (void)(t), realloc((p), (size_t)(n))) @@ -565,7 +565,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else @@ -573,7 +573,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ @@ -585,17 +585,17 @@ typedef struct w64wrapper { #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) #endif /* WOLFSSL_DEBUG_MEMORY */ From 2ca3e1100ec3f07ab1b7adb194735a3d13a9de63 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:12 -0500 Subject: [PATCH 131/325] Revert "Move heap variable to all sha implementations" This reverts commit a3f6babfdcf85b5f20ebc871f58a70adc1b6972e. --- wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 5f7a78d21..dd9d8b90a 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif -#endif void* heap; +#endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 0ab81abb6..c435cf061 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ + void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif - void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 1dc875dcb..9bcebdc62 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,7 +144,6 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; - void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; From ee92f38f88552102822256845d3b6b06e78001fc Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:26 -0500 Subject: [PATCH 132/325] Revert "fix unused variables" This reverts commit 06195a2e2a703966a36589673f4aa108c53bf5c1. --- wolfcrypt/src/aes.c | 5 ----- wolfcrypt/src/ed25519.c | 7 ++----- wolfcrypt/src/hash.c | 10 ++-------- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2762f8571..ed31f53dd 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11451,18 +11451,14 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) void wc_AesFree(Aes* aes) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated; -#endif if (aes == NULL) { return; } -#ifndef WOLFSSL_NO_MALLOC heap = aes->heap; isAllocated = aes->isAllocated; -#endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); @@ -11536,7 +11532,6 @@ void wc_AesFree(Aes* aes) XFREE(aes, heap, DYNAMIC_TYPE_AES); } #endif - (void)heap; } diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index c9386f17f..5a06cb771 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1026,16 +1026,13 @@ int wc_ed25519_init(ed25519_key* key) void wc_ed25519_free(ed25519_key* key) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (key == NULL) return; -#ifndef WOLFSSL_NO_MALLOC heap = key->heap; isAllocated = key->isAllocated; -#endif #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); @@ -1053,9 +1050,9 @@ void wc_ed25519_free(ed25519_key* key) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); + (void)heap; } #endif - (void)heap; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index d727171d8..fdffa6030 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -712,9 +712,7 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; -#ifndef WOLFSSL_NO_MALLOC hash->isAllocated = 0; -#endif hash->type = type; switch (type) { @@ -1046,13 +1044,11 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ void* heap = NULL; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (hash == NULL) return BAD_FUNC_ARG; - #ifdef DEBUG_WOLFSSL if (hash->type != type) { WOLFSSL_MSG("Hash free type mismatch!"); @@ -1060,9 +1056,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif -#ifndef WOLFSSL_NO_MALLOC isAllocated = hash->isAllocated; -#endif switch (type) { case WC_HASH_TYPE_MD5: @@ -1181,9 +1175,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + (void)heap; } #endif - (void)heap; return ret; } From dc2a8118de56947397fa7dbb746c3ea9af99bf20 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:30 -0500 Subject: [PATCH 133/325] Revert "Allow compiling aes.c with WOLFSSL_NO_MALLOC" This reverts commit 56a96ba6093714d7143ddd7e0eb43982faec4d77. --- wolfcrypt/src/aes.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index ed31f53dd..193b216dc 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11299,7 +11299,6 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ -#ifndef WOLFSSL_NO_MALLOC Aes* wc_AesNew(void* heap, int devId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -11314,7 +11313,6 @@ Aes* wc_AesNew(void* heap, int devId) } return aes; } -#endif /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) @@ -11527,11 +11525,9 @@ void wc_AesFree(Aes* aes) wc_MemZero_Check(aes, sizeof(Aes)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(aes, heap, DYNAMIC_TYPE_AES); } -#endif } From 551eb3f44b3f0fa66f092fa5ec0b00cf4b9c7fe9 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:19:53 -0500 Subject: [PATCH 134/325] wolfcrypt/src/ed25519.c and wolfcrypt/src/hash.c: remove gating around isAllocated XFREE()s in wc_ed25519_free() and wc_HashFree(). --- wolfcrypt/src/ed25519.c | 2 -- wolfcrypt/src/hash.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 5a06cb771..a00045388 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1047,12 +1047,10 @@ void wc_ed25519_free(ed25519_key* key) wc_MemZero_Check(key, sizeof(ed25519_key)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); (void)heap; } -#endif } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index fdffa6030..4249c39ea 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1172,12 +1172,10 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); (void)heap; } -#endif return ret; } From 0665ff9de7c34fd7f99ee5162d630b06fa7af1d3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:54:41 -0500 Subject: [PATCH 135/325] wolfcrypt/src/asn.c: revert earlier WOLFSSL_NO_MALLOC changes (not needed, after proper gating in test.c). --- wolfcrypt/src/asn.c | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8e00c26ed..11a7226f0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -28314,12 +28314,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) { int ret = 0; -#ifdef WOLFSSL_NO_MALLOC - char str[1024]; -#else - char *str; -#endif - char *token, *ptr; + char *token, *str, *ptr; word32 len = 0; word16 usage = 0; @@ -28329,15 +28324,10 @@ int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(value); -#ifdef WOLFSSL_NO_MALLOC - if (len >= sizeof(str)) - return MEMORY_E; -#else str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { return MEMORY_E; } -#endif XMEMCPY(str, value, len + 1); /* parse value, and set corresponding Key Usage value */ @@ -32312,11 +32302,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, dilithium_key* dilithiumKey, sphincs_key *sphincsKey, int kid_type) { -#ifdef WOLFSSL_NO_MALLOC - byte buf[MAX_PUBLIC_KEY_SZ]; -#else byte *buf; -#endif int bufferSz, ret; if (cert == NULL || @@ -32326,12 +32312,10 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) return BAD_FUNC_ARG; -#ifndef WOLFSSL_NO_MALLOC buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) return MEMORY_E; -#endif /* Public Key */ bufferSz = -1; @@ -33338,12 +33322,7 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { word32 idx = 0, nb_val; -#ifdef WOLFSSL_NO_MALLOC - char str[1024]; -#else - char *str; -#endif - char *token, *ptr; + char *token, *str, *ptr; word32 len; (void)heap; @@ -33353,14 +33332,9 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(in); -#ifdef WOLFSSL_NO_MALLOC - if (len >= sizeof(str)) - return MEMORY_E; -#else str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; -#endif XMEMCPY(str, in, len+1); nb_val = 0; From 9312f3cb863b062f4d061944a9cc30e6816d03e3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 17:28:16 -0500 Subject: [PATCH 136/325] wolfssl/wolfcrypt/types.h: define USE_WOLF_STRDUP for the fallback definition of XSTRDUP regardless of WOLFSSL_NO_MALLOC (wc_strdup_ex() uses XMALLOC(), which may be a user or static pool allocator). --- wolfssl/wolfcrypt/types.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 305ad1974..973b76dd5 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -943,8 +943,7 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif - #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) &&\ - !defined (WOLFSSL_NO_MALLOC) + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) #define USE_WOLF_STRDUP #endif #ifdef USE_WOLF_STRDUP From 0d5d05d44d56c67b71587674f1b95ce0b09996c3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 12 Oct 2024 16:31:45 -0500 Subject: [PATCH 137/325] more WOLFSSL_NO_MALLOC fixes: wolfcrypt/src/dh.c: in wc_DhGenerateParams(), use named constant for buf size, and only XFREE it if !WOLFSSL_NO_MALLOC; wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h: in wc_ecc_new_point_ex(), remove !WOLFSSL_NO_MALLOC gate around XMALLOC(), and if XMALLOC()ed, set ecc_point.isAllocated, then in wc_ecc_del_point_ex, XFREE() iff ecc_point.isAllocated; wolfcrypt/src/pkcs7.c: in wc_PKCS7_RsaVerify(), when WOLFSSL_NO_MALLOC, jumbo-size the digest buffer to cope with in-place dynamics in RsaUnPad(); wolfcrypt/test/test.c: add !WOLFSSL_NO_MALLOC gates around various XFREE()s of objects that are on the stack in WOLFSSL_NO_MALLOC builds; wolfssl/wolfcrypt/types.h: add an unconditional include of memory.h (itself guarded against multiple inclusion) to assure availability of WC_DEBUG_CIPHER_LIFECYCLE prototypes/macros. --- wolfcrypt/src/dh.c | 4 +++- wolfcrypt/src/ecc.c | 15 +++++++-------- wolfcrypt/src/memory.c | 1 + wolfcrypt/src/pkcs7.c | 6 ++++++ wolfcrypt/test/test.c | 10 ++++++++++ wolfssl/wolfcrypt/ecc.h | 1 + wolfssl/wolfcrypt/types.h | 2 ++ 7 files changed, 30 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index df902e116..610b4b69d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2980,7 +2980,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) int primeCheck = MP_NO, ret = 0; #ifdef WOLFSSL_NO_MALLOC - unsigned char buf[4096 / WOLFSSL_BIT_SIZE]; + unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE]; #else unsigned char *buf = NULL; #endif @@ -3181,9 +3181,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) #endif { ForceZero(buf, bufSz); +#ifndef WOLFSSL_NO_MALLOC if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#endif } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index aedca835c..9da876df9 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4092,23 +4092,23 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) } p = *point; -#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); } -#endif if (p == NULL) { return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); + if (*point == NULL) + p->isAllocated = 1; + #ifndef ALT_ECC_SIZE err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); if (err != MP_OKAY) { WOLFSSL_MSG("mp_init_multi failed."); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); p = NULL; } #else @@ -4148,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap) mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); } (void)heap; } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 164dc9571..75d03895e 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -32,6 +32,7 @@ #endif #include +#include /* Possible memory options: diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b77e9de17..ae9429cb2 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, byte* digest; RsaKey* key; DecodedCert* dCert; +#else +#ifdef WOLFSSL_NO_MALLOC + byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size + * key->dataLen + */ #else byte digest[MAX_PKCS7_DIGEST_SZ]; +#endif RsaKey key[1]; DecodedCert stack_dCert; DecodedCert* dCert = &stack_dCert; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ff8a4ffc3..3f8fe431d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2673,23 +2673,31 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); if (pemSz < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); } #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); } ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I); } #endif + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif } #endif /* WOLFSSL_DER_TO_PEM */ @@ -37926,8 +37934,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) } } while(0); + #ifndef WOLFSSL_NO_MALLOC XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (ret != 0) goto out; diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 4a607aaa8..5975ab9b4 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -467,6 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif + byte isAllocated:1; }; /* ECC Flags */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 973b76dd5..ee00f7f82 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -602,6 +602,8 @@ typedef struct w64wrapper { #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #include + /* declare/free variable handling for async and smallstack */ #ifndef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING From 260a0dee47a0c8b0a92882a86da0b013120cbc12 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 12 Oct 2024 16:33:26 -0500 Subject: [PATCH 138/325] examples/client/client.c: fix numbering annotations, and fix string literal grouping for "-H". --- examples/client/client.c | 122 +++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 5fa85924c..f50f67fbb 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1124,7 +1124,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][78] = { +static const char* client_usage_msg[][77] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1244,11 +1244,11 @@ static const char* client_usage_msg[][78] = { " With 'm' at end indicates MUST staple\n", /* 42 */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", - /* 43 */ + /* 43 */ #endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - "-U Atomic User Record Layer Callbacks\n", /* 45 */ + "-U Atomic User Record Layer Callbacks\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS "-P Public Key Callbacks\n", /* 45 */ @@ -1266,44 +1266,44 @@ static const char* client_usage_msg[][78] = { "-q Whitewood config file, defaults\n", /* 49 */ #endif "-H Internal tests" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J Use HelloRetryRequest to choose group for KE\n", /* 52 */ - "-K Key Exchange for PSK not using (EC)DHE\n", /* 53 */ - "-I Update keys and IVs before sending data\n", /* 54 */ + "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ + "-I Update keys and IVs before sending data\n", /* 53 */ #ifndef NO_DH - "-y Key Share with FFDHE named groups only\n", /* 55 */ + "-y Key Share with FFDHE named groups only\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y Key Share with ECC named groups only\n", /* 56 */ + "-Y Key Share with ECC named groups only\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t Use X25519 for key exchange\n", /* 57 */ + "-t Use X25519 for key exchange\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q Support requesting certificate post-handshake\n", /* 58 */ + "-Q Support requesting certificate post-handshake\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA - "-0 Early data sent to server (0-RTT handshake)\n", /* 59 */ + "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 Multicast, grpid < 256\n", /* 60 */ + "-3 Multicast, grpid < 256\n", /* 59 */ #endif "-1 Display a result by specified language.\n" - " 0: English, 1: Japanese\n", /* 61 */ + " 0: English, 1: Japanese\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 Disable DH Prime check\n", /* 62 */ + "-2 Disable DH Prime check\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 Use resumption for renegotiation\n", /* 63 */ + "-4 Use resumption for renegotiation\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 Use Trusted CA Key Indication\n", /* 64 */ + "-5 Use Trusted CA Key Indication\n", /* 63 */ #endif - "-6 Simulate WANT_WRITE errors on every other IO send\n", + "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 Use X448 for key exchange\n", /* 65 */ #endif @@ -1311,47 +1311,47 @@ static const char* client_usage_msg[][78] = { (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" - " loading from /certs folder\n" - " files in the folder would have the form \"hash.N\" file name\n" - " e.g symbolic link to the file at certs folder\n" - " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config Path for JSON wolfSentry config\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 Set minimum downgrade protocol version [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 Set minimum downgrade protocol version [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1499,45 +1499,45 @@ static const char* client_usage_msg[][78] = { "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ #endif "-H 内部テスト" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J HelloRetryRequestã‚’KEã®ã‚°ãƒ«ãƒ¼ãƒ—é¸æŠžã«ä½¿ç”¨ã™ã‚‹\n", /* 52 */ - "-K éµäº¤æ›ã«PSKを使用ã€(EC)DHEã¯ä½¿ç”¨ã—ãªã„\n", /* 53 */ - "-I データé€ä¿¡å‰ã«ã€éµã¨IVã‚’æ›´æ–°ã™ã‚‹\n", /* 54 */ + "-J HelloRetryRequestã‚’KEã®ã‚°ãƒ«ãƒ¼ãƒ—é¸æŠžã«ä½¿ç”¨ã™ã‚‹\n", /* 51 */ + "-K éµäº¤æ›ã«PSKを使用ã€(EC)DHEã¯ä½¿ç”¨ã—ãªã„\n", /* 52 */ + "-I データé€ä¿¡å‰ã«ã€éµã¨IVã‚’æ›´æ–°ã™ã‚‹\n", /* 53 */ #ifndef NO_DH - "-y FFDHEåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 55 */ + "-y FFDHEåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y ECCåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 56 */ + "-Y ECCåå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t X25519ã‚’éµäº¤æ›ã«ä½¿ç”¨ã™ã‚‹\n", /* 57 */ + "-t X25519ã‚’éµäº¤æ›ã«ä½¿ç”¨ã™ã‚‹\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã®è¨¼æ˜Žè¦æ±‚をサãƒãƒ¼ãƒˆã™ã‚‹\n", /* 58 */ + "-Q ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã®è¨¼æ˜Žè¦æ±‚をサãƒãƒ¼ãƒˆã™ã‚‹\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA "-0 Early data をサーãƒãƒ¼ã¸é€ä¿¡ã™ã‚‹" - "(0-RTTãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ï¼‰\n", /* 59 */ + "(0-RTTãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ï¼‰\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 マルãƒã‚­ãƒ£ã‚¹ãƒˆ, grpid < 256\n", /* 60 */ + "-3 マルãƒã‚­ãƒ£ã‚¹ãƒˆ, grpid < 256\n", /* 59 */ #endif "-1 指定ã•ã‚ŒãŸè¨€èªžã§çµæžœã‚’表示ã—ã¾ã™ã€‚\n" - " 0: 英語〠1: 日本語\n", /* 61 */ + " 0: 英語〠1: 日本語\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 DHプライム番å·ãƒã‚§ãƒƒã‚¯ã‚’無効ã«ã™ã‚‹\n", /* 62 */ + "-2 DHプライム番å·ãƒã‚§ãƒƒã‚¯ã‚’無効ã«ã™ã‚‹\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 å†äº¤æ¸‰ã«å†é–‹ã‚’使用\n", /* 63 */ + "-4 å†äº¤æ¸‰ã«å†é–‹ã‚’使用\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 ä¿¡é ¼ã§ãã‚‹èªè¨¼å±€ã®éµè¡¨ç¤ºã‚’使用ã™ã‚‹\n", /* 64 */ + "-5 ä¿¡é ¼ã§ãã‚‹èªè¨¼å±€ã®éµè¡¨ç¤ºã‚’使用ã™ã‚‹\n", /* 63 */ #endif - "-6 WANT_WRITE エラーを全ã¦ã®IO é€ä¿¡ã§ã‚·ãƒŸãƒ¥ãƒ¬ãƒ¼ãƒˆã—ã¾ã™\n", + "-6 WANT_WRITE エラーを全ã¦ã®IO é€ä¿¡ã§ã‚·ãƒŸãƒ¥ãƒ¬ãƒ¼ãƒˆã—ã¾ã™\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 éµäº¤æ›ã« X448 を使用ã™ã‚‹\n", /* 65 */ #endif @@ -1549,44 +1549,44 @@ static const char* client_usage_msg[][78] = { " フォルダー中ã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯ã€\"hash.N\"[N:0-9]åã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™\n" " 以下ã®ä¾‹ã§ã¯ca-cert.pemã«ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã‚’設定ã—ã¾ã™\n" " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config wolfSentry コンフィグファイル\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 最å°ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰å¯èƒ½ãªãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 最å°ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰å¯èƒ½ãªãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc post-quantum åå‰ä»˜ãグループã¨ã®éµå…±æœ‰ã®ã¿ [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (デフォルト㯠SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (デフォルト㯠SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "より簡å˜ãªwolfSSL TLS クライアントã®ä¾‹ã«ã¤ã„ã¦ã¯" "下記ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ãã ã•ã„\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #endif From cc7ccf951a062180ccf83b3832e591c41074e7b6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 14:58:53 +0200 Subject: [PATCH 139/325] Move heap variable to all sha implementations --- wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index dd9d8b90a..5f7a78d21 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif - void* heap; #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c435cf061..0ab81abb6 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 9bcebdc62..1dc875dcb 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,6 +144,7 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; + void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; From e3c2c650aa4ce12b62481f58073ae44c493c9340 Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 14 Oct 2024 22:45:17 -0500 Subject: [PATCH 140/325] infer: fix dead store, and uninitialized value errors. --- src/ssl.c | 2 -- src/tls13.c | 2 ++ tests/api.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index dcc0d6451..1e6d3f98a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20411,7 +20411,6 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } ssl->buffers.weOwnCert = 1; - ret = WOLFSSL_SUCCESS; } if (ctx->certChain != NULL) { if (ssl->buffers.certChain != NULL) { @@ -20425,7 +20424,6 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } ssl->buffers.weOwnCertChain = 1; - ret = WOLFSSL_SUCCESS; } #else /* ctx owns certificate, certChain and key */ diff --git a/src/tls13.c b/src/tls13.c index 9164cefc6..6e24d2da4 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -8568,6 +8568,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_ENTER("SendTls13Certificate"); + XMEMSET(extSz, 0, sizeof(extSz)); + ssl->options.buildingMsg = 1; #ifdef WOLFSSL_POST_HANDSHAKE_AUTH diff --git a/tests/api.c b/tests/api.c index fc68a4471..6d4dd9236 100644 --- a/tests/api.c +++ b/tests/api.c @@ -5031,7 +5031,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) WOLFSSL* ssl = NULL; const char* cert = "./certs/server-cert.pem"; unsigned char* buf = NULL; - size_t len; + size_t len = 0; ExpectIntEQ(load_file(cert, &buf, &len), 0); From 724fdae7d794dbceec64be09d7ab41dc598fd73b Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Wed, 9 Oct 2024 13:41:21 +0000 Subject: [PATCH 141/325] ocsp: propagate ocsp cb return error --- src/ocsp.c | 3 +++ tests/api.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index 41c038fd1..493d8268f 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -536,6 +536,9 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { ret = OCSP_WANT_READ; } + else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){ + ret = HTTP_TIMEOUT; + } XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); diff --git a/tests/api.c b/tests/api.c index fc68a4471..c84830d40 100644 --- a/tests/api.c +++ b/tests/api.c @@ -92179,7 +92179,7 @@ static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url, (void)request; (void)requestSz; (void)response; - return -1; + return WOLFSSL_CBIO_ERR_GENERAL; } static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx) @@ -96685,7 +96685,7 @@ static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz, (void)ocspReqBuf; (void)ocspReqSz; (void)ocspRespBuf; - return -1; + return WOLFSSL_CBIO_ERR_GENERAL; } static int test_ocsp_callback_fails(void) { From a5331d406cb7a26fa232334d1b4560ed0a7f0bc7 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 15 Oct 2024 12:39:01 -0400 Subject: [PATCH 142/325] Revert "Merge pull request #8072 from rizlik/github-fix" This reverts commit 0f8b4dbc6391743c8046933005cb05021c259532, reversing changes made to 743a78dc853a84ab44c72f80523398d1b6ec30dd. --- .github/workflows/async.yml | 2 +- .github/workflows/coverity-scan-fixes.yml | 2 +- .github/workflows/curl.yml | 4 ++-- .github/workflows/cyrus-sasl.yml | 4 ++-- .github/workflows/disabled/haproxy.yml | 2 +- .github/workflows/docker-Espressif.yml | 6 +++--- .github/workflows/docker-OpenWrt.yml | 4 ++-- .github/workflows/grpc.yml | 4 ++-- .github/workflows/hitch.yml | 4 ++-- .github/workflows/hostap-vm.yml | 6 +++--- .github/workflows/ipmitool.yml | 4 ++-- .github/workflows/jwt-cpp.yml | 4 ++-- .github/workflows/krb5.yml | 4 ++-- .github/workflows/libssh2.yml | 4 ++-- .github/workflows/libvncserver.yml | 4 ++-- .github/workflows/memcached.yml | 4 ++-- .github/workflows/mosquitto.yml | 4 ++-- .github/workflows/multi-arch.yml | 2 +- .github/workflows/multi-compiler.yml | 12 ++++++------ .github/workflows/net-snmp.yml | 4 ++-- .github/workflows/nginx.yml | 4 ++-- .github/workflows/no-malloc.yml | 2 +- .github/workflows/ntp.yml | 4 ++-- .github/workflows/ocsp.yml | 2 +- .github/workflows/openldap.yml | 4 ++-- .github/workflows/openssh.yml | 4 ++-- .github/workflows/openvpn.yml | 4 ++-- .github/workflows/os-check.yml | 8 ++++---- .github/workflows/packaging.yml | 2 +- .github/workflows/pam-ipmi.yml | 4 ++-- .github/workflows/rng-tools.yml | 4 ++-- .github/workflows/socat.yml | 4 ++-- .github/workflows/sssd.yml | 4 ++-- .github/workflows/stunnel.yml | 4 ++-- .github/workflows/zephyr.yml | 2 +- 35 files changed, 70 insertions(+), 70 deletions(-) diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 07a2b5088..3ad8e8686 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -24,7 +24,7 @@ jobs: ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml index 5034e884f..99ccc8483 100644 --- a/.github/workflows/coverity-scan-fixes.yml +++ b/.github/workflows/coverity-scan-fixes.yml @@ -8,7 +8,7 @@ on: jobs: coverity: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 43ae74605..06cd338cb 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -40,7 +40,7 @@ jobs: test_curl: name: ${{ matrix.curl_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 15 needs: build_wolfssl diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 910c87122..790d8886a 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: ref: [ 2.1.28 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml index c7a927a94..0a92dac0c 100644 --- a/.github/workflows/disabled/haproxy.yml +++ b/.github/workflows/disabled/haproxy.yml @@ -21,7 +21,7 @@ jobs: ref: [ master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml index e702dd304..184dced8d 100644 --- a/.github/workflows/docker-Espressif.yml +++ b/.github/workflows/docker-Espressif.yml @@ -15,7 +15,7 @@ jobs: espressif_latest: name: latest Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 12 container: @@ -27,7 +27,7 @@ jobs: espressif_v4_4: name: v4.4 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest container: image: espressif/idf:release-v4.4 steps: @@ -37,7 +37,7 @@ jobs: espressif_v5_0: name: v5.0 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest container: image: espressif/idf:release-v5.0 steps: diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index 05890ffae..0a3768d61 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -18,7 +18,7 @@ jobs: build_library: name: Compile libwolfssl.so if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 container: @@ -42,7 +42,7 @@ jobs: compile_container: name: Compile container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 2 needs: build_library diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 2804756eb..e8d549b7a 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -52,7 +52,7 @@ jobs: h2_ssl_cert_test h2_ssl_session_reuse_test name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index 54eee9c6f..5f0b58986 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -49,7 +49,7 @@ jobs: test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 80075d030..94f305d1f 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -28,7 +28,7 @@ jobs: --enable-tlsv10 --enable-oldtls name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -66,7 +66,7 @@ jobs: build_uml_linux: name: Build UML (UserMode Linux) if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -143,7 +143,7 @@ jobs: name: hwsim test # For openssl 1.1 if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 45 needs: [build_wolfssl, build_uml_linux] diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 3fcc04428..36411261c 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -17,7 +17,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl' # This should be a safe limit for the tests to run. timeout-minutes: 4 @@ -48,7 +48,7 @@ jobs: git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index fa7bc9c1c..2b82ca6b3 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 0.6.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Install dependencies diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index af6f9e795..2b69761d2 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 5 steps: @@ -50,7 +50,7 @@ jobs: ref: [ 1.21.1 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 8 needs: build_wolfssl diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index 1658cbbbb..121595954 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 1.11.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 8 needs: build_wolfssl diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml index 371ba2a56..942b7aa3f 100644 --- a/.github/workflows/libvncserver.yml +++ b/.github/workflows/libvncserver.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 0.9.13 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index bdd0c0593..a111e3002 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 @@ -48,7 +48,7 @@ jobs: - ref: 1.6.22 name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index e95169e1a..44a47ce92 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -45,7 +45,7 @@ jobs: ref: [ 2.0.18 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml index 729048a6c..33ea970ae 100644 --- a/.github/workflows/multi-arch.yml +++ b/.github/workflows/multi-arch.yml @@ -37,7 +37,7 @@ jobs: ARCH: armel EXTRA_OPTS: --enable-sp-asm if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index d2ede71aa..3edf533f2 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -21,16 +21,16 @@ jobs: include: - CC: gcc-9 CXX: g++-9 - OS: ubuntu-22.04 + OS: ubuntu-latest - CC: gcc-10 CXX: g++-10 - OS: ubuntu-22.04 + OS: ubuntu-latest - CC: gcc-11 CXX: g++-11 - OS: ubuntu-22.04 + OS: ubuntu-latest - CC: gcc-12 CXX: g++-12 - OS: ubuntu-22.04 + OS: ubuntu-latest - CC: clang-10 CXX: clang++-10 OS: ubuntu-20.04 @@ -42,10 +42,10 @@ jobs: OS: ubuntu-20.04 - CC: clang-13 CXX: clang++-13 - OS: ubuntu-22.04 + OS: ubuntu-latest - CC: clang-14 CXX: clang++-14 - OS: ubuntu-22.04 + OS: ubuntu-latest if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.OS }} # This should be a safe limit for the tests to run. diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 7ce030b80..0275e0f12 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: test_opts: -e 'agentxperl' name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 868a02aba..e6729f11e 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -107,7 +107,7 @@ jobs: stream_proxy_ssl_verify.t name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 needs: build_wolfssl diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml index 25c9c8288..a5888caa4 100644 --- a/.github/workflows/no-malloc.yml +++ b/.github/workflows/no-malloc.yml @@ -22,7 +22,7 @@ jobs: ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index 56e405f08..89f330f9a 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 4.2.8p15 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml index b7c8f8ef5..fab41650a 100644 --- a/.github/workflows/ocsp.yml +++ b/.github/workflows/ocsp.yml @@ -16,7 +16,7 @@ jobs: ocsp_stapling: name: ocsp stapling if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout wolfSSL diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index e20743118..950435b5c 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: - osp_ref: 2.5.13 git_ref: OPENLDAP_REL_ENG_2_5_13 name: ${{ matrix.osp_ref }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 20 needs: build_wolfssl diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 83b122773..586d21edf 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -49,7 +49,7 @@ jobs: osp_ver: '9.6' name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Download lib diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 5e731d031..97274daf8 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ jobs: ref: [ release/2.6, v2.6.0, master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 223ac8c30..d4c1a8bc2 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -17,7 +17,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-latest, macos-latest ] config: [ # Add new configs here '', @@ -57,7 +57,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-latest, macos-latest ] user-settings: [ # Add new user_settings.h here 'examples/configs/user_settings_all.h', @@ -79,7 +79,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-latest, macos-latest ] user-settings: [ # Add new user_settings.h here 'examples/configs/user_settings_min_ecc.h', @@ -109,7 +109,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-latest, macos-latest ] name: make user_setting.h (with sed) if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index e498e33af..83eff907a 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Package wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index 9a22aac8c..af127651f 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -18,7 +18,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ jobs: git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: build_wolfssl steps: - name: Install dependencies diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml index 44d3a20e2..859c6e6bd 100644 --- a/.github/workflows/rng-tools.yml +++ b/.github/workflows/rng-tools.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ jobs: ref: [ 6.16 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index ba7bba371..270c005fc 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest timeout-minutes: 4 steps: - name: Build wolfSSL @@ -39,7 +39,7 @@ jobs: socat_check: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 22f3c315e..31011e187 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -16,7 +16,7 @@ jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -45,7 +45,7 @@ jobs: # List of releases to test ref: [ 2.9.1 ] name: ${{ matrix.ref }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest container: image: quay.io/sssd/ci-client-devel:ubuntu-latest env: diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 701a4e51b..0bef67a8f 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -17,7 +17,7 @@ jobs: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ jobs: ref: [ 5.67 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 68a488eba..52f1a21eb 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -26,7 +26,7 @@ jobs: - zephyr-ref: v2.7.4 zephyr-sdk: 0.16.3 if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 25 steps: From f5074772da2aef840cb8539ff67abea365d1436b Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 15 Oct 2024 12:41:09 -0500 Subject: [PATCH 143/325] infer: fix more uninitialized value errors. --- tests/api.c | 6 +++--- wolfcrypt/src/asn.c | 6 +++--- wolfcrypt/test/test.c | 12 ++++++++---- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/api.c b/tests/api.c index 6d4dd9236..19919a8b7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -21014,7 +21014,7 @@ static int test_RsaDecryptBoundsCheck(void) WC_RNG rng; RsaKey key; byte flatC[256]; - word32 flatCSz; + word32 flatCSz = 0; byte out[256]; word32 outSz = sizeof(out); @@ -23432,7 +23432,7 @@ static int test_wc_DsaSignVerify(void) byte hash[WC_SHA_DIGEST_SIZE]; word32 idx = 0; word32 bytes; - int answer; + int answer = 0; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; @@ -25778,7 +25778,7 @@ static int test_wc_ecc_params(void) #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) /* Test for SECP256R1 curve */ int curve_id = ECC_SECP256R1; - int curve_idx; + int curve_idx = 0; ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID); ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx)); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 11a7226f0..5ee4c8f20 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -25402,9 +25402,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { const char* header = NULL; const char* footer = NULL; - const char* headerEnd; - const char* footerEnd; - const char* consumedEnd; + const char* headerEnd = NULL; + const char* footerEnd = NULL; + const char* consumedEnd = NULL; const char* bufferEnd = (const char*)(buff + longSz); long neededSz; int ret = 0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 66e81cbe3..df7b53af9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -15005,8 +15005,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) byte resultC[sizeof(p) + AES_BLOCK_SIZE]; wc_test_ret_t ret = 0; - int alen; - int plen; + int alen = 0; + int plen = 0; #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) byte buf[sizeof(p) + AES_BLOCK_SIZE]; byte bufA[sizeof(a) + 1]; @@ -21482,7 +21482,7 @@ exit_rsa: WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) { wc_test_ret_t ret; - size_t bytes; + size_t bytes = 0; WC_RNG rng; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* tmp = NULL; @@ -22781,7 +22781,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void) { wc_test_ret_t ret; word32 bytes; - word32 idx = 0, privSz, pubSz, privSz2, pubSz2; + word32 idx = 0; + word32 privSz = 0; + word32 pubSz = 0; + word32 privSz2 = 0; + word32 pubSz2 = 0; #ifndef WC_NO_RNG WC_RNG rng; int rngInit = 0; From 1449f4f4d78181817f0dca8464282a2ee7f351c4 Mon Sep 17 00:00:00 2001 From: night1rider Date: Tue, 15 Oct 2024 13:51:55 -0600 Subject: [PATCH 144/325] Fixing CB needing HAVE_AES_ECB and SHA struct issue for MAX3266X Hardware --- wolfcrypt/src/aes.c | 4 +- wolfcrypt/src/port/maxim/max3266x.c | 60 ++++++++++++------------- wolfssl/wolfcrypt/port/maxim/max3266x.h | 33 ++------------ wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 2 +- 6 files changed, 38 insertions(+), 65 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2762f8571..3046ce4ba 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2917,7 +2917,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( outBlock, (unsigned int)keySize); } #endif -#ifdef MAX3266X_CB /* Can do a basic ECB block */ +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ #ifndef WOLF_CRYPTO_CB_FIND if (aes->devId != INVALID_DEVID) #endif @@ -3668,7 +3668,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( } #endif -#ifdef MAX3266X_CB /* Can do a basic ECB block */ +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ #ifndef WOLF_CRYPTO_CB_FIND if (aes->devId != INVALID_DEVID) #endif diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index 6dc324df0..b43ef6c90 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -789,35 +789,35 @@ WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha); + return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); } WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha, data, len); + return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len); } WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha, hash, + return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_ShaFree(wc_Sha* sha) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha); + wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); return; } @@ -832,7 +832,7 @@ WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha224); + return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx)); } WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) @@ -843,29 +843,29 @@ WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha224, data, len); + return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len); } WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha224, hash, + return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha224, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha224); + wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx)); return; } @@ -880,7 +880,7 @@ WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha256); + return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); } WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) @@ -891,29 +891,29 @@ WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha256, data, len); + return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len); } WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha256, hash, + return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha256, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha256); + wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); return; } @@ -928,7 +928,7 @@ WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha384); + return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); } WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) @@ -939,29 +939,29 @@ WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha384, data, len); + return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len); } WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha384, hash, + return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha384, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha384); + wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); return; } @@ -976,7 +976,7 @@ WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha512); + return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)); } WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) @@ -987,29 +987,29 @@ WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha512, data, len); + return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len); } WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha512, hash, + return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha512, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha512); + wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); return; } diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index 10c1188b4..6cca4955d 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -236,21 +236,16 @@ #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) + /* Need to update this struct accordingly if other SHA Structs change */ + /* This is a generic struct to use so only this is needed */ + typedef struct { unsigned char *msg; unsigned int used; unsigned int size; - #ifdef WOLFSSL_HASH_FLAGS - unsigned int flags; /* enum wc_HashFlags in hash.h */ - #endif } wc_MXC_Sha; #if !defined(NO_SHA) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha; - #define WC_SHA_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = { @@ -260,11 +255,6 @@ #endif /* NO_SHA */ #if defined(WOLFSSL_SHA224) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha224; - #define WC_SHA224_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-224 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = { @@ -275,11 +265,6 @@ #endif /* WOLFSSL_SHA224 */ #if !defined(NO_SHA256) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha256; - #define WC_SHA256_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-256 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = { @@ -290,11 +275,6 @@ #endif /* NO_SHA256 */ #if defined(WOLFSSL_SHA384) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha384; - #define WC_SHA384_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-384 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = { @@ -307,13 +287,6 @@ #endif /* WOLFSSL_SHA384 */ #if defined(WOLFSSL_SHA512) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha512; - typedef wc_MXC_Sha wc_Sha512_224; - typedef wc_MXC_Sha wc_Sha512_256; - #define WC_SHA512_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Does not support these SHA512 Macros */ #ifndef WOLFSSL_NOSHA512_224 #warning "MAX3266X Port does not support SHA-512/224" diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 5f7a78d21..063784edd 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -163,7 +163,7 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #ifdef WOLFSSL_IMXRT1170_CAAM diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 0ab81abb6..b5534d4a5 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -213,7 +213,7 @@ struct wc_Sha256 { #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 1dc875dcb..e971a8df1 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -189,7 +189,7 @@ struct wc_Sha512 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #ifdef WOLFSSL_HASH_FLAGS From ae46f52a66f5142313204f9928f6f7595352a633 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 24 Sep 2024 22:06:34 +1000 Subject: [PATCH 145/325] LMS: SHA-256/192 parameters Add support for parameter sets with SHA-256/192. --- configure.ac | 6 + wolfcrypt/benchmark/benchmark.c | 84 ++- wolfcrypt/src/wc_lms.c | 247 +++++-- wolfcrypt/src/wc_lms_impl.c | 1147 ++++++++++++++++++++++++------- wolfcrypt/test/test.c | 16 +- wolfssl/wolfcrypt/lms.h | 22 + wolfssl/wolfcrypt/wc_lms.h | 148 ++-- 7 files changed, 1285 insertions(+), 385 deletions(-) diff --git a/configure.ac b/configure.ac index e07b0bb11..78749d55e 100644 --- a/configure.ac +++ b/configure.ac @@ -1545,6 +1545,12 @@ do small) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL" ;; + no-sha256-256) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256" + ;; + sha256-192) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192" + ;; *) AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.]) break;; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 60f500c43..11e4fbfb8 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1692,7 +1692,8 @@ static const char* bench_result_words3[][5] = { defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ defined(HAVE_ECC) || !defined(NO_DH) || \ !defined(NO_RSA) || defined(HAVE_SCRYPT) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) #define BENCH_ASYM #endif @@ -1700,7 +1701,8 @@ static const char* bench_result_words3[][5] = { #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) static const char* bench_result_words2[][5] = { #ifdef BENCH_MICROSECOND { "ops took", "μsec" , "avg" , "ops/μsec", NULL }, /* 0 English @@ -2656,7 +2658,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) static void bench_stats_asym_finish_ex(const char* algo, int strength, const char* desc, const char* desc_extra, int useDeviceID, int count, double start, int ret) @@ -9442,6 +9445,7 @@ void bench_kyber(int type) #endif #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) +#ifndef WOLFSSL_NO_LMS_SHA256_256 /* WC_LMS_PARM_L2_H10_W2 * signature length: 9300 */ static const byte lms_priv_L2_H10_W2[64] = @@ -9597,6 +9601,7 @@ static const byte lms_pub_L4_H5_W8[60] = 0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B, 0x74,0x24,0x12,0xC8 }; +#endif static int lms_write_key_mem(const byte* priv, word32 privSz, void* context) { @@ -9757,6 +9762,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) } switch (parm) { +#ifndef WOLFSSL_NO_LMS_SHA256_256 case WC_LMS_PARM_L2_H10_W2: XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2)); XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN); @@ -9817,6 +9823,28 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) case WC_LMS_PARM_L4_H5_W4: case WC_LMS_PARM_L4_H10_W4: case WC_LMS_PARM_L4_H10_W8: +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + case WC_LMS_PARM_SHA256_192_L1_H5_W1: + case WC_LMS_PARM_SHA256_192_L1_H5_W2: + case WC_LMS_PARM_SHA256_192_L1_H5_W4: + case WC_LMS_PARM_SHA256_192_L1_H5_W8: + case WC_LMS_PARM_SHA256_192_L1_H10_W2: + case WC_LMS_PARM_SHA256_192_L1_H10_W4: + case WC_LMS_PARM_SHA256_192_L1_H10_W8: + case WC_LMS_PARM_SHA256_192_L1_H15_W2: + case WC_LMS_PARM_SHA256_192_L1_H15_W4: + case WC_LMS_PARM_SHA256_192_L2_H10_W2: + case WC_LMS_PARM_SHA256_192_L2_H10_W4: + case WC_LMS_PARM_SHA256_192_L2_H10_W8: + case WC_LMS_PARM_SHA256_192_L3_H5_W2: + case WC_LMS_PARM_SHA256_192_L3_H5_W4: + case WC_LMS_PARM_SHA256_192_L3_H5_W8: + case WC_LMS_PARM_SHA256_192_L3_H10_W4: + case WC_LMS_PARM_SHA256_192_L4_H5_W8: +#endif + default: XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); break; @@ -9991,6 +10019,7 @@ void bench_lms(void) { byte pub[HSS_MAX_PUBLIC_KEY_LEN]; +#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifdef BENCH_LMS_SLOW_KEYGEN #if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub); @@ -10036,6 +10065,55 @@ void bench_lms(void) bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); #endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#ifdef BENCH_LMS_SLOW_KEYGEN +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#ifdef BENCH_LMS_SLOW_KEYGEN + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); +#endif + +#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ return; } diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index cbe9d1f7b..45590018a 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -42,8 +42,8 @@ * * @param [in] w Winternitz width. */ -#define LMS_U(w) \ - (8 * WC_SHA256_DIGEST_SIZE / (w)) +#define LMS_U(w, hLen) \ + (8 * (hLen) / (w)) /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8. * * @param [in] w Winternitz width. @@ -63,17 +63,17 @@ * @param [in] w Winternitz width. * @param [in] wb Winternitz width length in bits. */ -#define LMS_P(w, wb) \ - (LMS_U(w) + LMS_V(w, wb)) +#define LMS_P(w, wb, hLen) \ + (LMS_U(w, hLen) + LMS_V(w, wb)) /* Calculate signature length. * * @param [in] l Number of levels. * @param [in] h Height of the trees. * @param [in] p Number of n-byte string elements in signature for a tree. */ -#define LMS_PARAMS_SIG_LEN(l, h, p) \ - (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) + \ - ((l) - 1) * LMS_PUBKEY_LEN) +#define LMS_PARAMS_SIG_LEN(l, h, p, hLen) \ + (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \ + ((l) - 1) * LMS_PUBKEY_LEN(hLen)) #ifndef WOLFSSL_WC_LMS_SMALL /* Root levels and leaf cache bits. */ @@ -94,9 +94,10 @@ * @param [in] t LMS type. * @param [in] t2 LM-OTS type. */ -#define LMS_PARAMS(l, h, w, wb, t, t2) \ - { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2, \ - LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) } +#define LMS_PARAMS(l, h, w, wb, t, t2, hLen) \ + { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2, \ + LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen), \ + (hLen), LMS_PARAMS_CACHE(h) } /* Initialize the working state for LMS operations. @@ -138,112 +139,230 @@ static void wc_lmskey_state_free(LmsState* state) /* Supported LMS parameters. */ static const wc_LmsParamsMap wc_lms_map[] = { +#ifndef WOLFSSL_NO_LMS_SHA256_256 #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_NONE , "LMS_NONE" , - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2", - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4", - LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2", - LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4", - LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8", - LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" , - LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" , - LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" , - LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4", - LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" , - LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif /* For when user sets L, H, W explicitly. */ { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" , - LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) }, + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" , - LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" , - LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" , - LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2", - LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4", - LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8", - LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8", - LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2", - LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4", - LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8", - LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" , - LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" , - LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" , - LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2", - LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4", - LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8", - LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2", - LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4", - LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8", - LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8", - LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" , - LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" , - LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4", - LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8", - LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2", + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4", + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_LEVELS >= 2 +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2", + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4", + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8", + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 3 + { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" , + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" , + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" , + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4", + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 4 + { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" , + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif + + { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" , + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" , + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" , + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" , + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2", + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4", + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8", + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_HEIGHT >= 20 + { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ }; /* Number of parameter sets supported. */ #define WC_LMS_MAP_LEN ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map))) @@ -476,7 +595,7 @@ void wc_LmsKey_Free(LmsKey* key) ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels, params->height, params->p, params->rootLevels, - params->cacheBits)); + params->cacheBits, params->hash_len)); XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); } @@ -630,8 +749,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) /* Allocate memory for the private key data. */ key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -669,8 +788,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -729,8 +848,8 @@ int wc_LmsKey_Reload(LmsKey* key) /* Allocate memory for the private key data. */ key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -738,8 +857,8 @@ int wc_LmsKey_Reload(LmsKey* key) } if (ret == 0) { /* Load private key. */ - int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->read_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_READ_TO_MEMORY) { ret = IO_FAILED_E; } @@ -808,7 +927,7 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len) if (ret == 0) { /* Return private key length from parameter set. */ - *len = HSS_PRIVATE_KEY_LEN; + *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len); } return ret; @@ -885,8 +1004,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -933,7 +1052,7 @@ int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len) } if (ret == 0) { - *len = HSS_PUBLIC_KEY_LEN; + *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -996,14 +1115,15 @@ int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen) ret = BAD_FUNC_ARG; } /* Check size of out is sufficient. */ - if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { ret = BUFFER_E; } if (ret == 0) { /* Return encoded public key. */ - XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN); - *outLen = HSS_PUBLIC_KEY_LEN; + XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len)); + *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -1032,7 +1152,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) if ((key == NULL) || (in == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { /* Something inconsistent. Parameters weren't set, or input * pub key is wrong.*/ return BUFFER_E; diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index 86037d464..bb9345c9a 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -79,24 +79,19 @@ #define LMS_D_CHILD_I 0xffff /* Length of data to hash when computing seed: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_SEED_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 = 54/46 */ +#define LMS_SEED_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen)) /* Length of data to hash when computing a node: - * 16 + 4 + 2 + 32 + 32 = 86 */ -#define LMS_NODE_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 + 32/24 = 86/70 */ +#define LMS_NODE_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen)) /* Length of data to hash when computing most results: - * 16 + 4 + 2 + 1 + 32 = 55 */ -#define LMS_HASH_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN) - -/* Length of data to hash when computing Q: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_Q_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 1 + 32/24 = 55/47 */ +#define LMS_HASH_BUFFER_LEN(hLen) \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen)) /* Length of preliminary data to hash when computing K: * 16 + 4 + 2 = 22 */ @@ -226,6 +221,7 @@ do { \ (buffer)[63] = 0xb8; \ } while (0) +#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifndef WC_LMS_FULL_HASH /* Hash one full block of data and compute result. * @@ -290,6 +286,7 @@ static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len, return ret; } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ /* Update hash with first data. * @@ -361,6 +358,7 @@ static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data, return ret; } +#ifndef WOLFSSL_NO_LMS_SHA256_256 /* Finalize hash. * * @param [in] sha256 SHA-256 hash object. @@ -403,6 +401,201 @@ static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash) return wc_Sha256Final(sha256, hash); #endif } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +/* Set the length of 46 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_46(buffer) \ +do { \ + (buffer)[46] = 0x80; \ + (buffer)[47] = 0x00; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x70; \ +} while (0) + +/* Set the length of 47 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_47(buffer) \ +do { \ + (buffer)[47] = 0x80; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x78; \ +} while (0) + +#ifndef WC_LMS_FULL_HASH +/* Hash one full block of data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256, + const byte* data, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + /* Hash the block and reset SHA-256 state. */ + ret = wc_Sha256HashBlock(sha256, data, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +} +#endif /* !WC_LMS_FULL_HASH */ + +/* Hash data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data, + word32 len, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + +#ifndef WC_LMS_FULL_HASH + if (len < WC_SHA256_BLOCK_SIZE) { + /* Store data into SHA-256 object's buffer. */ + LMS_SHA256_SET_DATA(sha256, data, len); + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) { + ret = wc_Sha256HashBlock(sha256, data, NULL); + if (ret == 0) { + byte* buffer = (byte*)sha256->buffer; + int rem = len - WC_SHA256_BLOCK_SIZE; + + XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem); + buffer[rem++] = 0x80; + XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem); + buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5); + buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3); + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } + else { + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } +#else + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } +#endif /* !WC_LMS_FULL_HASH */ + + return ret; +} + +/* Finalize hash. + * + * @param [in] sha256 SHA-256 hash object. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash) +{ +#ifndef WC_LMS_FULL_HASH + int ret = 0; + byte* buffer = (byte*)sha256->buffer; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + buffer[sha256->buffLen++] = 0x80; + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + ret = wc_Sha256HashBlock(sha256, buffer, NULL); + sha256->buffLen = 0; + } + if (ret == 0) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen); + sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29); + sha256->loLen = sha256->loLen << 3; + #ifdef LITTLE_ENDIAN_ORDER + sha256->buffer[14] = ByteReverseWord32(sha256->hiLen); + sha256->buffer[15] = ByteReverseWord32(sha256->loLen); + #else + sha256->buffer[14] = sha256->hiLen; + sha256->buffer[15] = sha256->loLen; + #endif + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + sha256->buffLen = 0; + sha256->hiLen = 0; + sha256->loLen = 0; + } + + return ret; +#else + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +#endif +} +#endif /* WOLFSSL_LMS_SHA256_192 */ /*************************************** * LM-OTS APIs @@ -619,16 +812,30 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz, ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN); if (ret == 0) { /* H(... || C || ...) */ - ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len); } if (ret == 0) { /* H(... || message) */ ret = wc_lms_hash_update(&state->hash, msg, msgSz); } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Q = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash, q); + } + else +#endif +#ifndef WOLFSSL_NO_LMS_SHA256_256 if (ret == 0) { /* Q = H(...) */ ret = wc_lms_hash_final(&state->hash, q); } + else +#endif + { + ret = NOT_COMPILED_IN; + } return ret; } @@ -684,15 +891,26 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute y for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -702,29 +920,84 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Apply the hash function coefficient number of times. */ for (j = 0; (ret == 0) && (j < a[i]); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* y[i] = tmp */ - XMEMCPY(y, tmp, LMS_MAX_NODE_LEN); - y += LMS_MAX_NODE_LEN; + XMEMCPY(y, tmp, params->hash_len); + y += params->hash_len; } } @@ -789,15 +1062,26 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, } if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute z for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -808,30 +1092,69 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, /* tmp = y[i]. * I || u32(str) || u16str(i) || ... || tmp */ - XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN); - sig_y += LMS_MAX_NODE_LEN; + XMEMCPY(tmp, sig_y, params->hash_len); + sig_y += params->hash_len; /* Finish iterations of hash from coefficient to max. */ for (j = a[i]; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + /* Apply the hash function coefficient number of times. */ + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* H(... || z[i] || ...) (for calculating Kc). */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Kc = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* Kc = H(...) */ ret = wc_lms_hash_final(&state->hash_k, kc); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -879,8 +1202,19 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN); #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } #endif /* !WC_LMS_FULL_HASH */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -890,31 +1224,97 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Do all iterations to calculate y. */ for (j = 0; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* K = H(... || y[i] || ...) */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, k); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ ret = wc_lms_hash_final(&state->hash_k, k); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -935,7 +1335,7 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) static void wc_lmots_public_key_encode(const LmsParams* params, const byte* priv, byte* pub) { - const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN; + const byte* priv_i = priv + LMS_Q_LEN + params->hash_len; /* u32str(type) || ... || T(1) */ c32toa(params->lmsType, pub); @@ -1016,7 +1416,7 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, /* Get C or randomizer value from signature. */ const byte* c = sig + LMS_TYPE_LEN; /* Get array y from signature. */ - const byte* y = c + LMS_MAX_NODE_LEN; + const byte* y = c + state->params->hash_len; /* Compute the public key candidate Kc from the signature. */ ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc); @@ -1032,12 +1432,13 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, * But use Appendix A to generate x on the fly. * PRIV = SEED | I * - * @param [in] rng Random number generator. - * @param [out] priv Private key data. + * @param [in] rng Random number generator. + * @param [in] seed_len Length of seed to generate. + * @param [out] priv Private key data. */ -static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv) +static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv) { - return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN); + return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN); } /* Generate LM-OTS signature. @@ -1071,20 +1472,60 @@ static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg, c16toa(LMS_D_C, ip); /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */ *jp = LMS_D_FIXED; - /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); - /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) - * sig = u32str(type) || C || ... */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - byte* sig_y = sig_c + LMS_MAX_NODE_LEN; + byte* sig_y = sig_c + state->params->hash_len; /* Compute array y. * sig = u32str(type) || C || y[0] || ... || y[p-1] */ @@ -1113,21 +1554,21 @@ static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state, { /* Authentication path data. */ state->auth_path = priv_data; - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ state->stack.stack = priv_data; - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; ato32(priv_data, &state->stack.offset); priv_data += 4; /* Cached root nodes. */ state->root = priv_data; - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ state->leaf.cache = priv_data; - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); ato32(priv_data, &state->leaf.idx); priv_data += 4; ato32(priv_data, &state->leaf.offset); @@ -1144,18 +1585,18 @@ static void wc_lms_priv_state_store(const LmsParams* params, LmsPrivState* state, byte* priv_data) { /* Authentication path data. */ - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; c32toa(state->stack.offset, priv_data); priv_data += 4; /* Cached root nodes. */ - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); c32toa(state->leaf.idx, priv_data); priv_data += 4; c32toa(state->leaf.offset, priv_data); @@ -1173,7 +1614,7 @@ static void wc_lms_priv_state_copy(const LmsParams* params, LmsPrivState* dst, const LmsPrivState* src) { XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height, - params->rootLevels, params->cacheBits)); + params->rootLevels, params->cacheBits, params->hash_len)); dst->stack.offset = src->stack.offset; dst->leaf.idx = src->leaf.idx; dst->leaf.offset = src->leaf.offset; @@ -1229,13 +1670,40 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */ c16toa(LMS_D_LEAF, dp); /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */ - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, leaf); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf); - #endif /* !WC_LMS_FULL_HASH */ + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ } return ret; @@ -1259,17 +1727,38 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r, byte* node) { + int ret; byte* buffer = state->buffer; byte* rp = buffer + LMS_I_LEN; byte* left = rp + LMS_R_LEN + LMS_D_LEN; /* I || u32str(r) || u16str(D_INTR) || ... || temp */ c32toa(r, rp); - /* left_side = pop(data stack) - * I || u32str(r) || u16str(D_INTR) || left_side || temp */ - XMEMCPY(left, sp, LMS_MAX_NODE_LEN); - /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node); + #else + ret = NOT_COMPILED_IN; + #endif + } + + return ret; } #ifdef WOLFSSL_WC_LMS_SMALL @@ -1310,7 +1799,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1324,7 +1813,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1344,7 +1833,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1359,23 +1848,23 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; ret = wc_lms_interior_hash(state, sp, r, temp); /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; } if ((ret == 0) && (pub != NULL)) { /* Public key, root node, is top of data stack. */ - XMEMCPY(pub, stack, LMS_MAX_NODE_LEN); + XMEMCPY(pub, stack, params->hash_len); } #ifdef WOLFSSL_SMALL_STACK XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1449,7 +1938,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1473,7 +1962,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1492,12 +1981,12 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Cache leaf node if in range. */ if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) { - XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len); } /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1512,25 +2001,25 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - spi -= LMS_MAX_NODE_LEN; + spi -= params->hash_len; ret = wc_lms_interior_hash(state, stack + spi, r, temp); /* Copy out top root nodes. */ if ((h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(root + off * params->hash_len, temp, params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN); - spi += LMS_MAX_NODE_LEN; + XMEMCPY(stack + spi, temp, params->hash_len); + spi += params->hash_len; if (i == q - 1) { XMEMCPY(privState->stack.stack, stack, spi); @@ -1584,7 +2073,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1599,7 +2088,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1607,7 +2096,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #endif /* WOLFSSL_SMALL_STACK */ /* Public key, root node, is top of data stack. */ - XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stack, stackCache->stack, params->height * params->hash_len); sp = stack + stackCache->offset; /* Compute all nodes requested. */ @@ -1620,9 +2109,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) { /* Calculate offset of node in cache. */ word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) * - LMS_MAX_NODE_LEN; + params->hash_len; /* Copy cached node into working buffer. */ - XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN); + XMEMCPY(temp, leaf->cache + off, params->hash_len); /* I || u32str(i) || ... */ c32toa(i, rp); } @@ -1634,8 +2123,8 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, * the number of leaf nodes. */ if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) { /* Copy working node into cache over old first node. */ - XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp, + params->hash_len); /* Increase start index as first node replaced. */ leaf->idx++; /* Update offset of first leaf node. */ @@ -1645,7 +2134,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, /* Store the node if on the authentication path. */ if ((ret == 0) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1657,14 +2146,14 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, j >>= 1; h++; - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; if (useRoot && (h > params->height - params->rootLevels) && (h <= params->height)) { /* Calculate offset of cached root node. */ word32 off = ((word32)1U << (params->height - h)) + (i >> h) - 1; - XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN), - LMS_MAX_NODE_LEN); + XMEMCPY(temp, privState->root + (off * params->hash_len), + params->hash_len); } else { /* Calculate interior node hash. @@ -1679,20 +2168,20 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, (h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->root + off * params->hash_len, temp, + params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (((q >> h) ^ 0x1) == j)) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } if (ret == 0) { /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; /* Save stack after updating first node. */ if (i == min_idx) { @@ -1705,7 +2194,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if (!useRoot) { /* Copy stack back. */ - XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stackCache->stack, stack, params->height * params->hash_len); stackCache->offset = (word32)((size_t)sp - (size_t)stack); } @@ -1746,7 +2235,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, byte* s = sig; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* Setup for hashing: I || Q */ XMEMCPY(buffer, priv_i, LMS_I_LEN); @@ -1765,7 +2254,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s); if (ret == 0) { /* Skip over ots_signature. */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + s += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, s); } @@ -1791,8 +2280,8 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y, c32toa(params->lmOtsType, sig); sig += LMS_TYPE_LEN; /* S = u32str(q) || ots_signature || ... */ - XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN); - sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len); + sig += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, sig); } @@ -1835,22 +2324,64 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, byte* rp = buffer + LMS_I_LEN; byte* ip = rp + LMS_Q_LEN; byte* node = ip + LMS_P_LEN; - byte* b[2][2] = { { node, node + LMS_MAX_NODE_LEN }, - { node + LMS_MAX_NODE_LEN, node } }; + byte* b[2][2]; /* node_num = 2^h + q */ word32 r = (1 << params->height) + q; /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */ c32toa(r, rp); c16toa(LMS_D_LEAF, ip); - XMEMCPY(node, kc, LMS_MAX_NODE_LEN); + XMEMCPY(node, kc, params->hash_len); /* Put tmp into offset required for first iteration. */ #ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { @@ -1860,33 +2391,78 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, c16toa(LMS_D_INTR, ip); /* Do all but last height. */ - for (i = 0; (ret == 0) && (i < params->height - 1); i++) { - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - path += LMS_MAX_NODE_LEN; + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + path += WC_SHA256_192_DIGEST_SIZE; - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into offset required for next iteration. */ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, - b[r & 1][0]); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc); + } } - if (ret == 0) { - /* Last height. */ - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into Tc.*/ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc); + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + path += WC_SHA256_DIGEST_SIZE; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc); + } + #else + ret = NOT_COMPILED_IN; + #endif } } @@ -1959,7 +2535,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, if (ret == 0) { /* Algorithm 6a. Step 2.j. */ const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; word32 q; /* Algorithm 6a. Step 2.a. */ @@ -1969,7 +2545,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, ret = wc_lms_compute_root(state, q, kc, sig_path, tc); } /* Algorithm 6. Step 4. */ - if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) { + if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) { ret = SIG_VERIFY_E; } @@ -2010,26 +2586,85 @@ static int wc_hss_derive_seed_i(LmsState* state, const byte* id, /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */ *jp = LMS_D_FIXED; /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); + XMEMCPY(tmp, seed, state->params->hash_len); /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_192_DIGEST_SIZE; + } + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_DIGEST_SIZE; + } + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - seed_i += LMS_SEED_LEN; /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */ c16toa(LMS_D_CHILD_I, ip); /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Copy part of hash as new I into private key. */ XMEMCPY(seed_i, tmp, LMS_I_LEN); } @@ -2080,7 +2715,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, } else { /* Copy out SEED and I into private key. */ - XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN); + XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN); } /* Compute SEED and I for rest of levels. */ @@ -2104,7 +2739,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, priv_q = priv; priv += LMS_Q_LEN; priv_seed_i = priv; - priv += LMS_SEED_I_LEN; + priv += params->hash_len + LMS_I_LEN; /* Get q for level from 64-bit composite. */ q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) * @@ -2114,7 +2749,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, if (!skip) { /* Derive SEED and I into private key. */ - ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN, + ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len, priv_seed_i, priv_q, priv + LMS_Q_LEN); } } @@ -2146,8 +2781,8 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, priv_q = priv; priv += LMS_Q_LEN; priv_seed = curr + LMS_Q_LEN; - priv += LMS_SEED_LEN; - priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN; + priv += params->hash_len; + priv_i = curr + LMS_Q_LEN + params->hash_len; priv += LMS_I_LEN; ato32(curr, &pq); @@ -2164,7 +2799,7 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, if (ret == 0) { /* Update treehash for first leaf. */ ret = wc_lms_treehash_update(state, privState, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0); } return ret; @@ -2186,7 +2821,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, byte* priv = priv_key->next_priv; int i; w64wrapper p64 = q64; - byte tmp_priv[LMS_PRIV_LEN]; + byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)]; int use_tmp = 0; int lastQMax = 0; w64wrapper p64_hi; @@ -2206,7 +2841,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height); cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height); /* Get the q for the child. */ - ato32(curr + LMS_PRIV_LEN, &qc); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc); /* Compare index of parent node with previous value. */ if (w64LT(p64_hi, q64_hi)) { @@ -2225,25 +2860,25 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, if (lastQMax) { /* Calculate new SEED and I based on new subtree. */ ret = wc_hss_derive_seed_i(state, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv, - tmp_priv + LMS_Q_LEN); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, + tmp_priv, tmp_priv + LMS_Q_LEN); } else { /* Calculate new SEED and I based on parent. */ ret = wc_hss_derive_seed_i(state, - curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv, + curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv, tmp_priv + LMS_Q_LEN); } /* Values not stored so note that they are in temporary. */ use_tmp = 1; /* Set the the q. */ - XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN); + XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN); } lastQMax = (qc == ((word32)1 << params->height) - 1); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); p64_hi = cp64_hi; q64_hi = cq64_hi; } @@ -2265,18 +2900,18 @@ static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key) byte* priv = priv_key->next_priv; int i; - XMEMCPY(priv, curr, LMS_PRIV_LEN); + XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len)); wc_lms_idx_inc(priv, LMS_Q_LEN); for (i = 1; (ret == 0) && (i < params->levels); i++) { word32 q; - ato32(curr + LMS_PRIV_LEN, &q); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &q); ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1], curr, priv, q); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2296,14 +2931,15 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, { int ret = 0; int levels = state->params->levels; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + + LMS_PRIV_LEN(state->params->hash_len) * (levels - 1); int l; for (l = levels - 1; (ret == 0) && (l >= 0); l--) { word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + state->params->hash_len; /* Get current q for tree at level. */ ato32(priv_q, &q); @@ -2312,11 +2948,11 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, priv_seed, q); /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(state->params->hash_len); } if ((ret == 0) && (pub_root != NULL)) { - XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN); + XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len); } return ret; @@ -2343,7 +2979,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, { const LmsParams* params = state->params; int ret = 0; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1); int i; #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING w64wrapper q64; @@ -2358,13 +2994,12 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; LmsPrivState* privState = &priv_key->state[i]; /* Get q for tree at level. */ ato32(priv_q, &q); #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING - if ((levels > 1) && (i == levels - 1) && (q == 0)) { /* New sub-tree. */ ret = wc_hss_next_subtree_inc(state, priv_key, q64); @@ -2399,9 +3034,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, /* If different then copy in cached hash. */ if ((qa != qm1a) && (qa > maxq)) { int off = (1 << (params->height - h)) + (qa >> h) - 1; - XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN, - privState->root + off * LMS_MAX_NODE_LEN, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->auth_path + h * params->hash_len, + privState->root + off * params->hash_len, + params->hash_len); } } /* Update the treehash and calculate the extra indices for @@ -2415,9 +3050,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, w64Increment(&tmp64); tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height)); if (!w64IsZero(tmp64)) { - priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN + - LMS_Q_LEN; - priv_i = priv_seed + LMS_SEED_LEN; + priv_seed = priv_key->next_priv + + i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN; + priv_i = priv_seed + params->hash_len; privState = &priv_key->next_state[i - 1]; ret = wc_lms_treehash_update(state, privState, priv_i, @@ -2429,7 +3064,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, } /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2446,21 +3081,21 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) int ret = 0; const LmsParams* params = state->params; byte* buffer = state->buffer; - byte pub[LMS_PUBKEY_LEN]; - byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN; + byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)]; + byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len; byte* priv = priv_key->priv; int i; for (i = params->levels - 2; i >= 0; i--) { - const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); const byte* priv_q = p; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* ... || T(1) */ - XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len); /* u32str(type) || u32str(otstype) || I || T(1) */ - p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); wc_lmots_public_key_encode(params, p, pub); /* Setup for hashing: I || Q || ... */ @@ -2468,8 +3103,9 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN); /* LM-OTS Sign this level. */ - ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN, - priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p)); + ret = wc_lmots_sign(state, priv_seed, pub, + LMS_PUBKEY_LEN(params->hash_len), + priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } return ret; @@ -2492,25 +3128,25 @@ static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key, /* Expanded private keys. */ key->priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); #ifndef WOLFSSL_WC_LMS_SMALL for (l = 0; l < params->levels; l++) { /* Caches for subtree. */ wc_lms_priv_state_load(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ key->next_priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_load(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2536,22 +3172,22 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key, (void)key; /* Expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels; l++) { /* Caches for subtrees. */ wc_lms_priv_state_store(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_store(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2632,7 +3268,8 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, /* Set the LMS and LM-OTS types for each level. */ for (i = 0; i < params->levels; i++) { - p[i] = (params->lmsType << 4) + params->lmOtsType; + p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) + + (params->lmOtsType & LMS_H_W_MASK); } /* Set rest of levels to an invalid value. */ for (; i < HSS_MAX_LEVELS; i++) { @@ -2641,7 +3278,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, p += HSS_PRIV_KEY_PARAM_SET_LEN; /* Make the private key. */ - ret = wc_lmots_make_private_key(rng, p); + ret = wc_lmots_make_private_key(rng, params->hash_len, p); if (ret == 0) { /* Set the levels into the public key data. */ @@ -2653,7 +3290,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, #ifdef WOLFSSL_WC_LMS_SMALL if (ret == 0) { byte* priv_seed = priv_key->priv + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; /* Compute the root of the highest tree to get the root for public key. */ @@ -2742,24 +3379,24 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } /* Sign using LMS for this level. */ ret = wc_lms_sign(state, p, msg, msgSz, sig); if (ret == 0) { - byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + - params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len + + params->p * params->hash_len + LMS_TYPE_LEN; byte* priv_q = p; byte* priv_seed = priv_q + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; word32 q32; /* Get Q from private key as a number. */ @@ -2769,9 +3406,9 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -2839,7 +3476,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; #ifndef WOLFSSL_LMS_NO_SIG_CACHE int store_p = 0; @@ -2850,10 +3487,10 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } #ifndef WOLFSSL_LMS_NO_SIG_CACHE @@ -2861,7 +3498,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, * can reuse. */ if ((i < params->levels - 1) && (q_32 == qm1_32)) { wc_lms_sig_copy(params, priv_key->y + - i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig); + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig); } else #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ @@ -2879,26 +3516,27 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Check if we computed new C and p hashes. */ if (store_p) { /* Cache the C and p hashes. */ - XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s, - LMS_PRIV_Y_TREE_LEN(params->p)); + XMEMCPY(priv_key->y + + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s, + LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + + s += params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; /* Copy the authentication path out of the private key. */ XMEMCPY(s, priv_key->state[i].auth_path, - params->height * LMS_MAX_NODE_LEN); + params->height * params->hash_len); /* Copy the root node into signature unless at top. */ if (i != 0) { - XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i].root, params->hash_len); } } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -3074,14 +3712,15 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, for (i = 0; (ret == 0) && (i < nspk); i++) { /* Line 7: Get start of public key in signature. */ const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN + - params->height * LMS_MAX_NODE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN + + params->height * params->hash_len; /* Line 8: Verify the LMS signature with public key as message. */ - ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig); + ret = wc_lms_verify(state, key, pubList, + LMS_PUBKEY_LEN(params->hash_len), sig); /* Line 10: Next key is from signature. */ key = pubList; /* Line 6: Move to start of next signature. */ - sig = pubList + LMS_PUBKEY_LEN; + sig = pubList + LMS_PUBKEY_LEN(params->hash_len); } } if (ret == 0) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ca8094ea1..df2ba77f5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -656,8 +656,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif @@ -2192,8 +2192,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS Vfy test failed!\n", ret); else @@ -45960,7 +45960,11 @@ static int lms_read_key_mem(byte * priv, word32 privSz, void *context) /* LMS signature sizes are a function of their parameters. This * test has a signature of 8688 bytes. */ +#ifndef WOLFSSL_NO_LMS_SHA256_256 #define WC_TEST_LMS_SIG_LEN (8688) +#else +#define WC_TEST_LMS_SIG_LEN (4984) +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) { @@ -46103,8 +46107,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) -#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) +#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) /* A simple LMS verify only test. * diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h index 45c64e002..1534fb1aa 100644 --- a/wolfssl/wolfcrypt/lms.h +++ b/wolfssl/wolfcrypt/lms.h @@ -78,6 +78,7 @@ enum wc_LmsRc { * Not predefining many sets with Winternitz=1, because the signatures * will be large. */ enum wc_LmsParm { +#ifndef WOLFSSL_NO_LMS_SHA256_256 WC_LMS_PARM_NONE = 0, WC_LMS_PARM_L1_H5_W1 = 1, WC_LMS_PARM_L1_H5_W2 = 2, @@ -114,6 +115,27 @@ enum wc_LmsParm { WC_LMS_PARM_L4_H5_W8 = 33, WC_LMS_PARM_L4_H10_W4 = 34, WC_LMS_PARM_L4_H10_W8 = 35, +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36, + WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37, + WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38, + WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39, + WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40, + WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41, + WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, + WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, + WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, + WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, + WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, + WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, + WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48, + WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49, + WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50, + WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51, + WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52, +#endif }; /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 6f90eaa3b..0f3169622 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -134,6 +134,9 @@ /* Length of numeric types when encoding. */ #define LMS_TYPE_LEN 4 +/* Size of digest output when truncatint SHA-256 to 192 bits. */ +#define WC_SHA256_192_DIGEST_SIZE 24 + /* Maximum size of a node hash. */ #define LMS_MAX_NODE_LEN WC_SHA256_DIGEST_SIZE /* Maximum size of SEED (produced by hash). */ @@ -142,8 +145,6 @@ * Value of P when N=32 and W=1. */ #define LMS_MAX_P 265 -/* Length of SEED and I in bytes. */ -#define LMS_SEED_I_LEN (LMS_SEED_LEN + LMS_I_LEN) #ifndef WOLFSSL_LMS_ROOT_LEVELS @@ -192,33 +193,32 @@ (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS) /* Private key length for one level. */ -#define LMS_PRIV_LEN \ - (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define LMS_PRIV_LEN(hLen) \ + (LMS_Q_LEN + (hLen) + LMS_I_LEN) /* Public key length in signature. */ -#define LMS_PUBKEY_LEN \ - (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN) +#define LMS_PUBKEY_LEN(hLen) \ + (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen)) /* LMS signature data length. */ -#define LMS_SIG_LEN(h, p) \ - (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \ - LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN) +#define LMS_SIG_LEN(h, p, hLen) \ + (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN + \ + (h) * (hLen)) /* Length of public key. */ -#define HSS_PUBLIC_KEY_LEN (LMS_L_LEN + LMS_PUBKEY_LEN) +#define HSS_PUBLIC_KEY_LEN(hLen) (LMS_L_LEN + LMS_PUBKEY_LEN(hLen)) /* Length of private key. */ -#define HSS_PRIVATE_KEY_LEN \ - (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define HSS_PRIVATE_KEY_LEN(hLen) \ + (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN) /* Maximum public key length - length is constant for all parameters. */ -#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN +#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum private key length - length is constant for all parameters. */ -#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN +#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum signature length. */ #define HSS_MAX_SIG_LEN \ (LMS_TYPE_LEN + \ LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + \ LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) + \ - (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN \ - ) + (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)) /* Maximum buffer length required for use when hashing. */ #define LMS_MAX_BUFFER_LEN \ @@ -229,20 +229,20 @@ * * HSSPrivKey.priv */ -#define LMS_PRIV_KEY_LEN(l) \ - ((l) * LMS_PRIV_LEN) +#define LMS_PRIV_KEY_LEN(l, hLen) \ + ((l) * LMS_PRIV_LEN(hLen)) /* Stack of nodes. */ -#define LMS_STACK_CACHE_LEN(h) \ - (((h) + 1) * LMS_MAX_NODE_LEN) +#define LMS_STACK_CACHE_LEN(h, hLen) \ + (((h) + 1) * (hLen)) /* Root cache length. */ -#define LMS_ROOT_CACHE_LEN(rl) \ - (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN) +#define LMS_ROOT_CACHE_LEN(rl, hLen) \ + (((1 << (rl)) - 1) * (hLen)) /* Leaf cache length. */ -#define LMS_LEAF_CACHE_LEN(cb) \ - ((1 << (cb)) * LMS_MAX_NODE_LEN) +#define LMS_LEAF_CACHE_LEN(cb, hLen) \ + ((1 << (cb)) * (hLen)) /* Length of LMS private key state. * @@ -252,75 +252,103 @@ * stack.stack + stack.offset + * cache.leaf + cache.index + cache.offset */ -#define LMS_PRIV_STATE_LEN(h, rl, cb) \ - (((h) * LMS_MAX_NODE_LEN) + \ - LMS_STACK_CACHE_LEN(h) + 4 + \ - LMS_ROOT_CACHE_LEN(rl) + \ - LMS_LEAF_CACHE_LEN(cb) + 4 + 4) +#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen) \ + (((h) * (hLen)) + \ + LMS_STACK_CACHE_LEN(h, hLen) + 4 + \ + LMS_ROOT_CACHE_LEN(rl, hLen) + \ + LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4) #ifndef WOLFSSL_WC_LMS_SMALL /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) \ - ((l) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) \ + ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIG_CACHE - #define LMS_PRIV_Y_TREE_LEN(p) \ - (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN) + #define LMS_PRIV_Y_TREE_LEN(p, hLen) \ + ((hLen) + (p) * (hLen)) /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) \ - (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)) + #define LMS_PRIV_Y_LEN(l, p, hLen) \ + (((l) - 1) * ((hLen) + (p) * (hLen))) #else /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) 0 + #define LMS_PRIV_Y_LEN(l, p, hLen) 0 #endif #ifndef WOLFSSL_WC_LMS_SMALL /* Length of private key data. */ -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) + \ - LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) + \ - LMS_PRIV_Y_LEN(l, p)) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_Y_LEN(l, p, hLen)) #else -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - LMS_PRIV_KEY_LEN(l) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + LMS_PRIV_KEY_LEN(l, hLen) #endif +/* Indicates using SHA-256 for hashing. */ +#define LMS_SHA256 0x00 +/* Indicates using SHA-256/192 for hashing. */ +#define LMS_SHA256_192 0x10 +/* Mask to get hashing algorithm from type. */ +#define LMS_HASH_MASK 0xf0 +/* Mask to get height or Winternitz width from type. */ +#define LMS_H_W_MASK 0x0f /* LMS Parameters. */ /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ -#define LMS_SHA256_M32_H5 5 +#define LMS_SHA256_M32_H5 0x05 /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ -#define LMS_SHA256_M32_H10 6 +#define LMS_SHA256_M32_H10 0x06 /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ -#define LMS_SHA256_M32_H15 7 +#define LMS_SHA256_M32_H15 0x07 /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ -#define LMS_SHA256_M32_H20 8 +#define LMS_SHA256_M32_H20 0x08 /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ -#define LMS_SHA256_M32_H25 9 +#define LMS_SHA256_M32_H25 0x09 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ -#define LMOTS_SHA256_N32_W1 1 +#define LMOTS_SHA256_N32_W1 0x01 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ -#define LMOTS_SHA256_N32_W2 2 +#define LMOTS_SHA256_N32_W2 0x02 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ -#define LMOTS_SHA256_N32_W4 3 +#define LMOTS_SHA256_N32_W4 0x03 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ -#define LMOTS_SHA256_N32_W8 4 +#define LMOTS_SHA256_N32_W8 0x04 + +/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ +#define LMS_SHA256_M24_H5 (0x05 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ +#define LMS_SHA256_M24_H10 (0x06 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ +#define LMS_SHA256_M24_H15 (0x07 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ +#define LMS_SHA256_M24_H20 (0x08 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ +#define LMS_SHA256_M24_H25 (0x09 | LMS_SHA256_192) + +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ +#define LMOTS_SHA256_N24_W1 (0x01 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ +#define LMOTS_SHA256_N24_W2 (0x02 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ +#define LMOTS_SHA256_N24_W4 (0x03 | LMS_SHA256_192) +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ +#define LMOTS_SHA256_N24_W8 (0x04 | LMS_SHA256_192) typedef struct LmsParams { /* Number of tree levels. */ @@ -339,6 +367,8 @@ typedef struct LmsParams { word16 lmOtsType; /* Length of LM-OTS signature. */ word16 sig_len; + /* Length of seed. */ + word16 hash_len; #ifndef WOLFSSL_WC_LMS_SMALL /* Number of root levels of interior nodes to store. */ word8 rootLevels; @@ -426,10 +456,10 @@ typedef struct HssPrivKey { struct LmsKey { /* Public key. */ - ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN]; + ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)]; #ifndef WOLFSSL_LMS_VERIFY_ONLY /* Encoded private key. */ - ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN]; + ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN]; /* Packed private key data. */ byte* priv_data; From ffc07215a49fcd9b462bbc4e76623cfbee2a50b0 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 15 Oct 2024 18:24:03 -0500 Subject: [PATCH 146/325] clean up wolfcrypt code base for -std=c89 -pedantic: add WC_BITFIELD macro to avoid -Wpedantics for "type of bit-field ... is a GCC extension", with overrideable default definition "byte", and replace parent types of all bitfields with WC_BITFIELD; fix numerous trailing commas in enums, mostly by removing them, but one (in asn.h, enum Extensions_Sum) using WOLF_ENUM_DUMMY_LAST_ELEMENT(); rearrange bitfields in struct ed25519_key for contiguity; always define WOLFSSL_SP_NO_DYN_STACK when defined(WOLF_C89). --- wolfcrypt/src/asn.c | 10 +-- wolfcrypt/src/pkcs7.c | 20 +++--- wolfssl/wolfcrypt/aes.h | 8 +-- wolfssl/wolfcrypt/asn.h | 91 ++++++++++++++------------- wolfssl/wolfcrypt/asn_public.h | 32 +++++----- wolfssl/wolfcrypt/chacha20_poly1305.h | 2 +- wolfssl/wolfcrypt/curve25519.h | 6 +- wolfssl/wolfcrypt/curve448.h | 4 +- wolfssl/wolfcrypt/ecc.h | 6 +- wolfssl/wolfcrypt/eccsi.h | 12 ++-- wolfssl/wolfcrypt/ed25519.h | 10 +-- wolfssl/wolfcrypt/ed448.h | 4 +- wolfssl/wolfcrypt/hash.h | 4 +- wolfssl/wolfcrypt/kdf.h | 2 +- wolfssl/wolfcrypt/pkcs7.h | 16 ++--- wolfssl/wolfcrypt/rsa.h | 2 +- wolfssl/wolfcrypt/sakke.h | 16 ++--- wolfssl/wolfcrypt/settings.h | 2 +- wolfssl/wolfcrypt/types.h | 6 +- 19 files changed, 129 insertions(+), 124 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5ee4c8f20..9ec233855 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20858,7 +20858,7 @@ static const ASNItem subjDirAttrASN[] = { enum { SUBJDIRATTRASN_IDX_SEQ = 0, SUBJDIRATTRASN_IDX_OID, - SUBJDIRATTRASN_IDX_SET, + SUBJDIRATTRASN_IDX_SET }; /* Number of items in ASN.1 template for BasicConstraints. */ @@ -23526,9 +23526,9 @@ typedef struct DecodeInstr { /* Tag expected. */ byte tag; /* Operation to perform: step in or go over */ - byte op:1; + WC_BITFIELD op:1; /* ASN.1 item is optional. */ - byte optional:1; + WC_BITFIELD optional:1; } DecodeInstr; /* Step into ASN.1 item. */ @@ -40761,7 +40761,7 @@ enum { HOLDER_IDX_ISSUERSERIAL_SEQ, HOLDER_IDX_GN_SEQ, HOLDER_IDX_SERIAL_INT, - HOLDER_IDX_GN_SEQ_OPT1, + HOLDER_IDX_GN_SEQ_OPT1 }; /* Number of items in ASN template for an X509 Acert. */ @@ -40885,7 +40885,7 @@ static const ASNItem AttCertIssuerASN[] = }; enum { - ATTCERTISSUER_IDX_GN_SEQ, + ATTCERTISSUER_IDX_GN_SEQ }; /* Number of items in ASN template for an X509 Acert. */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index ae9429cb2..4858fe354 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -118,12 +118,12 @@ struct PKCS7State { word32 peakUsed; /* most bytes used for struct at any one time */ word32 peakRead; /* most bytes used by read buffer */ #endif - byte multi:1; /* flag for if content is in multiple parts */ - byte flagOne:1; - byte detached:1; /* flag to indicate detached signature is present */ - byte noContent:1;/* indicates content isn't included in bundle */ - byte degenerate:1; - byte indefLen:1; /* flag to indicate indef-length encoding used */ + WC_BITFIELD multi:1; /* flag for if content is in multiple parts */ + WC_BITFIELD flagOne:1; + WC_BITFIELD detached:1; /* flag to indicate detached signature is present */ + WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */ + WC_BITFIELD degenerate:1; + WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */ }; @@ -1523,7 +1523,7 @@ typedef struct ESD { wc_HashAlg hash; enum wc_HashType hashType; byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */ - byte contentDigestSet:1; + WC_BITFIELD contentDigestSet:1; byte contentAttribsDigest[WC_MAX_DIGEST_SIZE]; byte encContentDigest[MAX_ENCRYPTED_KEY_SZ]; @@ -6829,9 +6829,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - byte decodedInit : 1; /* indicates decoded was initialized */ - byte recipKeyInit : 1; /* indicates recipKey was initialized */ - byte senderKeyInit : 1; /* indicates senderKey was initialized */ + WC_BITFIELD decodedInit:1; /* indicates decoded was initialized */ + WC_BITFIELD recipKeyInit:1; /* indicates recipKey was initialized */ + WC_BITFIELD senderKeyInit:1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index b52817d22..c01482c34 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -388,11 +388,11 @@ struct Aes { byte over; byte aOver; byte cOver; - byte gcmKeySet:1; - byte nonceSet:1; - byte ctrSet:1; + WC_BITFIELD gcmKeySet:1; + WC_BITFIELD nonceSet:1; + WC_BITFIELD ctrSet:1; #endif - byte isAllocated:1; /* flag indicates if structure was allocated */ + WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, * trackable by sanitizers. diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index ef3f352b3..6df41eb29 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -224,11 +224,11 @@ typedef struct ASNItem { /* BER/DER tag to expect. */ byte tag; /* Whether the ASN.1 item is constructed. */ - byte constructed:1; + WC_BITFIELD constructed:1; /* Whether to parse the header only or skip data. If * ASNSetData.data.buffer.data is supplied then this option gets * overwritten and the child nodes get ignored. */ - byte headerOnly:1; + WC_BITFIELD headerOnly:1; /* Whether ASN.1 item is optional. * - 0 means not optional * - 1 means is optional @@ -1273,8 +1273,9 @@ enum Extensions_Sum { #ifdef WOLFSSL_DUAL_ALG_CERTS SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */ ALT_SIG_ALG_OID = 187, /* 2.5.29.73 alt sig alg */ - ALT_SIG_VAL_OID = 188 /* 2.5.29.74 alt sig val */ + ALT_SIG_VAL_OID = 188, /* 2.5.29.74 alt sig val */ #endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum) }; enum CertificatePolicy_Sum { @@ -1941,63 +1942,63 @@ struct DecodedCert { int criticalExt; /* Option Bits */ - byte subjectCNStored : 1; /* have we saved a copy we own */ - byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ - byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ + WC_BITFIELD subjectCNStored:1; /* have we saved a copy we own */ + WC_BITFIELD extSubjKeyIdSet:1; /* Set when the SKID was read from cert */ + WC_BITFIELD extAuthKeyIdSet:1; /* Set when the AKID was read from cert */ #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintSet : 1; + WC_BITFIELD extNameConstraintSet:1; #endif - byte isCA : 1; /* CA basic constraint true */ - byte pathLengthSet : 1; /* CA basic const path length set */ - byte weOwnAltNames : 1; /* altNames haven't been given to copy */ - byte extKeyUsageSet : 1; - byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ + WC_BITFIELD isCA:1; /* CA basic constraint true */ + WC_BITFIELD pathLengthSet:1; /* CA basic const path length set */ + WC_BITFIELD weOwnAltNames:1; /* altNames haven't been given to copy */ + WC_BITFIELD extKeyUsageSet:1; + WC_BITFIELD extExtKeyUsageSet:1; /* Extended Key Usage set */ #ifdef HAVE_OCSP - byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */ + WC_BITFIELD ocspNoCheckSet:1; /* id-pkix-ocsp-nocheck set */ #endif - byte extCRLdistSet : 1; - byte extAuthInfoSet : 1; - byte extBasicConstSet : 1; - byte extPolicyConstSet : 1; - byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */ - byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */ - byte extSubjAltNameSet : 1; - byte inhibitAnyOidSet : 1; - byte selfSigned : 1; /* Indicates subject and issuer are same */ + WC_BITFIELD extCRLdistSet:1; + WC_BITFIELD extAuthInfoSet:1; + WC_BITFIELD extBasicConstSet:1; + WC_BITFIELD extPolicyConstSet:1; + WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */ + WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */ + WC_BITFIELD extSubjAltNameSet:1; + WC_BITFIELD inhibitAnyOidSet:1; + WC_BITFIELD selfSigned:1; /* Indicates subject and issuer are same */ #ifdef WOLFSSL_SEP - byte extCertPolicySet : 1; + WC_BITFIELD extCertPolicySet:1; #endif - byte extCRLdistCrit : 1; - byte extAuthInfoCrit : 1; - byte extBasicConstCrit : 1; - byte extPolicyConstCrit : 1; - byte extSubjAltNameCrit : 1; - byte extAuthKeyIdCrit : 1; + WC_BITFIELD extCRLdistCrit:1; + WC_BITFIELD extAuthInfoCrit:1; + WC_BITFIELD extBasicConstCrit:1; + WC_BITFIELD extPolicyConstCrit:1; + WC_BITFIELD extSubjAltNameCrit:1; + WC_BITFIELD extAuthKeyIdCrit:1; #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintCrit : 1; + WC_BITFIELD extNameConstraintCrit:1; #endif - byte extSubjKeyIdCrit : 1; - byte extKeyUsageCrit : 1; - byte extExtKeyUsageCrit : 1; + WC_BITFIELD extSubjKeyIdCrit:1; + WC_BITFIELD extKeyUsageCrit:1; + WC_BITFIELD extExtKeyUsageCrit:1; #ifdef WOLFSSL_SUBJ_DIR_ATTR - byte extSubjDirAttrSet : 1; + WC_BITFIELD extSubjDirAttrSet:1; #endif #ifdef WOLFSSL_SUBJ_INFO_ACC - byte extSubjInfoAccSet : 1; + WC_BITFIELD extSubjInfoAccSet:1; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS - byte extSapkiSet : 1; - byte extAltSigAlgSet : 1; - byte extAltSigValSet : 1; + WC_BITFIELD extSapkiSet:1; + WC_BITFIELD extAltSigAlgSet:1; + WC_BITFIELD extAltSigValSet:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef WOLFSSL_SEP - byte extCertPolicyCrit : 1; + WC_BITFIELD extCertPolicyCrit:1; #endif #ifdef WOLFSSL_CERT_REQ - byte isCSR : 1; /* Do we intend on parsing a CSR? */ + WC_BITFIELD isCSR:1; /* Do we intend on parsing a CSR? */ #endif #ifdef HAVE_RPK - byte isRPK : 1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ + WC_BITFIELD isRPK:1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ #endif #ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; @@ -2034,7 +2035,7 @@ struct Signer { word32 keyOID; /* key type */ word16 keyUsage; byte maxPathLen; - byte selfSigned : 1; + WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; char* name; /* common name */ @@ -2572,10 +2573,10 @@ struct OcspEntry byte* rawCertId; /* raw bytes of the CertID */ int rawCertIdSize; /* num bytes in raw CertID */ /* option bits - using 32-bit for alignment */ - word32 ownStatus:1; /* do we need to free the status + WC_BITFIELD ownStatus:1; /* do we need to free the status * response list */ - word32 isDynamic:1; /* was dynamically allocated */ - word32 used:1; /* entry used */ + WC_BITFIELD isDynamic:1; /* was dynamically allocated */ + WC_BITFIELD used:1; /* entry used */ }; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index fe15ab09d..b8bbce40f 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -332,7 +332,7 @@ typedef struct EncryptedInfo { char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ byte iv[IV_SZ]; /* salt or encrypted IV */ - word16 set:1; /* if encryption set */ + WC_BITFIELD set:1; /* if encryption set */ #endif } EncryptedInfo; @@ -347,7 +347,7 @@ typedef struct WOLFSSL_ASN1_INTEGER { unsigned char* data; unsigned int dataMax; /* max size of data buffer */ - unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + WC_BITFIELD isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ int length; /* Length of DER encoding. */ int type; /* ASN.1 type. Includes negative flag. */ @@ -549,13 +549,13 @@ typedef struct Cert { void* decodedCert; /* internal DecodedCert allocated from heap */ byte* der; /* Pointer to buffer of current DecodedCert cache */ void* heap; /* heap hint */ - byte basicConstSet:1; /* Indicator for when Basic Constraint is set */ + WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */ #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - byte isCaSet:1; /* Indicator for when isCA is set */ + WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ #endif - byte pathLenSet:1; /* Indicator for when path length is set */ + WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */ #ifdef WOLFSSL_ALT_NAMES - byte altNamesCrit:1; /* Indicator of criticality of SAN extension */ + WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */ #endif } Cert; @@ -937,9 +937,9 @@ typedef struct _wc_CertPIV { word32 signedNonceSz; /* Identiv Only */ /* flags */ - word16 compression:2; - word16 isX509:1; - word16 isIdentiv:1; + WC_BITFIELD compression:2; + WC_BITFIELD isX509:1; + WC_BITFIELD isIdentiv:1; } wc_CertPIV; WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); @@ -1007,7 +1007,7 @@ enum Asn1PrintOpt { /* Don't show text representations of primitive types. */ ASN1_PRINT_OPT_SHOW_NO_TEXT, /* Don't show dump text representations of primitive types. */ - ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT, + ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT }; /* ASN.1 print options. */ @@ -1019,17 +1019,17 @@ typedef struct Asn1PrintOptions { /* Number of spaces to indent for each change in depth. */ word8 indent; /* Draw branches instead of indenting. */ - word8 draw_branch:1; + WC_BITFIELD draw_branch:1; /* Show raw data of primitive types as octets. */ - word8 show_data:1; + WC_BITFIELD show_data:1; /* Show header data as octets. */ - word8 show_header_data:1; + WC_BITFIELD show_header_data:1; /* Show the wolfSSL OID value for OBJECT_ID. */ - word8 show_oid:1; + WC_BITFIELD show_oid:1; /* Don't show text representations of primitive types. */ - word8 show_no_text:1; + WC_BITFIELD show_no_text:1; /* Don't show dump text representations of primitive types. */ - word8 show_no_dump_text:1; + WC_BITFIELD show_no_dump_text:1; } Asn1PrintOptions; /* ASN.1 item data. */ diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index 929a1a640..ffa4031bd 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead { word32 dataLen; byte state; - byte isEncrypt:1; + WC_BITFIELD isEncrypt:1; } ChaChaPoly_Aead; diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index d6240d626..feb74aa99 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -97,9 +97,9 @@ struct curve25519_key { #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; - byte isAllocated:1; /* flag indicates if structure was allocated */ + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; + WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ }; enum { diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index 75df9e2fb..b7227275f 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -58,8 +58,8 @@ struct curve448_key { #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; }; enum { diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 5975ab9b4..71a7a8b79 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -467,7 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif - byte isAllocated:1; + WC_BITFIELD isAllocated:1; }; /* ECC Flags */ @@ -590,12 +590,12 @@ struct ecc_key { mp_int* sign_k; #else mp_int sign_k[1]; - byte sign_k_set:1; + WC_BITFIELD sign_k_set:1; #endif #endif #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) - byte deterministic:1; + WC_BITFIELD deterministic:1; enum wc_HashType hashType; #endif diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h index 72f9c7063..34e10bfcf 100644 --- a/wolfssl/wolfcrypt/eccsi.h +++ b/wolfssl/wolfcrypt/eccsi.h @@ -62,15 +62,15 @@ typedef struct EccsiKeyParams { ecc_point* base; /** Bit indicates order (q) is set as an MP integer in ECCSI key. */ - byte haveOrder:1; + WC_BITFIELD haveOrder:1; /** Bit indicates A is set as an MP integer in ECCSI key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates B is set as an MP integer in ECCSI key. */ - byte haveB:1; + WC_BITFIELD haveB:1; /** Bit indicates prime is set as an MP integer in ECCSI key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates base point is set as an MP integer in ECCSI key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } EccsiKeyParams; /** @@ -104,7 +104,7 @@ typedef struct EccsiKey { /** Heap hint for dynamic memory allocation. */ void* heap; /** Bit indicates KPAK (public key) is in montgomery form. */ - word16 kpakMont:1; + WC_BITFIELD kpakMont:1; } EccsiKey; #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 763553ffa..1de20133a 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -94,8 +94,11 @@ struct ed25519_key { word32 flags; byte keyIdSet; #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; + WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ + /* flag indicates if structure was allocated */ + WC_BITFIELD isAllocated:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -106,10 +109,7 @@ struct ed25519_key { void *heap; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 sha; - byte sha_clean_flag : 1; #endif - /* flag indicates if structure was allocated */ - byte isAllocated : 1; }; #ifndef WC_ED25519KEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index c8ede51fe..9e2e8908e 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -85,8 +85,8 @@ struct ed448_key { byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 0fe45bb13..2abfafd18 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -80,7 +80,7 @@ enum wc_MACAlgorithm { sha512_mac, rmd_mac, blake2b_mac, - sm3_mac, + sm3_mac }; enum wc_HashFlags { @@ -125,7 +125,7 @@ typedef union { typedef struct { wc_Hashes alg; enum wc_HashType type; /* sanity check */ - byte isAllocated:1; /* flag indicates if structure was allocated */ + WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index 1e731ebc6..66b3a7aac 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -140,7 +140,7 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, /* Indicators */ enum { WC_SRTCP_32BIT_IDX = 0, - WC_SRTCP_48BIT_IDX = 1, + WC_SRTCP_48BIT_IDX = 1 }; /* Maximum length of salt that can be used with SRTP/SRTCP. */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 0a4631997..80c687b05 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -257,8 +257,8 @@ struct PKCS7 { CallbackStreamOut streamOutCb; void* streamCtx; /* passed to getcontentCb and streamOutCb */ #endif - byte encodeStream:1; /* use BER when encoding */ - byte noCerts:1; /* if certificates should be added into bundle + WC_BITFIELD encodeStream:1; /* use BER when encoding */ + WC_BITFIELD noCerts:1; /* if certificates should be added into bundle during creation */ byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ byte* verifyCert; /* cert from array used for verify */ @@ -296,9 +296,9 @@ struct PKCS7 { word32 certSz[MAX_PKCS7_CERTS]; /* flags - up to 16-bits */ - word16 isDynamic:1; - word16 noDegenerate:1; /* allow degenerate case in verify function */ - word16 detached:1; /* generate detached SignedData signature bundles */ + WC_BITFIELD isDynamic:1; + WC_BITFIELD noDegenerate:1; /* allow degenerate case in verify function */ + WC_BITFIELD detached:1; /* generate detached SignedData signature bundles */ byte contentType[MAX_OID_SZ]; /* custom contentType byte array */ word32 contentTypeSz; /* size of contentType, bytes */ @@ -356,9 +356,9 @@ struct PKCS7 { /* used by DecodeEnvelopedData with multiple encrypted contents */ byte* cachedEncryptedContent; word32 cachedEncryptedContentSz; - word16 contentCRLF:1; /* have content line endings been converted to CRLF */ - word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ - word16 hashParamsAbsent:1; + WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */ + WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ + WC_BITFIELD hashParamsAbsent:1; /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as * a SHA1 hash of the public key, but leaves it open to other methods as diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 0cf701dc9..8bb0f5fe4 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,7 +269,7 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif - byte isAllocated:1; /* flag indicates if structure was allocated */ + WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ }; #ifndef WC_RSAKEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h index 68b24c3c6..0f7a75c07 100644 --- a/wolfssl/wolfcrypt/sakke.h +++ b/wolfssl/wolfcrypt/sakke.h @@ -64,15 +64,15 @@ typedef struct SakkeKeyParams { ecc_point* base; /** Bit indicate prime is set as an MP integer in SAKKE key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates q (order) is set as an MP integer in SAKKE key. */ - byte haveQ:1; + WC_BITFIELD haveQ:1; /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */ - byte haveG:1; + WC_BITFIELD haveG:1; /** Bit indicates a is set as an MP integer in SAKKE key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates base point is set as an ECC point in SAKKE key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } SakkeKeyParams; /** Temporary values to use in SAKKE calculations. */ @@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk { /** Length of table */ word32 tableLen; /** Indicates whether an RSK value has been set. */ - byte set:1; + WC_BITFIELD set:1; } SakkeKeyRsk; #endif @@ -153,9 +153,9 @@ typedef struct SakkeKey { void* heap; /** Bit indicates Z, public key, is in montgomery form. */ - byte zMont:1; + WC_BITFIELD zMont:1; /** Bit indicate MP integers have been initialized. */ - byte mpInit:1; + WC_BITFIELD mpInit:1; } SakkeKey; #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6c5c24cb7..440a3e558 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2743,7 +2743,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SP_INT_DIGIT_ALIGN #define WOLFSSL_SP_INT_DIGIT_ALIGN #endif -#ifdef __APPLE__ +#if defined(__APPLE__) || defined(WOLF_C89) #define WOLFSSL_SP_NO_DYN_STACK #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index ee00f7f82..e10f5f8b4 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -112,6 +112,10 @@ decouple library dependencies with standard string, memory and so on. typedef const char* const wcchar; #endif + #ifndef WC_BITFIELD + #define WC_BITFIELD byte + #endif + #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES /* if a version is available, pivot on the version, otherwise guess it's * allowed, subject to override. @@ -1108,7 +1112,7 @@ typedef struct w64wrapper { DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, DYNAMIC_TYPE_SNIFFER_KEY = 1006, DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_AES_EAX = 1008, + DYNAMIC_TYPE_AES_EAX = 1008 }; /* max error buffer string size */ From a81aa287a5499e3a96aa9ca61377d923b00d573b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 16 Oct 2024 09:48:10 +1000 Subject: [PATCH 147/325] SP C: cast after and with constant Always cast to sp_digit after and with a constant that would convert value to integer. --- wolfcrypt/src/sp_c32.c | 2618 ++++++++++++++++++++-------------------- wolfcrypt/src/sp_c64.c | 1756 +++++++++++++-------------- 2 files changed, 2187 insertions(+), 2187 deletions(-) diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index a6db0646a..9520f86df 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -357,29 +357,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -387,7 +387,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -396,7 +396,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -406,7 +406,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -417,7 +417,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -429,7 +429,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -442,7 +442,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] + ((sp_uint64)a[ 3]) * b[ 9] @@ -454,7 +454,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 3] + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 2]) * b[11] + ((sp_uint64)a[ 3]) * b[10] + ((sp_uint64)a[ 4]) * b[ 9] @@ -465,7 +465,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 4] + ((sp_uint64)a[10]) * b[ 3] + ((sp_uint64)a[11]) * b[ 2]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 3]) * b[11] + ((sp_uint64)a[ 4]) * b[10] + ((sp_uint64)a[ 5]) * b[ 9] @@ -475,7 +475,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 5] + ((sp_uint64)a[10]) * b[ 4] + ((sp_uint64)a[11]) * b[ 3]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 4]) * b[11] + ((sp_uint64)a[ 5]) * b[10] + ((sp_uint64)a[ 6]) * b[ 9] @@ -484,7 +484,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 6] + ((sp_uint64)a[10]) * b[ 5] + ((sp_uint64)a[11]) * b[ 4]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 5]) * b[11] + ((sp_uint64)a[ 6]) * b[10] + ((sp_uint64)a[ 7]) * b[ 9] @@ -492,35 +492,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 7] + ((sp_uint64)a[10]) * b[ 6] + ((sp_uint64)a[11]) * b[ 5]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 6]) * b[11] + ((sp_uint64)a[ 7]) * b[10] + ((sp_uint64)a[ 8]) * b[ 9] + ((sp_uint64)a[ 9]) * b[ 8] + ((sp_uint64)a[10]) * b[ 7] + ((sp_uint64)a[11]) * b[ 6]; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 7]) * b[11] + ((sp_uint64)a[ 8]) * b[10] + ((sp_uint64)a[ 9]) * b[ 9] + ((sp_uint64)a[10]) * b[ 8] + ((sp_uint64)a[11]) * b[ 7]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 8]) * b[11] + ((sp_uint64)a[ 9]) * b[10] + ((sp_uint64)a[10]) * b[ 9] + ((sp_uint64)a[11]) * b[ 8]; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 9]) * b[11] + ((sp_uint64)a[10]) * b[10] + ((sp_uint64)a[11]) * b[ 9]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10]; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * b[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -874,105 +874,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] + ((sp_uint64)a[ 3]) * a[ 9] + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 2]) * a[11] + ((sp_uint64)a[ 3]) * a[10] + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 3]) * a[11] + ((sp_uint64)a[ 4]) * a[10] + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -1626,26 +1626,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -1662,34 +1662,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -1708,7 +1708,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[36]) << 20; for (i = 0; i < 35; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[37 + i]) << 20; } @@ -1718,26 +1718,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) sp_int64 n = a[35] >> 9; n += ((sp_int64)a[36]) << 20; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 37]) << 20; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 38]) << 20; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 39]) << 20; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 40]) << 20; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 41]) << 20; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 42]) << 20; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 43]) << 20; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 44]) << 20; } - r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20; - r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20; - r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20; + r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20; + r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20; + r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20; r[35] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -1758,11 +1758,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_36(a + 36); for (i=0; i<35; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -1913,22 +1913,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<35; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); } - r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff); - r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff); - r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff); + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[35] = a[35] >> n; } @@ -2611,26 +2611,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; t[3] = (tb * a[71]) + r[71]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[71] = t[3] & 0x1fffffff; + r[71] = (sp_digit)(t[3] & 0x1fffffff); r[72] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -2647,21 +2647,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[64]) + r[64]; @@ -2672,21 +2672,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[69]) + r[69]; t[6] = (tb * a[70]) + r[70]; t[7] = (tb * a[71]) + r[71]; - r[64] = t[0] & 0x1fffffff; + r[64] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[65] = t[1] & 0x1fffffff; + r[65] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[66] = t[2] & 0x1fffffff; + r[66] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[67] = t[3] & 0x1fffffff; + r[67] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[68] = t[4] & 0x1fffffff; + r[68] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[69] = t[5] & 0x1fffffff; + r[69] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[70] = t[6] & 0x1fffffff; + r[70] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[71] = t[7] & 0x1fffffff; + r[71] = (sp_digit)(t[7] & 0x1fffffff); r[72] += (sp_digit)(t[7] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -2705,7 +2705,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -2715,29 +2715,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) sp_int64 n = a[70] >> 18; n += ((sp_int64)a[71]) << 11; for (i = 0; i < 64; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 72]) << 11; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 73]) << 11; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 74]) << 11; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 75]) << 11; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 76]) << 11; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 77]) << 11; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 78]) << 11; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 79]) << 11; } - r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11; - r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11; - r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11; - r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11; - r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11; - r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11; + r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11; + r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11; + r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11; + r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11; + r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11; + r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11; r[70] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[71], 0, sizeof(*r) * 71U); @@ -2760,33 +2760,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<70; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x3ffffL; + mu = (sp_digit)(a[i] & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -2967,26 +2967,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<71; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<64; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); } - r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff); - r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff); - r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff); - r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff); - r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff); - r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff); - r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff); + r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff); + r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff); + r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff); + r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff); + r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff); + r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff); + r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[71] = a[71] >> n; } @@ -4340,7 +4340,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, r[72] = a[71] >> (29 - n); for (i=71; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -4349,149 +4349,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[71]; r[72] = s >> (29U - n); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -5324,17 +5324,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[52]) + r[52]; - r[52] = t[0] & 0x1fffffff; + r[52] = (sp_digit)(t[0] & 0x1fffffff); r[53] += (sp_digit)(t[0] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -5351,7 +5351,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[53]) << 1; for (i = 0; i < 52; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[54 + i]) << 1; } @@ -5374,11 +5374,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_53(a + 53); for (i=0; i<52; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -5602,7 +5602,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a, int i; for (i=0; i<52; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[52] = a[52] >> n; } @@ -6250,20 +6250,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[104]) + r[104]; t[1] = (tb * a[105]) + r[105]; - r[104] = t[0] & 0x1fffffff; + r[104] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[105] = t[1] & 0x1fffffff; + r[105] = (sp_digit)(t[1] & 0x1fffffff); r[106] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -6280,7 +6280,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[106]) << 2; for (i = 0; i < 105; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[107 + i]) << 2; } @@ -6305,33 +6305,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<105; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7ffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -6437,7 +6437,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a, int i; for (i=0; i<105; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[105] = a[105] >> n; } @@ -7786,9 +7786,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a, r[106] = a[105] >> (29 - n); for (i=105; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -8438,29 +8438,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -8468,7 +8468,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -8477,7 +8477,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -8487,7 +8487,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -8498,7 +8498,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -8510,7 +8510,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -8523,7 +8523,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[12] + ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] @@ -8537,7 +8537,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1] + ((sp_uint64)a[12]) * b[ 0]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[13] + ((sp_uint64)a[ 1]) * b[12] + ((sp_uint64)a[ 2]) * b[11] @@ -8552,7 +8552,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 2] + ((sp_uint64)a[12]) * b[ 1] + ((sp_uint64)a[13]) * b[ 0]; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 1]) * b[13] + ((sp_uint64)a[ 2]) * b[12] + ((sp_uint64)a[ 3]) * b[11] @@ -8566,7 +8566,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 3] + ((sp_uint64)a[12]) * b[ 2] + ((sp_uint64)a[13]) * b[ 1]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 2]) * b[13] + ((sp_uint64)a[ 3]) * b[12] + ((sp_uint64)a[ 4]) * b[11] @@ -8579,7 +8579,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 4] + ((sp_uint64)a[12]) * b[ 3] + ((sp_uint64)a[13]) * b[ 2]; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 3]) * b[13] + ((sp_uint64)a[ 4]) * b[12] + ((sp_uint64)a[ 5]) * b[11] @@ -8591,7 +8591,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 5] + ((sp_uint64)a[12]) * b[ 4] + ((sp_uint64)a[13]) * b[ 3]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 4]) * b[13] + ((sp_uint64)a[ 5]) * b[12] + ((sp_uint64)a[ 6]) * b[11] @@ -8602,7 +8602,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 6] + ((sp_uint64)a[12]) * b[ 5] + ((sp_uint64)a[13]) * b[ 4]; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 5]) * b[13] + ((sp_uint64)a[ 6]) * b[12] + ((sp_uint64)a[ 7]) * b[11] @@ -8612,7 +8612,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 7] + ((sp_uint64)a[12]) * b[ 6] + ((sp_uint64)a[13]) * b[ 5]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 6]) * b[13] + ((sp_uint64)a[ 7]) * b[12] + ((sp_uint64)a[ 8]) * b[11] @@ -8621,7 +8621,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 8] + ((sp_uint64)a[12]) * b[ 7] + ((sp_uint64)a[13]) * b[ 6]; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 7]) * b[13] + ((sp_uint64)a[ 8]) * b[12] + ((sp_uint64)a[ 9]) * b[11] @@ -8629,35 +8629,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 9] + ((sp_uint64)a[12]) * b[ 8] + ((sp_uint64)a[13]) * b[ 7]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 8]) * b[13] + ((sp_uint64)a[ 9]) * b[12] + ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10] + ((sp_uint64)a[12]) * b[ 9] + ((sp_uint64)a[13]) * b[ 8]; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 9]) * b[13] + ((sp_uint64)a[10]) * b[12] + ((sp_uint64)a[11]) * b[11] + ((sp_uint64)a[12]) * b[10] + ((sp_uint64)a[13]) * b[ 9]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[10]) * b[13] + ((sp_uint64)a[11]) * b[12] + ((sp_uint64)a[12]) * b[11] + ((sp_uint64)a[13]) * b[10]; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[11]) * b[13] + ((sp_uint64)a[12]) * b[12] + ((sp_uint64)a[13]) * b[11]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[12]) * b[13] + ((sp_uint64)a[13]) * b[12]; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * b[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9010,57 +9010,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[12] + ((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] @@ -9068,7 +9068,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[13] + ((sp_uint64)a[ 1]) * a[12] + ((sp_uint64)a[ 2]) * a[11] @@ -9076,7 +9076,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 1]) * a[13] + ((sp_uint64)a[ 2]) * a[12] + ((sp_uint64)a[ 3]) * a[11] @@ -9084,62 +9084,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 2]) * a[13] + ((sp_uint64)a[ 3]) * a[12] + ((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 3]) * a[13] + ((sp_uint64)a[ 4]) * a[12] + ((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 4]) * a[13] + ((sp_uint64)a[ 5]) * a[12] + ((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 5]) * a[13] + ((sp_uint64)a[ 6]) * a[12] + ((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 6]) * a[13] + ((sp_uint64)a[ 7]) * a[12] + ((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 7]) * a[13] + ((sp_uint64)a[ 8]) * a[12] + ((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 8]) * a[13] + ((sp_uint64)a[ 9]) * a[12] + ((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 9]) * a[13] + ((sp_uint64)a[10]) * a[12]) * 2 + ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[10]) * a[13] + ((sp_uint64)a[11]) * a[12]) * 2; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[11]) * a[13]) * 2 + ((sp_uint64)a[12]) * a[12]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[12]) * a[13]) * 2; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * a[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9397,21 +9397,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[48]) + r[48]; @@ -9422,21 +9422,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[53]) + r[53]; t[6] = (tb * a[54]) + r[54]; t[7] = (tb * a[55]) + r[55]; - r[48] = t[0] & 0xfffffff; + r[48] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[49] = t[1] & 0xfffffff; + r[49] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[50] = t[2] & 0xfffffff; + r[50] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[51] = t[3] & 0xfffffff; + r[51] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[52] = t[4] & 0xfffffff; + r[52] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[53] = t[5] & 0xfffffff; + r[53] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[54] = t[6] & 0xfffffff; + r[54] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[55] = t[7] & 0xfffffff; + r[55] = (sp_digit)(t[7] & 0xfffffff); r[56] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -9452,29 +9452,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a) sp_int64 n = a[54] >> 24; n += ((sp_int64)a[55]) << 4; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 56]) << 4; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 57]) << 4; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 58]) << 4; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 59]) << 4; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 60]) << 4; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 61]) << 4; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 62]) << 4; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 63]) << 4; } - r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4; - r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4; - r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4; - r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4; - r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4; - r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4; + r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4; + r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4; + r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4; + r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4; + r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4; + r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4; r[54] = (sp_digit)n; XMEMSET(&r[55], 0, sizeof(*r) * 55U); } @@ -9494,11 +9494,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_56(a + 55); for (i=0; i<54; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -9611,22 +9611,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); } - r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff); - r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff); - r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff); - r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff); - r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff); - r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff); - r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff); + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff); + r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff); + r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff); r[55] = a[55] >> n; } @@ -10287,21 +10287,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[104]) + r[104]; @@ -10312,21 +10312,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[109]) + r[109]; t[6] = (tb * a[110]) + r[110]; t[7] = (tb * a[111]) + r[111]; - r[104] = t[0] & 0xfffffff; + r[104] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[105] = t[1] & 0xfffffff; + r[105] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[106] = t[2] & 0xfffffff; + r[106] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[107] = t[3] & 0xfffffff; + r[107] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[108] = t[4] & 0xfffffff; + r[108] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[109] = t[5] & 0xfffffff; + r[109] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[110] = t[6] & 0xfffffff; + r[110] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[111] = t[7] & 0xfffffff; + r[111] = (sp_digit)(t[7] & 0xfffffff); r[112] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -10342,28 +10342,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a) sp_int64 n = a[109] >> 20; n += ((sp_int64)a[110]) << 8; for (i = 0; i < 104; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 111]) << 8; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 112]) << 8; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 113]) << 8; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 114]) << 8; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 115]) << 8; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 116]) << 8; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 117]) << 8; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 118]) << 8; } - r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8; - r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8; - r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8; - r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8; - r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8; + r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8; + r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8; + r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8; + r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8; + r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8; r[109] = (sp_digit)n; XMEMSET(&r[110], 0, sizeof(*r) * 110U); } @@ -10385,33 +10385,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } else { for (i=0; i<109; i++) { - mu = a[i] & 0xfffffff; + mu = (sp_digit)(a[i] & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = a[i] & 0xfffffL; + mu = (sp_digit)(a[i] & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } #else for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -10525,22 +10525,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a, int i; for (i=0; i<104; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); } - r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff); - r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff); - r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff); - r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff); - r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff); - r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff); - r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff); + r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff); + r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff); + r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff); + r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff); + r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff); + r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff); + r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff); r[111] = a[111] >> n; } @@ -11895,228 +11895,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[111]; r[112] = s >> (28U - n); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff; - r[0] = (a[0] << n) & 0xfffffff; + r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); + r[0] = (sp_digit)((a[0] << n) & 0xfffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -12953,23 +12953,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); r[71] += (sp_digit)(t[2] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -12986,7 +12986,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -13009,11 +13009,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_71(a + 71); for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -13237,7 +13237,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a, int i; for (i=0; i<70; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[70] = a[70] >> n; } @@ -13886,20 +13886,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[140]) + r[140]; t[1] = (tb * a[141]) + r[141]; - r[140] = t[0] & 0x1fffffff; + r[140] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[141] = t[1] & 0x1fffffff; + r[141] = (sp_digit)(t[1] & 0x1fffffff); r[142] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -13916,7 +13916,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[142]) << 22; for (i = 0; i < 141; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[143 + i]) << 22; } @@ -13941,33 +13941,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<141; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7fL; + mu = (sp_digit)(a[i] & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -14073,7 +14073,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a, int i; for (i=0; i<141; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[141] = a[141] >> n; } @@ -15422,9 +15422,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a, r[142] = a[141] >> (29 - n); for (i=141; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -15921,29 +15921,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -15951,7 +15951,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -15960,7 +15960,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -15970,7 +15970,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] + ((sp_uint64)a[ 3]) * b[ 6] @@ -15979,7 +15979,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 3] + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 2]) * b[ 8] + ((sp_uint64)a[ 3]) * b[ 7] + ((sp_uint64)a[ 4]) * b[ 6] @@ -15987,35 +15987,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 4] + ((sp_uint64)a[ 7]) * b[ 3] + ((sp_uint64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 3]) * b[ 8] + ((sp_uint64)a[ 4]) * b[ 7] + ((sp_uint64)a[ 5]) * b[ 6] + ((sp_uint64)a[ 6]) * b[ 5] + ((sp_uint64)a[ 7]) * b[ 4] + ((sp_uint64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 4]) * b[ 8] + ((sp_uint64)a[ 5]) * b[ 7] + ((sp_uint64)a[ 6]) * b[ 6] + ((sp_uint64)a[ 7]) * b[ 5] + ((sp_uint64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 5]) * b[ 8] + ((sp_uint64)a[ 6]) * b[ 7] + ((sp_uint64)a[ 7]) * b[ 6] + ((sp_uint64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 6]) * b[ 8] + ((sp_uint64)a[ 7]) * b[ 7] + ((sp_uint64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 7]) * b[ 8] + ((sp_uint64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16529,66 +16529,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16936,25 +16936,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[80]) + r[80]; - r[80] = t[0] & 0x3ffffff; + r[80] = (sp_digit)(t[0] & 0x3ffffff); r[81] += (sp_digit)(t[0] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -16970,29 +16970,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a) sp_int64 n = a[78] >> 20; n += ((sp_int64)a[79]) << 6; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 80]) << 6; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 81]) << 6; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 82]) << 6; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 83]) << 6; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 84]) << 6; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 85]) << 6; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 86]) << 6; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 87]) << 6; } - r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6; - r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6; - r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6; - r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6; - r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6; - r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6; + r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6; + r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6; + r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6; + r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6; + r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6; + r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6; r[78] = (sp_digit)n; XMEMSET(&r[79], 0, sizeof(*r) * 79U); } @@ -17012,11 +17012,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_81(a + 79); for (i=0; i<78; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -17133,14 +17133,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a, int i; for (i=0; i<80; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); } r[80] = a[80] >> n; } @@ -17810,28 +17810,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[160]) + r[160]; t[1] = (tb * a[161]) + r[161]; - r[160] = t[0] & 0x3ffffff; + r[160] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[161] = t[1] & 0x3ffffff; + r[161] = (sp_digit)(t[1] & 0x3ffffff); r[162] += (sp_digit)(t[1] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -17847,28 +17847,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a) sp_int64 n = a[157] >> 14; n += ((sp_int64)a[158]) << 12; for (i = 0; i < 152; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 159]) << 12; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 160]) << 12; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 161]) << 12; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 162]) << 12; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 163]) << 12; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 164]) << 12; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 165]) << 12; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 166]) << 12; } - r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12; - r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12; - r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12; - r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12; - r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12; + r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12; + r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12; + r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12; + r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12; + r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12; r[157] = (sp_digit)n; XMEMSET(&r[158], 0, sizeof(*r) * 158U); } @@ -17890,33 +17890,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } else { for (i=0; i<157; i++) { - mu = a[i] & 0x3ffffff; + mu = (sp_digit)(a[i] & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = a[i] & 0x3fffL; + mu = (sp_digit)(a[i] & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } #else for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -18032,16 +18032,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a, int i; for (i=0; i<160; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); } - r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff); + r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff); r[161] = a[161] >> n; } @@ -19398,328 +19398,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[161]; r[162] = s >> (26U - n); s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]); - r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]); - r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]); - r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]); - r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]); - r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]); - r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]); - r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]); - r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]); - r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]); - r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]); - r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]); - r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]); - r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]); - r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]); - r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]); - r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]); - r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]); - r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]); - r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]); - r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]); - r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]); - r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]); - r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]); - r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]); - r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]); - r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]); - r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]); - r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]); - r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]); - r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]); - r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]); - r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]); - r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]); - r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]); - r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]); - r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]); - r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]); - r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]); - r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]); - r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]); - r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]); - r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]); - r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]); - r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]); - r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]); - r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]); - r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]); - r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]); - r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]); - r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; - r[0] = (a[0] << n) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -20084,29 +20084,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -20114,7 +20114,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -20123,7 +20123,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -20133,7 +20133,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] + ((sp_int64)a[ 3]) * b[ 6] @@ -20142,7 +20142,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 3] + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 2]) * b[ 8] + ((sp_int64)a[ 3]) * b[ 7] + ((sp_int64)a[ 4]) * b[ 6] @@ -20150,35 +20150,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 4] + ((sp_int64)a[ 7]) * b[ 3] + ((sp_int64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 3]) * b[ 8] + ((sp_int64)a[ 4]) * b[ 7] + ((sp_int64)a[ 5]) * b[ 6] + ((sp_int64)a[ 6]) * b[ 5] + ((sp_int64)a[ 7]) * b[ 4] + ((sp_int64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 4]) * b[ 8] + ((sp_int64)a[ 5]) * b[ 7] + ((sp_int64)a[ 6]) * b[ 6] + ((sp_int64)a[ 7]) * b[ 5] + ((sp_int64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 5]) * b[ 8] + ((sp_int64)a[ 6]) * b[ 7] + ((sp_int64)a[ 7]) * b[ 6] + ((sp_int64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 6]) * b[ 8] + ((sp_int64)a[ 7]) * b[ 7] + ((sp_int64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 7]) * b[ 8] + ((sp_int64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20240,66 +20240,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20679,17 +20679,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #else sp_int64 tb = b; @@ -20706,25 +20706,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -20767,7 +20767,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[9]) << 5; for (i = 0; i < 8; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10 + i]) << 5; } @@ -20775,14 +20775,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[8] >> 24; n += ((sp_int64)a[9]) << 5; - r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5; - r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5; - r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5; - r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5; - r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5; - r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5; - r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5; - r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5; + r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5; + r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5; + r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5; + r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5; + r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5; + r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5; + r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5; + r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5; r[8] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -20803,11 +20803,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -20832,32 +20832,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - am = a[i] & 0x1fffffff; - a[i + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[i] & 0x1fffffff); + a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[i + 4] += am >> 20; - a[i + 6] += (am << 18) & 0x1fffffff; - a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[i + 9] += am >> 5; a[i + 1] += a[i] >> 29; } - am = a[8] & 0xffffff; - a[8 + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[8] & 0xffffff); + a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[8 + 4] += am >> 20; - a[8 + 6] += (am << 18) & 0x1fffffff; - a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[8 + 9] += am >> 5; - a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff); - a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff); - a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff); - a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff); - a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff); - a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff); - a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff); - a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff); + a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff); + a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff); + a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff); + a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff); + a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff); + a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff); + a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff); + a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff); a[8] = (a[16] >> 24) + (a[17] << 5); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; @@ -20874,15 +20874,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x1fffffff & am; - a[1] -= 0x1fffffff & am; - a[2] -= 0x1fffffff & am; - a[3] -= 0x000001ff & am; + a[0] -= (sp_digit)(0x1fffffff & am); + a[1] -= (sp_digit)(0x1fffffff & am); + a[2] -= (sp_digit)(0x1fffffff & am); + a[3] -= (sp_digit)(0x000001ff & am); /* p256_mod[4] is zero */ /* p256_mod[5] is zero */ - a[6] -= 0x00040000 & am; - a[7] -= 0x1fe00000 & am; - a[8] -= 0x00ffffff & am; + a[6] -= (sp_digit)(0x00040000 & am); + a[7] -= (sp_digit)(0x1fe00000 & am); + a[8] -= (sp_digit)(0x00ffffff & am); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; a[2] += a[1] >> 29; a[1] &= 0x1fffffff; @@ -21187,17 +21187,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff); - r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff); - r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff); - r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff); - r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff); - r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff); - r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff); - r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff); #endif r[8] = a[8] >> 1; } @@ -25203,18 +25203,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -25274,7 +25274,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (29 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -25283,41 +25283,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (29U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -27168,29 +27168,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -27198,7 +27198,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -27207,7 +27207,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -27217,7 +27217,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 9] + ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] @@ -27228,7 +27228,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1] + ((sp_int64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[10] + ((sp_int64)a[ 1]) * b[ 9] + ((sp_int64)a[ 2]) * b[ 8] @@ -27240,7 +27240,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 8]) * b[ 2] + ((sp_int64)a[ 9]) * b[ 1] + ((sp_int64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[11] + ((sp_int64)a[ 1]) * b[10] + ((sp_int64)a[ 2]) * b[ 9] @@ -27253,7 +27253,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 9]) * b[ 2] + ((sp_int64)a[10]) * b[ 1] + ((sp_int64)a[11]) * b[ 0]; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[12] + ((sp_int64)a[ 1]) * b[11] + ((sp_int64)a[ 2]) * b[10] @@ -27267,7 +27267,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[10]) * b[ 2] + ((sp_int64)a[11]) * b[ 1] + ((sp_int64)a[12]) * b[ 0]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[13] + ((sp_int64)a[ 1]) * b[12] + ((sp_int64)a[ 2]) * b[11] @@ -27282,7 +27282,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[11]) * b[ 2] + ((sp_int64)a[12]) * b[ 1] + ((sp_int64)a[13]) * b[ 0]; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[14] + ((sp_int64)a[ 1]) * b[13] + ((sp_int64)a[ 2]) * b[12] @@ -27298,7 +27298,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 2] + ((sp_int64)a[13]) * b[ 1] + ((sp_int64)a[14]) * b[ 0]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 1]) * b[14] + ((sp_int64)a[ 2]) * b[13] + ((sp_int64)a[ 3]) * b[12] @@ -27313,7 +27313,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 3] + ((sp_int64)a[13]) * b[ 2] + ((sp_int64)a[14]) * b[ 1]; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 2]) * b[14] + ((sp_int64)a[ 3]) * b[13] + ((sp_int64)a[ 4]) * b[12] @@ -27327,7 +27327,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 4] + ((sp_int64)a[13]) * b[ 3] + ((sp_int64)a[14]) * b[ 2]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 3]) * b[14] + ((sp_int64)a[ 4]) * b[13] + ((sp_int64)a[ 5]) * b[12] @@ -27340,7 +27340,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 5] + ((sp_int64)a[13]) * b[ 4] + ((sp_int64)a[14]) * b[ 3]; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 4]) * b[14] + ((sp_int64)a[ 5]) * b[13] + ((sp_int64)a[ 6]) * b[12] @@ -27352,7 +27352,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 6] + ((sp_int64)a[13]) * b[ 5] + ((sp_int64)a[14]) * b[ 4]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 5]) * b[14] + ((sp_int64)a[ 6]) * b[13] + ((sp_int64)a[ 7]) * b[12] @@ -27363,7 +27363,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 7] + ((sp_int64)a[13]) * b[ 6] + ((sp_int64)a[14]) * b[ 5]; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 6]) * b[14] + ((sp_int64)a[ 7]) * b[13] + ((sp_int64)a[ 8]) * b[12] @@ -27373,7 +27373,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 8] + ((sp_int64)a[13]) * b[ 7] + ((sp_int64)a[14]) * b[ 6]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 7]) * b[14] + ((sp_int64)a[ 8]) * b[13] + ((sp_int64)a[ 9]) * b[12] @@ -27382,7 +27382,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 9] + ((sp_int64)a[13]) * b[ 8] + ((sp_int64)a[14]) * b[ 7]; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 8]) * b[14] + ((sp_int64)a[ 9]) * b[13] + ((sp_int64)a[10]) * b[12] @@ -27390,35 +27390,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[10] + ((sp_int64)a[13]) * b[ 9] + ((sp_int64)a[14]) * b[ 8]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 9]) * b[14] + ((sp_int64)a[10]) * b[13] + ((sp_int64)a[11]) * b[12] + ((sp_int64)a[12]) * b[11] + ((sp_int64)a[13]) * b[10] + ((sp_int64)a[14]) * b[ 9]; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[10]) * b[14] + ((sp_int64)a[11]) * b[13] + ((sp_int64)a[12]) * b[12] + ((sp_int64)a[13]) * b[11] + ((sp_int64)a[14]) * b[10]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[11]) * b[14] + ((sp_int64)a[12]) * b[13] + ((sp_int64)a[13]) * b[12] + ((sp_int64)a[14]) * b[11]; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[12]) * b[14] + ((sp_int64)a[13]) * b[13] + ((sp_int64)a[14]) * b[12]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[13]) * b[14] + ((sp_int64)a[14]) * b[13]; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * b[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -27480,57 +27480,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 9] + ((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[10] + ((sp_int64)a[ 1]) * a[ 9] + ((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[11] + ((sp_int64)a[ 1]) * a[10] + ((sp_int64)a[ 2]) * a[ 9] + ((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[12] + ((sp_int64)a[ 1]) * a[11] + ((sp_int64)a[ 2]) * a[10] @@ -27538,7 +27538,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[13] + ((sp_int64)a[ 1]) * a[12] + ((sp_int64)a[ 2]) * a[11] @@ -27546,7 +27546,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 9] + ((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[14] + ((sp_int64)a[ 1]) * a[13] + ((sp_int64)a[ 2]) * a[12] @@ -27555,7 +27555,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[ 9] + ((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 1]) * a[14] + ((sp_int64)a[ 2]) * a[13] + ((sp_int64)a[ 3]) * a[12] @@ -27563,7 +27563,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[10] + ((sp_int64)a[ 6]) * a[ 9] + ((sp_int64)a[ 7]) * a[ 8]) * 2; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 2]) * a[14] + ((sp_int64)a[ 3]) * a[13] + ((sp_int64)a[ 4]) * a[12] @@ -27571,62 +27571,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 6]) * a[10] + ((sp_int64)a[ 7]) * a[ 9]) * 2 + ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 3]) * a[14] + ((sp_int64)a[ 4]) * a[13] + ((sp_int64)a[ 5]) * a[12] + ((sp_int64)a[ 6]) * a[11] + ((sp_int64)a[ 7]) * a[10] + ((sp_int64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 4]) * a[14] + ((sp_int64)a[ 5]) * a[13] + ((sp_int64)a[ 6]) * a[12] + ((sp_int64)a[ 7]) * a[11] + ((sp_int64)a[ 8]) * a[10]) * 2 + ((sp_int64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 5]) * a[14] + ((sp_int64)a[ 6]) * a[13] + ((sp_int64)a[ 7]) * a[12] + ((sp_int64)a[ 8]) * a[11] + ((sp_int64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 6]) * a[14] + ((sp_int64)a[ 7]) * a[13] + ((sp_int64)a[ 8]) * a[12] + ((sp_int64)a[ 9]) * a[11]) * 2 + ((sp_int64)a[10]) * a[10]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 7]) * a[14] + ((sp_int64)a[ 8]) * a[13] + ((sp_int64)a[ 9]) * a[12] + ((sp_int64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 8]) * a[14] + ((sp_int64)a[ 9]) * a[13] + ((sp_int64)a[10]) * a[12]) * 2 + ((sp_int64)a[11]) * a[11]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 9]) * a[14] + ((sp_int64)a[10]) * a[13] + ((sp_int64)a[11]) * a[12]) * 2; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[10]) * a[14] + ((sp_int64)a[11]) * a[13]) * 2 + ((sp_int64)a[12]) * a[12]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[11]) * a[14] + ((sp_int64)a[12]) * a[13]) * 2; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[12]) * a[14]) * 2 + ((sp_int64)a[13]) * a[13]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[13]) * a[14]) * 2; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * a[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -28017,23 +28017,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[0] = t[3] >> 26; } t[0] += (tb * a[12]) + r[12]; t[1] = (tb * a[13]) + r[13]; t[2] = (tb * a[14]) + r[14]; - r[12] = t[0] & 0x3ffffff; + r[12] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[13] = t[1] & 0x3ffffff; + r[13] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[14] = t[2] & 0x3ffffff; + r[14] = (sp_digit)(t[2] & 0x3ffffff); r[15] += (sp_digit)(t[2] >> 26); #else sp_int64 tb = b; @@ -28116,7 +28116,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[15]) << 6; for (i = 0; i < 14; i++) { - r[i] = n & 0x3ffffff; + r[i] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16 + i]) << 6; } @@ -28124,20 +28124,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[14] >> 20; n += ((sp_int64)a[15]) << 6; - r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6; - r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6; - r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6; - r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6; - r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6; - r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6; - r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6; - r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6; - r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6; - r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6; - r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6; - r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6; - r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6; - r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6; + r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6; + r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6; + r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6; + r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6; + r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6; + r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6; + r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6; + r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6; + r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6; + r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6; + r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6; + r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6; + r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6; + r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6; r[14] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[15], 0, sizeof(*r) * 15U); @@ -28158,11 +28158,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_15(a + 15); for (i=0; i<14; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -28187,42 +28187,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 14; i++) { - am = (a[i] * 0x1) & 0x3ffffff; - a[i + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[i] * 0x1) & 0x3ffffff); + a[i + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[i + 2] += am >> 20; - a[i + 3] -= (am << 18) & 0x3ffffff; + a[i + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[i + 4] -= am >> 8; - a[i + 4] -= (am << 24) & 0x3ffffff; + a[i + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[i + 5] -= am >> 2; - a[i + 14] += (am << 20) & 0x3ffffff; + a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[i + 15] += am >> 6; a[i + 1] += a[i] >> 26; } - am = (a[14] * 0x1) & 0xfffff; - a[14 + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[14] * 0x1) & 0xfffff); + a[14 + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[14 + 2] += am >> 20; - a[14 + 3] -= (am << 18) & 0x3ffffff; + a[14 + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[14 + 4] -= am >> 8; - a[14 + 4] -= (am << 24) & 0x3ffffff; + a[14 + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[14 + 5] -= am >> 2; - a[14 + 14] += (am << 20) & 0x3ffffff; + a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[14 + 15] += am >> 6; - a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff); - a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff); - a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff); - a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff); - a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff); - a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff); - a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff); - a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff); - a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff); - a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff); - a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff); - a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff); - a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff); - a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff); + a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff); + a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff); + a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff); + a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff); + a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff); + a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff); + a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff); + a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff); + a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff); + a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff); + a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff); + a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff); + a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff); + a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff); a[14] = (a[14 + 14] >> 20) + (a[29] << 6); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; @@ -28245,21 +28245,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x03ffffff & am; - a[1] -= 0x0000003f & am; + a[0] -= (sp_digit)(0x03ffffff & am); + a[1] -= (sp_digit)(0x0000003f & am); /* p384_mod[2] is zero */ - a[3] -= 0x03fc0000 & am; - a[4] -= 0x02ffffff & am; - a[5] -= 0x03ffffff & am; - a[6] -= 0x03ffffff & am; - a[7] -= 0x03ffffff & am; - a[8] -= 0x03ffffff & am; - a[9] -= 0x03ffffff & am; - a[10] -= 0x03ffffff & am; - a[11] -= 0x03ffffff & am; - a[12] -= 0x03ffffff & am; - a[13] -= 0x03ffffff & am; - a[14] -= 0x000fffff & am; + a[3] -= (sp_digit)(0x03fc0000 & am); + a[4] -= (sp_digit)(0x02ffffff & am); + a[5] -= (sp_digit)(0x03ffffff & am); + a[6] -= (sp_digit)(0x03ffffff & am); + a[7] -= (sp_digit)(0x03ffffff & am); + a[8] -= (sp_digit)(0x03ffffff & am); + a[9] -= (sp_digit)(0x03ffffff & am); + a[10] -= (sp_digit)(0x03ffffff & am); + a[11] -= (sp_digit)(0x03ffffff & am); + a[12] -= (sp_digit)(0x03ffffff & am); + a[13] -= (sp_digit)(0x03ffffff & am); + a[14] -= (sp_digit)(0x000fffff & am); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; a[2] += a[1] >> 26; a[1] &= 0x3ffffff; @@ -28592,23 +28592,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a) int i; for (i=0; i<14; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff); #endif r[14] = a[14] >> 1; } @@ -33244,25 +33244,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<14; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); } - r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff); - r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff); - r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff); - r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff); - r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff); - r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff); + r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff); + r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff); + r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff); + r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff); + r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff); + r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ r[14] = a[14] >> n; } @@ -33333,7 +33333,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, r[30] = a[29] >> (26 - n); for (i=29; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff); } #else sp_int_digit s; @@ -33342,65 +33342,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[29]; r[30] = s >> (26U - n); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -35264,7 +35264,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a, } } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35333,7 +35333,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a) t[i+i] += ((sp_int64)a[i]) * a[i]; } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35681,10 +35681,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 20; i++) { - a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff; + a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff); } a[20] &= 0x1fffff; - a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff; + a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff); sp_521_norm_21(a); @@ -35789,17 +35789,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[20]) + r[20]; - r[20] = t[0] & 0x1ffffff; + r[20] = (sp_digit)(t[0] & 0x1ffffff); r[21] += (sp_digit)(t[0] >> 25); #else sp_int64 tb = b; @@ -35852,8 +35852,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 20; i++) { - n += (s & 0x1ffffff) << 4; - r[i] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[22 + i] + (s >> 25); } @@ -35866,30 +35866,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 16; i += 8) { - n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+22] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+23] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+24] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+25] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+26] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+27] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+28] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+29] + (s >> 25); } - n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[38] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[39] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[40] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[41] + (s >> 25); n += s << 4; r[20] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -35911,11 +35911,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_21(a + 21); for (i=0; i<20; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -36239,29 +36239,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a) int i; for (i=0; i<20; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); #endif r[20] = a[20] >> 1; } @@ -41332,23 +41332,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<20; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); } - r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff); - r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff); - r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff); - r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff); + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff); + r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff); + r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff); + r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[20] = a[20] >> n; } @@ -41419,7 +41419,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, r[42] = a[41] >> (25 - n); for (i=41; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff); } #else sp_int_digit s; @@ -41428,89 +41428,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[41]; r[42] = s >> (25U - n); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -43281,20 +43281,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 5]; sp_int64 t12 = ((sp_int64)a[ 6]) * b[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Square a and put result in r. (r = a * a) @@ -43333,20 +43333,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a) sp_int64 t11 = (((sp_int64)a[ 5]) * a[ 6]) * 2; sp_int64 t12 = ((sp_int64)a[ 6]) * a[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Add b to a into r. (r = a + b) @@ -44051,20 +44051,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<41; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<40; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); } - r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff); + r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[41] = a[41] >> n; } @@ -44623,20 +44623,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[40]) + r[40]; t[1] = (tb * a[41]) + r[41]; - r[40] = t[0] & 0x1ffffff; + r[40] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[41] = t[1] & 0x1ffffff; + r[41] = (sp_digit)(t[1] & 0x1ffffff); r[42] += (sp_digit)(t[1] >> 25); #else sp_int64 tb = b; @@ -44710,7 +44710,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = a[40] >> 24; for (i = 0; i < 40; i++) { n += (sp_uint32)a[41 + i] << 1; - r[i] = n & 0x1ffffff; + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; } n += (sp_uint32)a[81] << 1; @@ -44722,14 +44722,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = (sp_uint32)a[40]; n = n >> 24U; for (i = 0; i < 40; i += 8) { - n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U; + n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U; } n += (sp_uint32)a[81] << 1U; r[40] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -44752,22 +44752,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<40; i++) { - mu = (a[i] * mp) & 0x1ffffff; + mu = (sp_digit)((a[i] * mp) & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = (a[i] * mp) & 0xffffffL; + mu = (sp_digit)((a[i] * mp) & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; } else { for (i=0; i<40; i++) { - mu = a[i] & 0x1ffffff; + mu = (sp_digit)(a[i] & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = a[i] & 0xffffffL; + mu = (sp_digit)(a[i] & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -44993,50 +44993,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a) int i; for (i=0; i<41; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); - r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff); - r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff); - r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff); - r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff); - r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff); - r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff); - r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff); - r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff); - r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff); - r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff); - r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff); - r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff); - r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff); - r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff); - r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff); - r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff); - r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff); - r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff); - r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff); - r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff); - r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); + r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff); + r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff); + r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff); + r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff); + r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff); + r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff); + r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff); + r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff); + r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff); + r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff); + r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff); + r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff); + r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff); + r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff); + r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff); + r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff); + r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff); + r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff); + r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff); + r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff); + r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff); #endif r[41] = a[41] >> 1; } diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 136cae4c7..ab0ceda98 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -563,17 +563,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[16]) + r[16]; - r[16] = t[0] & 0x1fffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL); r[17] += (sp_digit)(t[0] >> 61); } @@ -589,7 +589,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[17]) << 13; for (i = 0; i < 16; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[18 + i]) << 13; } @@ -612,11 +612,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_17(a + 17); for (i=0; i<16; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -840,7 +840,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[16] = a[16] >> n; } @@ -1475,20 +1475,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; - r[32] = t[0] & 0x1fffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[33] = t[1] & 0x1fffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL); r[34] += (sp_digit)(t[1] >> 61); } @@ -1504,7 +1504,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[34]) << 26; for (i = 0; i < 33; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[35 + i]) << 26; } @@ -1529,33 +1529,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } else { for (i=0; i<33; i++) { - mu = a[i] & 0x1fffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = a[i] & 0x7ffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } #else for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -1661,7 +1661,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a, int i; for (i=0; i<33; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[33] = a[33] >> n; } @@ -3010,9 +3010,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a, r[34] = a[33] >> (61 - n); for (i=33; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL); } - r[0] = (a[0] << n) & 0x1fffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -3604,29 +3604,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -3634,7 +3634,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -3643,7 +3643,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -3653,7 +3653,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -3662,7 +3662,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -3670,35 +3670,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -3898,66 +3898,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -4202,16 +4202,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; XMEMSET(&r[18], 0, sizeof(*r) * 18U); } @@ -4231,11 +4231,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_18(a + 18); for (i=0; i<17; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -4356,16 +4356,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); r[17] = a[17] >> n; } @@ -5048,28 +5048,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) s = a[36]; n = a[35] >> 53; for (i = 0; i < 32; i += 8) { - n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+37] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+38] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+39] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+40] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+41] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+42] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+43] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+44] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[69] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[70] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[71] + (s >> 57); n += s << 4; r[35] = n; XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -5092,33 +5092,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<35; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -5236,18 +5236,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); } - r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL); + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL); r[35] = a[35] >> n; } @@ -6601,76 +6601,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[35]; r[36] = s >> (57U - n); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -7454,20 +7454,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[24]) + r[24]; t[1] = (tb * a[25]) + r[25]; - r[24] = t[0] & 0xfffffffffffffffL; + r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[25] = t[1] & 0xfffffffffffffffL; + r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL); r[26] += (sp_digit)(t[1] >> 60); } @@ -7483,7 +7483,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[26]) << 24; for (i = 0; i < 25; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[27 + i]) << 24; } @@ -7506,11 +7506,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_26(a + 26); for (i=0; i<25; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -7695,7 +7695,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a, int i; for (i=0; i<25; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[25] = a[25] >> n; } @@ -8330,26 +8330,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[48]) + r[48]; t[1] = (tb * a[49]) + r[49]; t[2] = (tb * a[50]) + r[50]; t[3] = (tb * a[51]) + r[51]; - r[48] = t[0] & 0xfffffffffffffffL; + r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[49] = t[1] & 0xfffffffffffffffL; + r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[50] = t[2] & 0xfffffffffffffffL; + r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[51] = t[3] & 0xfffffffffffffffL; + r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL); r[52] += (sp_digit)(t[3] >> 60); } @@ -8365,7 +8365,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[52]) << 48; for (i = 0; i < 51; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[53 + i]) << 48; } @@ -8390,33 +8390,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } else { for (i=0; i<51; i++) { - mu = a[i] & 0xfffffffffffffffL; + mu = (sp_digit)(a[i] & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = a[i] & 0xfffL; + mu = (sp_digit)(a[i] & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } #else for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -8522,7 +8522,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a, int i; for (i=0; i<51; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[51] = a[51] >> n; } @@ -9871,9 +9871,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a, r[52] = a[51] >> (60 - n); for (i=51; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL); } - r[0] = (a[0] << n) & 0xfffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -10468,29 +10468,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -10498,7 +10498,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -10507,7 +10507,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -10517,7 +10517,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -10526,7 +10526,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -10534,35 +10534,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -10820,66 +10820,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -11185,26 +11185,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a) s = a[27]; n = a[26] >> 54; for (i = 0; i < 24; i += 8) { - n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+28] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+29] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+30] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+31] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+32] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+33] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+34] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+35] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[52] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[53] + (s >> 57); n += s << 3; r[26] = n; XMEMSET(&r[27], 0, sizeof(*r) * 27U); @@ -11225,11 +11225,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_27(a + 27); for (i=0; i<26; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -11354,17 +11354,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a, int i; for (i=0; i<24; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); } - r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL); - r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL); + r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL); + r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL); r[26] = a[26] >> n; } @@ -12055,28 +12055,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a) sp_int128 n = a[53] >> 51; n += ((sp_int128)a[54]) << 6; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0x1ffffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 55]) << 6; - r[i + 1] = n & 0x1ffffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 56]) << 6; - r[i + 2] = n & 0x1ffffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 57]) << 6; - r[i + 3] = n & 0x1ffffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 58]) << 6; - r[i + 4] = n & 0x1ffffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 59]) << 6; - r[i + 5] = n & 0x1ffffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 60]) << 6; - r[i + 6] = n & 0x1ffffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 61]) << 6; - r[i + 7] = n & 0x1ffffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 62]) << 6; } - r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6; - r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6; - r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6; - r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6; - r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6; + r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6; + r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6; + r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6; + r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6; + r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6; r[53] = (sp_digit)n; XMEMSET(&r[54], 0, sizeof(*r) * 54U); } @@ -12098,33 +12098,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<53; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7ffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -12244,20 +12244,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); } - r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL); - r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL); - r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL); - r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL); - r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL); + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL); r[53] = a[53] >> n; } @@ -13611,112 +13611,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[53]; r[54] = s >> (57U - n); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -14503,23 +14503,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; - r[32] = t[0] & 0x7ffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[33] = t[1] & 0x7ffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[34] = t[2] & 0x7ffffffffffffffL; + r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL); r[35] += (sp_digit)(t[2] >> 59); } @@ -14535,7 +14535,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[35]) << 17; for (i = 0; i < 34; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[36 + i]) << 17; } @@ -14558,11 +14558,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_35(a + 35); for (i=0; i<34; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -14747,7 +14747,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a, int i; for (i=0; i<34; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[34] = a[34] >> n; } @@ -15383,20 +15383,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; - r[68] = t[0] & 0x7ffffffffffffffL; + r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[69] = t[1] & 0x7ffffffffffffffL; + r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL); r[70] += (sp_digit)(t[1] >> 59); } @@ -15412,7 +15412,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[70]) << 34; for (i = 0; i < 69; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[71 + i]) << 34; } @@ -15437,33 +15437,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } else { for (i=0; i<69; i++) { - mu = a[i] & 0x7ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = a[i] & 0x1ffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } #else for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -15569,7 +15569,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a, int i; for (i=0; i<69; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[69] = a[69] >> n; } @@ -16918,9 +16918,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a, r[70] = a[69] >> (59 - n); for (i=69; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL); } - r[0] = (a[0] << n) & 0x7ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -17379,29 +17379,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -17409,7 +17409,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -17418,7 +17418,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -17428,7 +17428,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 9] + ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] @@ -17439,7 +17439,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1] + ((sp_uint128)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[10] + ((sp_uint128)a[ 1]) * b[ 9] + ((sp_uint128)a[ 2]) * b[ 8] @@ -17451,7 +17451,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 8]) * b[ 2] + ((sp_uint128)a[ 9]) * b[ 1] + ((sp_uint128)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[11] + ((sp_uint128)a[ 1]) * b[10] + ((sp_uint128)a[ 2]) * b[ 9] @@ -17464,7 +17464,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 9]) * b[ 2] + ((sp_uint128)a[10]) * b[ 1] + ((sp_uint128)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[12] + ((sp_uint128)a[ 1]) * b[11] + ((sp_uint128)a[ 2]) * b[10] @@ -17478,7 +17478,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 2] + ((sp_uint128)a[11]) * b[ 1] + ((sp_uint128)a[12]) * b[ 0]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 1]) * b[12] + ((sp_uint128)a[ 2]) * b[11] + ((sp_uint128)a[ 3]) * b[10] @@ -17491,7 +17491,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 3] + ((sp_uint128)a[11]) * b[ 2] + ((sp_uint128)a[12]) * b[ 1]; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 2]) * b[12] + ((sp_uint128)a[ 3]) * b[11] + ((sp_uint128)a[ 4]) * b[10] @@ -17503,7 +17503,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 4] + ((sp_uint128)a[11]) * b[ 3] + ((sp_uint128)a[12]) * b[ 2]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 3]) * b[12] + ((sp_uint128)a[ 4]) * b[11] + ((sp_uint128)a[ 5]) * b[10] @@ -17514,7 +17514,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 5] + ((sp_uint128)a[11]) * b[ 4] + ((sp_uint128)a[12]) * b[ 3]; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 4]) * b[12] + ((sp_uint128)a[ 5]) * b[11] + ((sp_uint128)a[ 6]) * b[10] @@ -17524,7 +17524,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 6] + ((sp_uint128)a[11]) * b[ 5] + ((sp_uint128)a[12]) * b[ 4]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 5]) * b[12] + ((sp_uint128)a[ 6]) * b[11] + ((sp_uint128)a[ 7]) * b[10] @@ -17533,7 +17533,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 7] + ((sp_uint128)a[11]) * b[ 6] + ((sp_uint128)a[12]) * b[ 5]; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 6]) * b[12] + ((sp_uint128)a[ 7]) * b[11] + ((sp_uint128)a[ 8]) * b[10] @@ -17541,35 +17541,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 8] + ((sp_uint128)a[11]) * b[ 7] + ((sp_uint128)a[12]) * b[ 6]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 7]) * b[12] + ((sp_uint128)a[ 8]) * b[11] + ((sp_uint128)a[ 9]) * b[10] + ((sp_uint128)a[10]) * b[ 9] + ((sp_uint128)a[11]) * b[ 8] + ((sp_uint128)a[12]) * b[ 7]; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 8]) * b[12] + ((sp_uint128)a[ 9]) * b[11] + ((sp_uint128)a[10]) * b[10] + ((sp_uint128)a[11]) * b[ 9] + ((sp_uint128)a[12]) * b[ 8]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 9]) * b[12] + ((sp_uint128)a[10]) * b[11] + ((sp_uint128)a[11]) * b[10] + ((sp_uint128)a[12]) * b[ 9]; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[10]) * b[12] + ((sp_uint128)a[11]) * b[11] + ((sp_uint128)a[12]) * b[10]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[11]) * b[12] + ((sp_uint128)a[12]) * b[11]; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * b[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -17835,57 +17835,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 9] + ((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[10] + ((sp_uint128)a[ 1]) * a[ 9] + ((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[11] + ((sp_uint128)a[ 1]) * a[10] + ((sp_uint128)a[ 2]) * a[ 9] + ((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[12] + ((sp_uint128)a[ 1]) * a[11] + ((sp_uint128)a[ 2]) * a[10] @@ -17893,62 +17893,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) + ((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 1]) * a[12] + ((sp_uint128)a[ 2]) * a[11] + ((sp_uint128)a[ 3]) * a[10] + ((sp_uint128)a[ 4]) * a[ 9] + ((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 2]) * a[12] + ((sp_uint128)a[ 3]) * a[11] + ((sp_uint128)a[ 4]) * a[10] + ((sp_uint128)a[ 5]) * a[ 9] + ((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 3]) * a[12] + ((sp_uint128)a[ 4]) * a[11] + ((sp_uint128)a[ 5]) * a[10] + ((sp_uint128)a[ 6]) * a[ 9] + ((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 4]) * a[12] + ((sp_uint128)a[ 5]) * a[11] + ((sp_uint128)a[ 6]) * a[10] + ((sp_uint128)a[ 7]) * a[ 9]) * 2 + ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 5]) * a[12] + ((sp_uint128)a[ 6]) * a[11] + ((sp_uint128)a[ 7]) * a[10] + ((sp_uint128)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 6]) * a[12] + ((sp_uint128)a[ 7]) * a[11] + ((sp_uint128)a[ 8]) * a[10]) * 2 + ((sp_uint128)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 7]) * a[12] + ((sp_uint128)a[ 8]) * a[11] + ((sp_uint128)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 8]) * a[12] + ((sp_uint128)a[ 9]) * a[11]) * 2 + ((sp_uint128)a[10]) * a[10]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 9]) * a[12] + ((sp_uint128)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[10]) * a[12]) * 2 + ((sp_uint128)a[11]) * a[11]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[11]) * a[12]) * 2; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * a[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -18277,29 +18277,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a) sp_int128 n = a[38] >> 34; n += ((sp_int128)a[39]) << 19; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 40]) << 19; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 41]) << 19; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 42]) << 19; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 43]) << 19; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 44]) << 19; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 45]) << 19; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 46]) << 19; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 47]) << 19; } - r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19; - r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19; - r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19; - r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19; - r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19; - r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19; + r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19; + r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19; + r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19; + r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19; + r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19; + r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19; r[38] = (sp_digit)n; XMEMSET(&r[39], 0, sizeof(*r) * 39U); } @@ -18319,11 +18319,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_39(a + 39); for (i=0; i<38; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -18452,21 +18452,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); } - r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL); - r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL); - r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL); - r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL); + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL); + r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL); + r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL); + r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL); r[38] = a[38] >> n; } @@ -19158,28 +19158,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a) sp_int128 n = a[77] >> 15; n += ((sp_int128)a[78]) << 38; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 79]) << 38; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 80]) << 38; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 81]) << 38; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 82]) << 38; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 83]) << 38; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 84]) << 38; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 85]) << 38; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 86]) << 38; } - r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38; - r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38; - r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38; - r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38; - r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38; + r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38; + r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38; + r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38; + r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38; + r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38; r[77] = (sp_digit)n; XMEMSET(&r[78], 0, sizeof(*r) * 78U); } @@ -19201,33 +19201,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } else { for (i=0; i<77; i++) { - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = a[i] & 0x7fffL; + mu = (sp_digit)(a[i] & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } #else for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -19347,20 +19347,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a, int i; for (i=0; i<72; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); } - r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL); - r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL); - r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL); - r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL); - r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL); + r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL); + r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL); + r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL); + r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL); + r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL); r[77] = a[77] >> n; } @@ -20714,160 +20714,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[77]; r[78] = s >> (53U - n); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; - r[0] = (a[0] << n) & 0x1fffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -21249,16 +21249,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 3]; sp_int128 t8 = ((sp_int128)a[ 4]) * b[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21328,16 +21328,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a) sp_int128 t7 = (((sp_int128)a[ 3]) * a[ 4]) * 2; sp_int128 t8 = ((sp_int128)a[ 4]) * a[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21686,17 +21686,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL); t[1] += t[0] >> 52; - r[i+1] = t[1] & 0xfffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL); t[2] += t[1] >> 52; - r[i+2] = t[2] & 0xfffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL); t[3] += t[2] >> 52; - r[i+3] = t[3] & 0xfffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL); t[0] = t[3] >> 52; } t[0] += (tb * a[4]) + r[4]; - r[4] = t[0] & 0xfffffffffffffL; + r[4] = (sp_digit)(t[0] & 0xfffffffffffffL); r[5] += (sp_digit)(t[0] >> 52); #else sp_int128 tb = b; @@ -21750,7 +21750,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) n = a[4] >> 48; for (i = 0; i < 4; i++) { n += (sp_uint64)a[5 + i] << 4; - r[i] = n & 0xfffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffL); n >>= 52; } n += (sp_uint64)a[9] << 4; @@ -21759,10 +21759,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[4] >> 48; - n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U; + n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; n += (sp_uint64)a[ 9] << 4U; r[ 4] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[5], 0, sizeof(*r) * 5U); @@ -21783,11 +21783,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_5(a + 5); for (i=0; i<4; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; a[i] &= 0xfffffffffffffL; @@ -21813,32 +21813,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 4; i++) { - am = a[i] & 0xfffffffffffffL; + am = (sp_digit)(a[i] & 0xfffffffffffffL); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[i + 1] += (am << 44) & 0xfffffffffffffL; + a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[i + 2] += am >> 8; - a[i + 3] += (am << 36) & 0xfffffffffffffL; - a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[i + 5] += t >> 52; a[i + 1] += a[i] >> 52; } - am = a[4] & 0xffffffffffff; + am = (sp_digit)(a[4] & 0xffffffffffff); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[4 + 1] += (am << 44) & 0xfffffffffffffL; + a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[4 + 2] += am >> 8; - a[4 + 3] += (am << 36) & 0xfffffffffffffL; - a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[4 + 5] += t >> 52; - a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL); - a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL); - a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL); - a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL); + a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL); + a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL); + a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL); + a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL); a[4] = (a[8] >> 48) + (a[9] << 4); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; @@ -21851,11 +21851,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x000fffffffffffffL & am; - a[1] -= 0x00000fffffffffffL & am; + a[0] -= (sp_digit)(0x000fffffffffffffL & am); + a[1] -= (sp_digit)(0x00000fffffffffffL & am); /* p256_mod[2] is zero */ - a[3] -= 0x0000001000000000L & am; - a[4] -= 0x0000ffffffff0000L & am; + a[3] -= (sp_digit)(0x0000001000000000L & am); + a[4] -= (sp_digit)(0x0000ffffffff0000L & am); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL; @@ -22152,13 +22152,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a) int i; for (i=0; i<4; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL); #endif r[4] = a[4] >> 1; } @@ -26099,23 +26099,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<4; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL); } - r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL); + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[4] = a[4] >> n; } @@ -26166,7 +26166,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, r[10] = a[9] >> (52 - n); for (i=9; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL); } #else sp_int_digit s; @@ -26175,25 +26175,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[9]; r[10] = s >> (52U - n); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0xfffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -28082,20 +28082,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 5]; sp_int128 t12 = ((sp_int128)a[ 6]) * b[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28178,20 +28178,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a) sp_int128 t11 = (((sp_int128)a[ 5]) * a[ 6]) * 2; sp_int128 t12 = ((sp_int128)a[ 6]) * a[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28548,23 +28548,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7fffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[i+1] = t[1] & 0x7fffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[i+2] = t[2] & 0x7fffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL); t[3] += t[2] >> 55; - r[i+3] = t[3] & 0x7fffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL); t[0] = t[3] >> 55; } t[0] += (tb * a[4]) + r[4]; t[1] = (tb * a[5]) + r[5]; t[2] = (tb * a[6]) + r[6]; - r[4] = t[0] & 0x7fffffffffffffL; + r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[5] = t[1] & 0x7fffffffffffffL; + r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[6] = t[2] & 0x7fffffffffffffL; + r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL); r[7] += (sp_digit)(t[2] >> 55); #else sp_int128 tb = b; @@ -28624,7 +28624,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) n = a[6] >> 54; for (i = 0; i < 6; i++) { n += (sp_uint64)a[7 + i] << 1; - r[i] = n & 0x7fffffffffffffL; + r[i] = (sp_digit)(n & 0x7fffffffffffffL); n >>= 55; } n += (sp_uint64)a[13] << 1; @@ -28633,12 +28633,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[6] >> 54; - n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U; + n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; n += (sp_uint64)a[13] << 1U; r[ 6] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[7], 0, sizeof(*r) * 7U); @@ -28659,11 +28659,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_7(a + 7); for (i=0; i<6; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; a[i] &= 0x7fffffffffffffL; @@ -28688,30 +28688,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 6; i++) { - am = (a[i] * 0x100000001) & 0x7fffffffffffffL; - a[i + 0] += (am << 32) & 0x7fffffffffffffL; - a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL); + a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL); a[i + 3] += -(am >> 37); - a[i + 6] += (am << 54) & 0x7fffffffffffffL; + a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL); a[i + 7] += am >> 1; a[i + 1] += a[i] >> 55; } - am = (a[6] * 0x100000001) & 0x3fffffffffffff; - a[6 + 0] += (am << 32) & 0x7fffffffffffffL; - a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff); + a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL); a[6 + 3] += -(am >> 37); - a[6 + 6] += (am << 54) & 0x7fffffffffffffL; + a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL); a[6 + 7] += am >> 1; - a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL); - a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL); - a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL); - a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL); - a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL); - a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL); + a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL); + a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL); + a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL); + a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL); + a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL); + a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL); a[6] = (a[12] >> 54) + (a[13] << 1); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; @@ -28726,13 +28726,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x00000000ffffffffL & am; - a[1] -= 0x007ffe0000000000L & am; - a[2] -= 0x007ffffffffbffffL & am; - a[3] -= 0x007fffffffffffffL & am; - a[4] -= 0x007fffffffffffffL & am; - a[5] -= 0x007fffffffffffffL & am; - a[6] -= 0x003fffffffffffffL & am; + a[0] -= (sp_digit)(0x00000000ffffffffL & am); + a[1] -= (sp_digit)(0x007ffe0000000000L & am); + a[2] -= (sp_digit)(0x007ffffffffbffffL & am); + a[3] -= (sp_digit)(0x007fffffffffffffL & am); + a[4] -= (sp_digit)(0x007fffffffffffffL & am); + a[5] -= (sp_digit)(0x007fffffffffffffL & am); + a[6] -= (sp_digit)(0x003fffffffffffffL & am); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL; @@ -29049,15 +29049,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a) int i; for (i=0; i<6; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL); #endif r[6] = a[6] >> 1; } @@ -33565,25 +33565,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<6; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL); } - r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL); - r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL); - r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL); + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL); + r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL); + r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[6] = a[6] >> n; } @@ -33638,7 +33638,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, r[14] = a[13] >> (55 - n); for (i=13; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL); } #else sp_int_digit s; @@ -33647,33 +33647,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[13]; r[14] = s >> (55U - n); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x7fffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -35521,29 +35521,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -35551,7 +35551,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -35560,7 +35560,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -35570,7 +35570,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -35579,7 +35579,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -35587,35 +35587,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -35677,66 +35677,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -36060,10 +36060,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL; + a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL); } a[8] &= 0x1ffffffffffffff; - a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL; + a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL); sp_521_norm_9(a); @@ -36152,17 +36152,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL); t[1] += t[0] >> 58; - r[i+1] = t[1] & 0x3ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL); t[2] += t[1] >> 58; - r[i+2] = t[2] & 0x3ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL); t[3] += t[2] >> 58; - r[i+3] = t[3] & 0x3ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL); t[0] = t[3] >> 58; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x3ffffffffffffffL; + r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL); r[9] += (sp_digit)(t[0] >> 58); #else sp_int128 tb = b; @@ -36204,7 +36204,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) n = a[8] >> 57; for (i = 0; i < 8; i++) { n += (sp_uint64)a[9 + i] << 1; - r[i] = n & 0x3ffffffffffffffL; + r[i] = (sp_digit)(n & 0x3ffffffffffffffL); n >>= 58; } n += (sp_uint64)a[17] << 1; @@ -36213,14 +36213,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[8] >> 57; - n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U; + n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; n += (sp_uint64)a[17] << 1U; r[ 8] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -36241,11 +36241,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; a[i] &= 0x3ffffffffffffffL; @@ -36561,17 +36561,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL); #endif r[8] = a[8] >> 1; } @@ -40981,18 +40981,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -41054,7 +41054,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (58 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL); } #else sp_int_digit s; @@ -41063,41 +41063,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (58U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -42818,29 +42818,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -42848,7 +42848,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -42857,7 +42857,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -42867,7 +42867,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -42876,7 +42876,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -42884,35 +42884,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -42930,66 +42930,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -43505,20 +43505,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<17; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[17] = a[17] >> n; } @@ -44077,20 +44077,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[i+1] = t[1] & 0x1ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL); t[2] += t[1] >> 57; - r[i+2] = t[2] & 0x1ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL); t[3] += t[2] >> 57; - r[i+3] = t[3] & 0x1ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL); t[0] = t[3] >> 57; } t[0] += (tb * a[16]) + r[16]; t[1] = (tb * a[17]) + r[17]; - r[16] = t[0] & 0x1ffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[17] = t[1] & 0x1ffffffffffffffL; + r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL); r[18] += (sp_digit)(t[1] >> 57); #else sp_int128 tb = b; @@ -44136,7 +44136,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = a[17] >> 55; for (i = 0; i < 17; i++) { n += (sp_uint64)a[18 + i] << 2; - r[i] = n & 0x1ffffffffffffffL; + r[i] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; } n += (sp_uint64)a[35] << 2; @@ -44148,16 +44148,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[18], 0, sizeof(*r) * 18U); @@ -44179,22 +44179,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<17; i++) { - mu = (a[i] * mp) & 0x1ffffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = (a[i] * mp) & 0x7fffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<17; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7fffffffffffffL; + mu = (sp_digit)(a[i] & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -44419,26 +44419,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a) int i; for (i=0; i<17; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL); - r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL); - r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL); - r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL); - r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL); - r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL); - r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL); - r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL); - r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL); - r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL); #endif r[17] = a[17] >> 1; } From e4a661ff6e48091f32733a11027c1bb1d28729b4 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 26 Jul 2024 14:14:30 +1000 Subject: [PATCH 148/325] SSL asynchronous read/write and encrypt Add support for being able to read and write in different threads with same SSL object. Add support for encrypt in threads. --- src/dtls13.c | 120 ++++++++--- src/internal.c | 525 ++++++++++++++++++++++++++++++++++----------- src/keys.c | 2 +- src/ssl.c | 81 ++++++- src/tls13.c | 7 +- src/wolfio.c | 35 ++- wolfssl/internal.h | 69 ++++-- wolfssl/ssl.h | 15 ++ 8 files changed, 680 insertions(+), 174 deletions(-) diff --git a/src/dtls13.c b/src/dtls13.c index d6e1d3d23..f091ed62f 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -341,9 +341,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs) if (ssl->options.dtlsStateful) ssl->keys.dtls_expected_peer_handshake_number++; - /* we need to send ACKs on the last message of a flight that needs explicit - acknowledgment */ - ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + /* we need to send ACKs on the last message of a flight that needs + * explicit acknowledgment */ + ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } } int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) @@ -654,8 +662,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext, Dtls13RtxRecord* r) { /* if r was at the tail of the list, update the tail pointer */ - if (r->next == NULL) - ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + if (r->next == NULL) { + #ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) + #endif + { + ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } + } /* unlink */ *prevNext = r->next; @@ -712,12 +729,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) WOLFSSL_ENTER("Dtls13RtxAddAck"); - rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); - if (rn == NULL) - return MEMORY_E; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); + if (rn == NULL) + return MEMORY_E; - rn->next = ssl->dtls13Rtx.seenRecords; - ssl->dtls13Rtx.seenRecords = rn; + rn->next = ssl->dtls13Rtx.seenRecords; + ssl->dtls13Rtx.seenRecords = rn; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } return 0; } @@ -730,15 +755,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl) WOLFSSL_ENTER("Dtls13RtxFlushAcks"); - list = ssl->dtls13Rtx.seenRecords; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + list = ssl->dtls13Rtx.seenRecords; - while (list != NULL) { - rn = list; - list = rn->next; - XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + while (list != NULL) { + rn = list; + list = rn->next; + XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + } + + ssl->dtls13Rtx.seenRecords = NULL; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif } - - ssl->dtls13Rtx.seenRecords = NULL; } static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset) @@ -2519,13 +2552,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, int Dtls13DoScheduledWork(WOLFSSL* ssl) { int ret; + int sendAcks; WOLFSSL_ENTER("Dtls13DoScheduledWork"); ssl->dtls13SendingAckOrRtx = 1; - if (ssl->dtls13Rtx.sendAcks) { +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) + return ret; +#endif + sendAcks = ssl->dtls13Rtx.sendAcks; + if (sendAcks) { ssl->dtls13Rtx.sendAcks = 0; + } +#ifdef WOLFSSL_RW_THREADED + ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (sendAcks) { ret = SendDtls13Ack(ssl); if (ret != 0) return ret; @@ -2601,13 +2646,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl) return 0; } +int DoDtls13KeyUpdateAck(WOLFSSL* ssl) +{ + int ret = 0; + + if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { + /* we removed the KeyUpdate message because it was ACKed */ + ssl->dtls13WaitKeyUpdateAck = 0; + ret = Dtls13KeyUpdateAckReceived(ssl); + } + + return ret; +} + int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize) { const byte* ackMessage; w64wrapper epoch, seq; word16 length; +#ifndef WOLFSSL_RW_THREADED int ret; +#endif int i; if (inputSize < OPAQUE16_LEN) @@ -2639,15 +2699,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, ssl->options.serverState = SERVER_FINISHED_ACKED; } +#ifndef WOLFSSL_RW_THREADED if (ssl->dtls13WaitKeyUpdateAck) { - if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { - /* we removed the KeyUpdate message because it was ACKed */ - ssl->dtls13WaitKeyUpdateAck = 0; - ret = Dtls13KeyUpdateAckReceived(ssl); - if (ret != 0) - return ret; - } + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; } +#endif *processedSize = length + OPAQUE16_LEN; @@ -2698,9 +2756,17 @@ int SendDtls13Ack(WOLFSSL* ssl) if (ret != 0) return ret; - ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); - if (ret != 0) +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) return ret; +#endif + ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (ret != 0) + return ret; output = GetOutputBuffer(ssl); diff --git a/src/internal.c b/src/internal.c index bf9e7fde5..38a79997a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2885,95 +2885,73 @@ void InitCiphers(WOLFSSL* ssl) } +static void FreeCiphersSide(Ciphers *cipher, void* heap) +{ +#ifdef BUILD_ARC4 + wc_Arc4Free(cipher->arc4); + XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER); + cipher->arc4 = NULL; +#endif +#ifdef BUILD_DES3 + wc_Des3Free(cipher->des3); + XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER); + cipher->des3 = NULL; +#endif +#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) + /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, + * dec->aes) */ + wc_AesFree(cipher->aes); + XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER); + cipher->aes = NULL; +#endif +#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) + wc_Sm4Free(cipher->sm4); + XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER); + cipher->sm4 = NULL; +#endif +#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \ + !defined(WOLFSSL_NO_TLS12) + XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER); + cipher->additional = NULL; +#endif +#ifdef CIPHER_NONCE + XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER); + cipher->nonce = NULL; +#endif +#ifdef HAVE_ARIA + wc_AriaFreeCrypt(cipher->aria); + XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER); + cipher->aria = NULL; +#endif +#ifdef HAVE_CAMELLIA + XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER); + cipher->cam = NULL; +#endif +#ifdef HAVE_CHACHA + if (cipher->chacha) + ForceZero(cipher->chacha, sizeof(ChaCha)); + XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER); + cipher->chacha = NULL; +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + wc_HmacFree(cipher->hmac); + XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER); + cipher->hmac = NULL; +#endif +} /* Free ciphers */ void FreeCiphers(WOLFSSL* ssl) { - (void)ssl; -#ifdef BUILD_ARC4 - wc_Arc4Free(ssl->encrypt.arc4); - wc_Arc4Free(ssl->decrypt.arc4); - XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.arc4 = NULL; - ssl->decrypt.arc4 = NULL; -#endif -#ifdef BUILD_DES3 - wc_Des3Free(ssl->encrypt.des3); - wc_Des3Free(ssl->decrypt.des3); - XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.des3 = NULL; - ssl->decrypt.des3 = NULL; -#endif -#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) - /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */ - wc_AesFree(ssl->encrypt.aes); - wc_AesFree(ssl->decrypt.aes); - XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.aes = NULL; - ssl->decrypt.aes = NULL; -#endif -#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - wc_Sm4Free(ssl->encrypt.sm4); - wc_Sm4Free(ssl->decrypt.sm4); - XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.sm4 = NULL; - ssl->decrypt.sm4 = NULL; -#endif -#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \ - !defined(WOLFSSL_NO_TLS12) - XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.additional = NULL; - ssl->decrypt.additional = NULL; -#endif -#ifdef CIPHER_NONCE - XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.nonce = NULL; - ssl->decrypt.nonce = NULL; -#endif -#ifdef HAVE_ARIA - wc_AriaFreeCrypt(ssl->encrypt.aria); - wc_AriaFreeCrypt(ssl->decrypt.aria); - XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.aria = NULL; - ssl->decrypt.aria = NULL; -#endif -#ifdef HAVE_CAMELLIA - XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.cam = NULL; - ssl->decrypt.cam = NULL; -#endif -#ifdef HAVE_CHACHA - if (ssl->encrypt.chacha) - ForceZero(ssl->encrypt.chacha, sizeof(ChaCha)); - if (ssl->decrypt.chacha) - ForceZero(ssl->decrypt.chacha, sizeof(ChaCha)); - XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.chacha = NULL; - ssl->decrypt.chacha = NULL; -#endif + FreeCiphersSide(&ssl->encrypt, ssl->heap); + FreeCiphersSide(&ssl->decrypt, ssl->heap); + #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) if (ssl->auth.poly1305) ForceZero(ssl->auth.poly1305, sizeof(Poly1305)); XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); ssl->auth.poly1305 = NULL; #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) - wc_HmacFree(ssl->encrypt.hmac); - wc_HmacFree(ssl->decrypt.hmac); - XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.hmac = NULL; - ssl->decrypt.hmac = NULL; -#endif #ifdef WOLFSSL_DTLS13 #ifdef BUILD_AES @@ -2993,7 +2971,6 @@ void FreeCiphers(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ } - void InitCipherSpecs(CipherSpecs* cs) { XMEMSET(cs, 0, sizeof(CipherSpecs)); @@ -7392,6 +7369,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ssl->buffers.encrypt[i].avail = 1; + } + } +#endif + #ifdef KEEP_PEER_CERT InitX509(&ssl->peerCert, 0, ssl->heap); #endif @@ -7729,6 +7715,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0]; ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT; ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords; + +#ifdef WOLFSSL_RW_THREADED + ret = wc_InitMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC @@ -8259,6 +8252,25 @@ void SSL_ResourceFree(WOLFSSL* ssl) ShrinkInputBuffer(ssl, FORCED_FREE); if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + bufferStatic* buff = &ssl->buffers.encrypt[i].buffer; + + ssl->buffers.encrypt[i].stop = 1; + FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap); + if (buff->dynamicFlag) { + XFREE(buff->buffer - buff->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + buff->buffer = buff->staticBuffer; + buff->bufferSize = STATIC_BUFFER_LEN; + buff->offset = 0; + buff->dynamicFlag = 0; + } + } + } +#endif #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) if (ssl->buffers.tls13CookieSecret.buffer != NULL) { ForceZero(ssl->buffers.tls13CookieSecret.buffer, @@ -8511,6 +8523,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif #ifdef WOLFSSL_DTLS13 Dtls13FreeFsmResources(ssl); + +#ifdef WOLFSSL_RW_THREADED + wc_FreeMutex(&ssl->dtls13Rtx.mutex); +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC wolfSSL_quic_free(ssl); @@ -10770,6 +10786,69 @@ retry: return 0; } +#ifdef WOLFSSL_THREADED_CRYPT +static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl, + bufferStatic* outputBuffer, int size) +{ + byte* tmp; +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : + RECORD_HEADER_SZ; + byte align = WOLFSSL_GENERAL_ALIGNMENT; +#else + const byte align = WOLFSSL_GENERAL_ALIGNMENT; +#endif + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + /* the encrypted data will be offset from the front of the buffer by + the header, if the user wants encrypted alignment they need + to define their alignment requirement */ + + while (align < hdrSz) + align *= 2; +#endif + + tmp = (byte*)XMALLOC(size + outputBuffer->length + align, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + WOLFSSL_MSG("growing output buffer"); + + if (tmp == NULL) + return MEMORY_E; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + tmp += align - hdrSz; +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* can be from IO memory pool which does not need copy if same buffer */ + if (outputBuffer->length && tmp == outputBuffer->buffer) { + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; + } +#endif + + if (outputBuffer->length) + XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length); + + if (outputBuffer->dynamicFlag) { + XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + } + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + outputBuffer->offset = align - hdrSz; + else +#endif + outputBuffer->offset = 0; + + outputBuffer->buffer = tmp; + outputBuffer->dynamicFlag = 1; + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; +} +#endif /* returns the current location in the output buffer to start writing to */ byte* GetOutputBuffer(WOLFSSL* ssl) @@ -22210,6 +22289,7 @@ default: #endif } #endif + #ifndef WOLFSSL_RW_THREADED #ifdef WOLFSSL_TLS13 if (ssl->keys.keyUpdateRespond) { WOLFSSL_MSG("No KeyUpdate from peer seen"); @@ -22217,6 +22297,7 @@ default: return SANITY_MSG_E; } #endif + #endif if ((ret = DoApplicationData(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, @@ -23187,6 +23268,29 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_prev_sequence_number_lo; } #endif + +#ifdef WOLFSSL_THREADED_CRYPT + if (asyncOkay) { + WOLFSSL_MSG("Not encrypting\n"); + /* make sure build message state is reset */ + ssl->options.buildMsgState = BUILD_MSG_BEGIN; + + /* return sz on success */ + if (ret == 0) { + ret = args->sz; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } + + /* Final cleanup */ + FreeBuildMsgArgs(ssl, args); + + return ret; + } + else +#endif + { #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (ssl->options.startedETMWrite) { ret = Encrypt(ssl, output + args->headerSz, @@ -23209,6 +23313,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo; } #endif + } } if (ret != 0) { @@ -24636,6 +24741,50 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) } #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */ +#ifdef WOLFSSL_THREADED_CRYPT +int SendAsyncData(WOLFSSL* ssl) +{ + int i; + + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ThreadCrypt* encrypt = &ssl->buffers.encrypt[i]; + + if (encrypt->done) { + int error; + + GrowOutputBuffer(ssl, encrypt->buffer.length); + XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer, + encrypt->buffer.length); + ssl->buffers.outputBuffer.length = encrypt->buffer.length; + ssl->buffers.outputBuffer.idx = 0; + encrypt->done = 0; + encrypt->avail = 1; + if ((error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(ssl->error); + /* store for next call if WANT_WRITE or user embedSend() that + doesn't present like WANT_WRITE */ + ssl->buffers.plainSz = encrypt->buffer.length; + ssl->buffers.prevSent = encrypt->buffer.length; + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + return SOCKET_PEER_CLOSED_E; /* peer reset or closed */ + } + return ssl->error; + } + + /* only one message per attempt */ + if (ssl->options.partialWrite == 1) { + WOLFSSL_MSG("Partial Write on, only sending one record"); + break; + } + } + } + + return 0; +} +#endif + /** * ssl_in_handshake(): * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is @@ -24690,18 +24839,20 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) int groupMsgs = 0; #endif + int error = ssl->error; - if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE) + if (error == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - || ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) + || error == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { + error = 0; ssl->error = 0; } /* don't allow write after decrypt or mac error */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { /* For DTLS allow these possible errors and allow the session to continue despite them */ if (ssl->options.dtls) { @@ -24744,10 +24895,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_CBIO_ERR_WANT_WRITE; } #endif - return err; + return err; } } +#ifdef WOLFSSL_RW_THREADED +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; + } + } +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_TLS13 + if (ssl->options.sendKeyUpdate) { + ssl->options.sendKeyUpdate = 0; + ret = SendTls13KeyUpdate(ssl); + if (ret != 0) { + ssl->error = BUILD_MSG_ERROR; + return WOLFSSL_FATAL_ERROR; + } + } +#endif +#endif + /* last time system socket output buffer was full, try again to send */ if (ssl->buffers.outputBuffer.length > 0 #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) @@ -24755,15 +24929,16 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #endif ) { WOLFSSL_MSG("output buffer was full, trying to send again"); - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + if ( (error = SendBuffered(ssl)) < 0) { + WOLFSSL_ERROR(error); + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return (ssl->error = error); } else { /* advance sent to previous sent + plain size just sent */ @@ -24772,7 +24947,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) if (sent > sz) { WOLFSSL_MSG("error: write() after WANT_WRITE with short size"); - return ssl->error = BAD_FUNC_ARG; + return (ssl->error = BAD_FUNC_ARG); } } } @@ -24783,6 +24958,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_FATAL_ERROR; } +#ifdef WOLFSSL_THREADED_CRYPT + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + if (ssl->dtls13WaitKeyUpdateAck) { + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; + } +#endif + for (;;) { byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ @@ -24791,6 +24979,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif +#ifdef WOLFSSL_THREADED_CRYPT + int i; + ThreadCrypt* encrypt = NULL; +#endif #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) if (IsAtLeastTLSv1_3(ssl->version)) { @@ -24855,9 +25047,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) if (ssl->options.dtls && (buffSz < sz - sent)) { - ssl->error = DTLS_SIZE_ERROR; - WOLFSSL_ERROR(ssl->error); - return ssl->error; + error = DTLS_SIZE_ERROR; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } #endif outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; @@ -24874,10 +25067,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) /* check for available size */ if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) - return ssl->error = ret; + return (ssl->error = ret); /* get output buffer */ +#ifndef WOLFSSL_THREADED_CRYPT out = GetOutputBuffer(ssl); +#else + do { + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + if (ssl->buffers.encrypt[i].avail) { + encrypt = &ssl->buffers.encrypt[i]; + break; + } + } + if (encrypt == NULL) { + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + } + } + while (encrypt == NULL); + encrypt->done = 0; + encrypt->avail = 0; + GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz); + out = encrypt->buffer.buffer; +#endif #ifdef HAVE_LIBZ if (ssl->options.usingCompression) { @@ -24921,21 +25137,70 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef WOLFSSL_ASYNC_CRYPT FreeAsyncCtx(ssl, 0); #endif +#ifdef WOLFSSL_THREADED_CRYPT + if (!encrypt->init) { + SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs, + ssl->options.side, ssl->heap, ssl->devId, ssl->rng, + ssl->options.tls1_3); + encrypt->init = 1; + } + encrypt->buffer.length = sendSz; + encrypt->offset = RECORD_HEADER_SZ; + if (ssl->options.dtls) { + encrypt->offset += DTLS_RECORD_EXTRA; + } + encrypt->cryptLen = outputSz - encrypt->offset; + #ifdef HAVE_TRUNCATED_HMAC + if (ssl->truncated_hmac) { + encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size); + } + else + #endif + { + encrypt->cryptLen -= ssl->specs.hash_size; + } + +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); + XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV, + AESGCM_EXP_IV_SZ); +#endif + XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ); + WriteSEQ(ssl, CUR_ORDER, encrypt->additional); + XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer, + 3); + c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ - + ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET); + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + DtlsSEQIncrement(ssl, CUR_ORDER); + #endif + + if (encrypt->signal != NULL) { + encrypt->signal(encrypt->signalCtx, ssl); + } + return sendSz; +#else ssl->buffers.outputBuffer.length += (word32)sendSz; - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); + if ( (error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); /* store for next call if WANT_WRITE or user embedSend() that doesn't present like WANT_WRITE */ ssl->buffers.plainSz = buffSz; ssl->buffers.prevSent = sent; - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return error; } sent += buffSz; @@ -24945,6 +25210,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("Partial Write on, only sending one record"); break; } +#endif } return sent; @@ -24954,13 +25220,14 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) { int size; + int error = ssl->error; WOLFSSL_ENTER("ReceiveData"); /* reset error state */ - if (ssl->error == WC_NO_ERR_TRACE(WANT_READ) || - ssl->error == WOLFSSL_ERROR_WANT_READ) - { + if (error == WC_NO_ERR_TRACE(WANT_READ) || + error == WOLFSSL_ERROR_WANT_READ) { + error = 0; ssl->error = 0; } @@ -24968,25 +25235,26 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if (ssl->options.dtls) { /* In DTLS mode, we forgive some errors and allow the session * to continue despite them. */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || + error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + error = 0; ssl->error = 0; } } #endif /* WOLFSSL_DTLS */ - if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_WRITE) + if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) + && error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13) - && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY) + && error != WC_NO_ERR_TRACE(APP_DATA_READY) #endif ) { WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); - return ssl->error; + return error; } #ifdef WOLFSSL_EARLY_DATA @@ -25024,32 +25292,39 @@ startScr: #endif while (ssl->buffers.clearOutputBuffer.length == 0) { - if ( (ssl->error = ProcessReply(ssl)) < 0) { - if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) { + if ( (error = ProcessReply(ssl)) < 0) { + if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) { + ssl->error = error; WOLFSSL_MSG("Zero return, no more data coming"); return 0; /* no more data coming */ } - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { if (ssl->options.connReset || ssl->options.isClosed) { WOLFSSL_MSG("Peer reset or closed, connection done"); - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } } - WOLFSSL_ERROR(ssl->error); - return ssl->error; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } -#ifdef WOLFSSL_DTLS13 +#ifndef WOLFSSL_RW_THREADED + #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ - if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return ssl->error; + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } } -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ +#endif + #ifdef HAVE_SECURE_RENEGOTIATION if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { diff --git a/src/keys.c b/src/keys.c index 3123a610e..b13fbdf5b 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2371,7 +2371,7 @@ static int SetPrefix(byte* sha_input, int idx) #endif -static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, +int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, int tls13) { (void)rng; diff --git a/src/ssl.c b/src/ssl.c index dccec07af..19b0f1070 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23672,7 +23672,86 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( #endif /* OPENSSL_EXTRA */ -#ifndef NO_CERTS +#ifdef WOLFSSL_THREADED_CRYPT +int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 0; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return (encrypt->avail == 0) && (encrypt->done == 0); +} + +int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 1; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return encrypt->stop; +} + +int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx]; + + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) { + unsigned char* out = encrypt->buffer.buffer + encrypt->offset; + unsigned char* input = encrypt->buffer.buffer + encrypt->offset; + word32 encSz = encrypt->buffer.length - encrypt->offset; + + ret = +#if !defined(NO_GCM_ENCRYPT_EXTRA) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + wc_AesGcmEncrypt_ex +#else + wc_AesGcmEncrypt +#endif + (encrypt->encrypt.aes, + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + encrypt->nonce, AESGCM_NONCE_SZ, + out + encSz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + encrypt->additional, AEAD_AUTH_DATA_SZ); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ); +#endif + encrypt->done = 1; + } + + return ret; +} + +int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx) +{ + int ret = 0; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ssl->buffers.encrypt[idx].signal = signal; + ssl->buffers.encrypt[idx].signalCtx = ctx; + } + + return ret; +} +#endif + + +#ifndef NO_CERT #define WOLFSSL_X509_INCLUDED #include "src/x509.c" #endif diff --git a/src/tls13.c b/src/tls13.c index 6e24d2da4..90e4568f4 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -11210,7 +11210,7 @@ static int SendTls13Finished(WOLFSSL* ssl) * ssl The SSL/TLS object. * returns 0 on success, otherwise failure. */ -static int SendTls13KeyUpdate(WOLFSSL* ssl) +int SendTls13KeyUpdate(WOLFSSL* ssl) { byte* input; byte* output; @@ -11387,7 +11387,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ +#ifndef WOLFSSL_RW_THREADED return SendTls13KeyUpdate(ssl); +#else + ssl->options.sendKeyUpdate = 1; + return 0; +#endif } WOLFSSL_LEAVE("DoTls13KeyUpdate", ret); diff --git a/src/wolfio.c b/src/wolfio.c index a36ff53bd..a632ff843 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -650,6 +650,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER) word32 invalidPeerPackets = 0; #endif + int newPeer = 0; WOLFSSL_ENTER("EmbedReceiveFrom"); @@ -677,8 +678,13 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S); else dtlsCtx->peer.bufSz = 0; + newPeer = 1; + peer = (SOCKADDR_S*)dtlsCtx->peer.sa; + } + else { + peer = &lclPeer; + XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); } - peer = (SOCKADDR_S*)dtlsCtx->peer.sa; peerSz = dtlsCtx->peer.bufSz; } @@ -688,9 +694,20 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { - doDtlsTimeout = - doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL || + doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL; +#ifdef WOLFSSL_RW_THREADED + { + int ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } + } +#endif + doDtlsTimeout = doDtlsTimeout || (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif } #endif /* WOLFSSL_DTLS13 */ @@ -822,8 +839,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } } else { - /* Store size of saved address */ - dtlsCtx->peer.sz = peerSz; + if (newPeer) { + /* Store size of saved address */ + dtlsCtx->peer.sz = peerSz; + } +#ifndef WOLFSSL_PEER_ADDRESS_CHANGES + else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || + (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { + return WOLFSSL_CBIO_ERR_GENERAL; + } +#endif } #ifndef NO_ASN_TIME ssl->dtls_start_timeout = 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2fe5633dc..ff9c1230d 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2920,8 +2920,8 @@ typedef struct Keys { byte encryptionOn; /* true after change cipher spec */ byte decryptedCur; /* only decrypt current record once */ #ifdef WOLFSSL_TLS13 - byte updateResponseReq:1; /* KeyUpdate response from peer required. */ - byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ + byte updateResponseReq; /* KeyUpdate response from peer required. */ + byte keyUpdateRespond; /* KeyUpdate is to be responded to. */ #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS @@ -4744,10 +4744,34 @@ enum AcceptStateTls13 { TLS13_TICKET_SENT }; +#ifdef WOLFSSL_THREADED_CRYPT + +#include + +typedef struct ThreadCrypt { + Ciphers encrypt; + bufferStatic buffer; + unsigned char nonce[AESGCM_NONCE_SZ]; + unsigned char additional[AEAD_AUTH_DATA_SZ]; + int init; + int offset; + int cryptLen; + int done; + int avail; + int stop; + WOLFSSL_THREAD_SIGNAL signal; + void* signalCtx; +} ThreadCrypt; + +#endif + /* buffers for struct WOLFSSL */ typedef struct Buffers { bufferStatic inputBuffer; bufferStatic outputBuffer; +#ifdef WOLFSSL_THREADED_CRYPT + ThreadCrypt encrypt[WOLFSSL_THREADED_CRYPT_CNT]; +#endif buffer domainName; /* for client check */ buffer clearOutputBuffer; buffer sig; /* signature data */ @@ -4901,7 +4925,6 @@ struct Options { word16 tls:1; /* using TLS ? */ word16 tls1_1:1; /* using TLSv1.1+ ? */ word16 tls1_3:1; /* using TLSv1.3+ ? */ - word16 seenUnifiedHdr:1; /* received msg with unified header */ word16 dtls:1; /* using datagrams ? */ #ifdef WOLFSSL_DTLS word16 dtlsStateful:1; /* allow stateful processing ? */ @@ -4910,7 +4933,6 @@ struct Options { word16 isClosed:1; /* if we consider conn closed */ word16 closeNotify:1; /* we've received a close notify */ word16 sentNotify:1; /* we've sent a close notify */ - word16 shutdownDone:1; /* we've completed a shutdown */ word16 usingCompression:1; /* are we using compression */ word16 haveRSA:1; /* RSA available */ word16 haveECC:1; /* ECC available */ @@ -4958,7 +4980,6 @@ struct Options { #endif word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ - word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ #endif @@ -5011,8 +5032,6 @@ struct Options { word16 buildArgsSet:1; /* buildArgs are set and need to * be free'd */ #endif - word16 buildingMsg:1; /* If set then we need to re-enter the - * handshake logic. */ #ifdef WOLFSSL_DTLS13 word16 dtls13SendMoreAcks:1; /* Send more acks during the * handshake process */ @@ -5039,6 +5058,14 @@ struct Options { #if defined(HAVE_DANE) word16 useDANE:1; #endif /* HAVE_DANE */ +#ifdef WOLFSSL_DTLS + byte haveMcast; /* using multicast ? */ +#endif + byte buildingMsg; /* If set then we need to re-enter the + * handshake logic. */ + byte seenUnifiedHdr; /* received msg with unified header */ + byte shutdownDone; /* we've completed a shutdown */ + byte sendKeyUpdate; /* Key Update to write */ #if defined(HAVE_RPK) RpkConfig rpkConfig; RpkState rpkState; @@ -5678,14 +5705,17 @@ typedef struct Dtls13RecordNumber { } Dtls13RecordNumber; typedef struct Dtls13Rtx { - enum Dtls13RtxFsmState state; +#ifdef WOLFSSL_RW_THREADED + wolfSSL_Mutex mutex; +#endif + enum Dtls13RtxFsmState state; /* Unused? */ Dtls13RtxRecord *rtxRecords; Dtls13RtxRecord **rtxRecordTailPtr; Dtls13RecordNumber *seenRecords; word32 lastRtx; - byte triggeredRtxs; - byte sendAcks:1; - byte retransmit:1; + byte triggeredRtxs; /* Unused? */ + byte sendAcks; + byte retransmit; } Dtls13Rtx; #endif /* WOLFSSL_DTLS13 */ @@ -5963,10 +5993,10 @@ struct WOLFSSL { /* used to store the message if it needs to be fragmented */ buffer dtls13FragmentsBuffer; byte dtls13SendingFragments:1; - byte dtls13SendingAckOrRtx:1; + byte dtls13SendingAckOrRtx; byte dtls13FastTimeout:1; - byte dtls13WaitKeyUpdateAck:1; - byte dtls13DoKeyUpdate:1; + byte dtls13WaitKeyUpdateAck; + byte dtls13DoKeyUpdate; word32 dtls13MessageLength; word32 dtls13FragOffset; byte dtls13FragHandshakeType; @@ -6423,6 +6453,9 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk, WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); #endif /* HAVE_SESSION_TICKET */ WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); +#ifdef WOLFSSL_THREADED_CRYPT +WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); +#endif #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType); #endif @@ -6627,6 +6660,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl); #endif /* NO_WOLFSSL_SERVER */ +#ifdef WOLFSSL_TLS13 + WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl); +#endif + #ifdef WOLFSSL_DTLS WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); @@ -6773,6 +6810,9 @@ enum encrypt_side { ENCRYPT_AND_DECRYPT_SIDE }; +WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, + CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, + int tls13); WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); /* Set*Internal and Set*External functions */ @@ -6933,6 +6973,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, enum HandShakeType msg_type, word32 length); #define EE_MASK (0x3) WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl); +WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl); WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize); WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 288bccb8d..ec6c08fb6 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3364,6 +3364,21 @@ WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl); +#ifdef WOLFSSL_THREADED_CRYPT + #ifndef WOLFSSL_THREADED_CRYPT_CNT + #define WOLFSSL_THREADED_CRYPT_CNT 16 + #endif + +typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx); +#endif + + typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int content, int verify, unsigned int* padSz, From fb8d2fc42fa81a522cd6cd6db41ca9986540035b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 16 Oct 2024 10:16:24 +1000 Subject: [PATCH 149/325] ARM32 ASM: regeneration after scripts changes Scripts changed to make generated code not go over 80 characters per line but SP not updated. Fix input register formatting in all ARM32 C assembly code. --- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 56 +- .../src/port/arm/armv8-32-chacha-asm_c.c | 12 +- .../src/port/arm/armv8-32-curve25519_c.c | 54 +- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 18 +- .../src/port/arm/armv8-32-poly1305-asm_c.c | 10 +- .../src/port/arm/armv8-32-sha256-asm_c.c | 8 +- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 2 +- .../src/port/arm/armv8-32-sha512-asm_c.c | 8 +- wolfcrypt/src/sp_arm32.c | 827 +++++++++++------- 9 files changed, 587 insertions(+), 408 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index 3c34f3ef6..cb921f594 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -406,9 +406,9 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) "str r8, [%[ks]], #4\n\t" "subs r11, r11, #1\n\t" "bne L_AES_invert_key_mix_loop_%=\n\t" - : [ks] "+r" (ks), [rounds] "+r" (rounds), - [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), - [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) + : [ks] "+r" (ks), [rounds] "+r" (rounds), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -933,9 +933,9 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, "bne L_AES_set_encrypt_key_loop_128_%=\n\t" "\n" "L_AES_set_encrypt_key_end_%=: \n\t" - : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), - [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), - [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) + : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" ); @@ -1588,7 +1588,7 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) + : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) : : "memory", "cc", "lr" ); @@ -1841,8 +1841,8 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, "\n" "L_AES_ECB_encrypt_end_%=: \n\t" "pop {%[ks]}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) : : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -2114,9 +2114,9 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, "L_AES_CBC_encrypt_end_%=: \n\t" "pop {%[ks], r9}\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [iv] "+r" (iv), - [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -2389,9 +2389,9 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -3045,7 +3045,7 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) + : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) : : "memory", "cc", "lr" ); @@ -3331,9 +3331,9 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, "bne L_AES_ECB_decrypt_loop_block_128_%=\n\t" "\n" "L_AES_ECB_decrypt_end_%=: \n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -3971,10 +3971,10 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, "\n" "L_AES_CBC_decrypt_end_%=: \n\t" "pop {%[ks]-r4}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [iv] "+r" (iv), - [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11" ); @@ -4576,8 +4576,8 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, "subs %[len], %[len], #16\n\t" "add %[data], %[data], #16\n\t" "bne L_GCM_gmult_len_start_block_%=\n\t" - : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), - [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) + : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), + [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -4840,9 +4840,9 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index aebcff155..5d5d17f4c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -71,7 +71,7 @@ void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p) "rev lr, lr\n\t" #endif /* BIG_ENDIAN_ORDER */ "stm r3, {r4, r12, lr}\n\t" - : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) + : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) : : "memory", "cc", "r3", "r12", "lr", "r4" ); @@ -119,8 +119,8 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) "\n" "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t" "stm %[x], {r4, r5, r12, lr}\n\t" - : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), - [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) + : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), + [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) : : "memory", "cc", "r12", "lr", "r4", "r5" ); @@ -484,7 +484,7 @@ void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, "\n" "L_chacha_arm32_crypt_done_%=: \n\t" "add sp, sp, #52\n\t" - : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) + : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -557,8 +557,8 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, "b L_chacha_arm32_over_byte_loop_%=\n\t" "\n" "L_chacha_arm32_over_done_%=: \n\t" - : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), - [len] "+r" (len) + : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), + [len] "+r" (len) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9" ); diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 6871aaade..e3b52140c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -335,7 +335,7 @@ void fe_sub(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_sub_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -393,7 +393,7 @@ void fe_add(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_add_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -428,7 +428,7 @@ void fe_frombytes(fe out_p, const unsigned char* in_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [in] "+r" (in) + : [out] "+r" (out), [in] "+r" (in) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); @@ -472,7 +472,7 @@ void fe_tobytes(unsigned char* out_p, const fe n_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [n] "+r" (n) + : [out] "+r" (out), [n] "+r" (n) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12" ); @@ -575,7 +575,7 @@ void fe_copy(fe r_p, const fe a_p) #else "strd r4, r5, [%[r], #24]\n\t" #endif - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5" ); @@ -602,7 +602,7 @@ void fe_neg(fe r_p, const fe a_p) "sbcs r4, lr, r4\n\t" "sbc r5, r12, r5\n\t" "stm %[r]!, {r2, r3, r4, r5}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr" ); @@ -2407,7 +2407,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #else "strd r8, r9, [%[r], #88]\n\t" #endif - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr" @@ -2528,7 +2528,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) "and r7, r7, lr\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" "sub %[base], %[base], %[b]\n\t" - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -3074,7 +3074,7 @@ void fe_mul(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_mul_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -3495,7 +3495,7 @@ void fe_sq(fe r_p, const fe a_p) __asm__ __volatile__ ( "bl fe_sq_op\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11" @@ -3572,7 +3572,7 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" @@ -3635,7 +3635,7 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" @@ -4026,7 +4026,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "bl fe_mul_op\n\t" "mov r0, #0\n\t" "add sp, sp, #0xbc\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" @@ -4340,7 +4340,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "mov r0, #0\n\t" "add sp, sp, #0xc0\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" @@ -4515,7 +4515,7 @@ void fe_invert(fe r_p, const fe a_p) "ldr %[a], [sp, #132]\n\t" "ldr %[r], [sp, #128]\n\t" "add sp, sp, #0x88\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -4836,7 +4836,7 @@ void fe_sq2(fe r_p, const fe a_p) "ldr r0, [sp, #64]\n\t" "stm r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr" ); @@ -5015,7 +5015,7 @@ void fe_sq2(fe r_p, const fe a_p) "stm r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "mov r0, r12\n\t" "mov r1, lr\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr" ); @@ -5186,7 +5186,7 @@ void fe_pow22523(fe r_p, const fe a_p) "ldr %[a], [sp, #100]\n\t" "ldr %[r], [sp, #96]\n\t" "add sp, sp, #0x68\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5217,7 +5217,7 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x40\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5253,7 +5253,7 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x60\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5301,7 +5301,7 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p) "mov r1, r0\n\t" "bl fe_sub_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5388,7 +5388,7 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r1, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5476,7 +5476,7 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5564,7 +5564,7 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5652,7 +5652,7 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #0x40\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -8528,7 +8528,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -9413,7 +9413,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index 4650b9bc8..4e5081d47 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -3312,7 +3312,7 @@ void kyber_arm32_ntt(sword16* r_p) "bne L_kyber_arm32_ntt_loop_567_%=\n\t" "add sp, sp, #8\n\t" : [r] "+r" (r), - [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c) + [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -8076,7 +8076,7 @@ void kyber_arm32_invntt(sword16* r_p) "bne L_kyber_arm32_invntt_loop_321_%=\n\t" "add sp, sp, #8\n\t" : [r] "+r" (r), - [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c) + [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -8405,8 +8405,8 @@ void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p, "stm %[r]!, {r4, r5}\n\t" "pop {r8}\n\t" "bne L_kyber_arm32_basemul_mont_loop_%=\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), - [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -8738,8 +8738,8 @@ void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p, "stm %[r]!, {r4, r5}\n\t" "pop {r8}\n\t" "bne L_kyber_arm32_basemul_mont_add_loop_%=\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), - [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -8948,7 +8948,7 @@ void kyber_arm32_csubq(sword16* p_p) "subs r1, r1, #8\n\t" "bne L_kyber_arm32_csubq_loop_%=\n\t" : [p] "+r" (p), - [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -9220,8 +9220,8 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, "\n" "L_kyber_arm32_rej_uniform_done_%=: \n\t" "lsr r0, r12, #1\n\t" - : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), - [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" ); diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index aaf596d4c..97bd63aaa 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -270,8 +270,8 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, "\n" "L_poly1305_arm32_16_done_%=: \n\t" "add sp, sp, #28\n\t" - : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), - [notLast] "+r" (notLast) + : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), + [notLast] "+r" (notLast) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -321,8 +321,8 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) "stm lr, {r5, r6, r7, r8, r12}\n\t" /* Zero leftover */ "str r5, [%[ctx], #52]\n\t" - : [ctx] "+r" (ctx), [key] "+r" (key), - [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) + : [ctx] "+r" (ctx), [key] "+r" (key), + [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); @@ -377,7 +377,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) /* Zero out padding. */ "add r9, %[ctx], #36\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [ctx] "+r" (ctx), [mac] "+r" (mac) + : [ctx] "+r" (ctx), [mac] "+r" (mac) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9" diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 05086af07..f21b5317b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -1732,8 +1732,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "add %[data], %[data], #0x40\n\t" "bne L_SHA256_transform_len_begin_%=\n\t" "add sp, sp, #0xc0\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), - [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" @@ -2797,8 +2797,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "str r10, [sp, #8]\n\t" "bne L_SHA256_transform_neon_len_begin_%=\n\t" "add sp, sp, #24\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), - [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index e9e227ec3..170fcfd8b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -334,7 +334,7 @@ void BlockSha3(word64* state_p) "vst1.8 {d24}, [%[state]]\n\t" "add sp, sp, #16\n\t" : [state] "+r" (state), - [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) + [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) : : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index 32506f64e..f64ef3ce5 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -7601,8 +7601,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "bne L_SHA512_transform_len_begin_%=\n\t" "eor r0, r0, r0\n\t" "add sp, sp, #0xc0\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), - [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" @@ -9154,8 +9154,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "subs %[len], %[len], #0x80\n\t" "sub r3, r3, #0x280\n\t" "bne L_SHA512_transform_neon_len_begin_%=\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), - [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) : : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index c8ecf47ec..68449bebd 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -2231,7 +2231,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -2584,7 +2585,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -2610,7 +2612,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -2655,7 +2657,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -2715,7 +2717,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -2751,7 +2754,7 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2798,7 +2801,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -2848,7 +2851,7 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2988,7 +2991,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3066,7 +3069,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -3266,7 +3269,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3400,7 +3403,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -4680,7 +4683,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -4923,7 +4927,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -4941,7 +4946,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -5028,18 +5033,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5074,7 +5080,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5159,7 +5165,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5272,7 +5278,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5347,7 +5353,8 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5383,7 +5390,8 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -5585,7 +5593,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5742,7 +5751,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5798,7 +5808,8 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5834,7 +5845,8 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -6036,7 +6048,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6193,7 +6206,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6314,7 +6328,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -8379,7 +8393,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r4, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -8408,7 +8422,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8434,7 +8449,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -8448,7 +8463,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8572,7 +8588,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -9553,7 +9569,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -9848,7 +9865,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10053,7 +10071,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10183,7 +10202,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -11224,7 +11243,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -11283,7 +11302,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11421,7 +11440,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11820,7 +11839,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -12229,7 +12248,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12255,7 +12275,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -12269,7 +12289,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12505,7 +12526,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -14414,7 +14435,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -14965,7 +14987,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15330,7 +15353,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15398,7 +15422,8 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -15532,7 +15557,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -15592,7 +15617,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -15730,7 +15755,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -16585,7 +16610,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -17116,7 +17141,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17142,7 +17168,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -17156,7 +17182,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17280,7 +17307,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -17994,7 +18021,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -23899,7 +23926,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -23941,7 +23969,7 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24002,7 +24030,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24066,7 +24094,7 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24238,7 +24266,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24344,7 +24372,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24600,7 +24628,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24790,7 +24818,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -27922,7 +27950,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -27963,7 +27992,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28062,7 +28091,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28203,7 +28232,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28278,7 +28307,8 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28314,7 +28344,8 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28516,7 +28547,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28673,7 +28705,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28729,7 +28762,8 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28765,7 +28799,8 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28967,7 +29002,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29124,7 +29160,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29245,7 +29282,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -32334,7 +32371,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -32363,7 +32400,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32389,7 +32427,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -32403,7 +32441,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32583,7 +32622,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -34028,7 +34067,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34451,7 +34491,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34736,7 +34777,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34866,7 +34908,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -36419,7 +36461,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -36478,7 +36520,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -36616,7 +36658,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -37191,7 +37233,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -37600,7 +37642,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37626,7 +37669,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -37640,7 +37683,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37988,7 +38032,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -40825,7 +40869,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -41632,7 +41677,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42157,7 +42203,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42225,7 +42272,8 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -42415,7 +42463,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -42475,7 +42523,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -42613,7 +42661,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -43826,7 +43874,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -44357,7 +44405,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44383,7 +44432,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -44397,7 +44446,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44577,7 +44627,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -45483,7 +45533,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r4, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -46134,7 +46184,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -46145,7 +46195,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46380,7 +46431,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -46468,7 +46519,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46494,7 +46546,8 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -46530,7 +46583,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -46732,7 +46786,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "bgt L_sp_4096_mul_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -46889,7 +46944,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_4096_sqr_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -47008,7 +47064,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -51121,7 +51177,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -51151,7 +51207,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51177,7 +51234,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -51191,7 +51248,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51651,7 +51709,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -55416,7 +55474,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -56479,7 +56538,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57164,7 +57224,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57207,7 +57268,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57232,7 +57294,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -57244,7 +57307,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57478,7 +57542,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -57538,7 +57602,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -57676,7 +57740,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -59241,7 +59305,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -59772,7 +59836,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -59798,7 +59863,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -59812,7 +59877,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -60048,7 +60114,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -61146,7 +61212,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -61627,7 +61693,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "bgt L_sp_256_mul_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -63623,7 +63690,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -63976,7 +64044,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -64002,7 +64071,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -64047,7 +64116,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -64107,7 +64176,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -64267,7 +64337,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_256_sqr_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -65478,7 +65549,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -65721,7 +65793,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65739,7 +65812,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -65826,18 +65899,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65876,7 +65950,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -65913,7 +65988,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -65925,7 +66000,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a The number to convert. * m The modulus (prime). */ -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -66149,7 +66225,8 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di "add sp, sp, #24\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); (void)m_p; return (uint32_t)(size_t)r; @@ -66360,7 +66437,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68464,7 +68542,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r12" ); (void)m_p; (void)mp_p; @@ -68480,7 +68559,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68941,7 +69021,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -68957,7 +69038,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68972,7 +69054,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "strd %[r], %[a], [sp, #68]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -69017,7 +69099,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #64]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -69196,7 +69278,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x4c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); (void)m_p; (void)mp_p; @@ -69211,7 +69294,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70394,7 +70478,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", + "r10", "lr" ); (void)m_p; (void)mp_p; @@ -70408,7 +70493,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70760,7 +70846,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -70774,7 +70861,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70782,7 +70870,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" "str %[r], [sp, #64]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -70869,7 +70957,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co /* R[15] = r7 */ "mov lr, sp\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" @@ -71000,7 +71088,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71232,7 +71321,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -71252,7 +71341,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71278,7 +71368,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -71292,7 +71382,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71332,7 +71423,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -71620,7 +71711,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71723,7 +71815,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71808,7 +71901,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71959,7 +72053,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "add sp, sp, #0x44\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71972,7 +72067,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72244,7 +72340,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72256,7 +72353,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72347,7 +72445,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72359,7 +72458,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72432,7 +72532,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72486,7 +72587,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72530,7 +72632,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72580,7 +72683,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2" ); (void)m_p; } @@ -72662,7 +72766,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3", "r12" ); (void)m_p; } @@ -72674,7 +72779,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72716,7 +72822,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72793,7 +72900,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3" ); } @@ -76318,7 +76426,7 @@ static void sp_256_add_one_8(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -76722,7 +76830,8 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -76756,7 +76865,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -76856,7 +76965,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -77129,7 +77238,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -77188,7 +77297,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -77326,7 +77435,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -78010,7 +78119,8 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -78046,7 +78156,7 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -78126,7 +78236,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); } @@ -78212,7 +78323,8 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -78255,7 +78367,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = { static int sp_256_num_bits_8(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table; + register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = + (unsigned char*)&L_sp_256_num_bits_8_table; __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -78567,9 +78680,10 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "\n" "L_sp_256_num_bits_8_9_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) + : [a] "+r" (a), + [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -78658,7 +78772,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -79931,7 +80045,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_384_mul_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -85428,7 +85543,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -85587,7 +85703,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_384_sqr_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -88650,7 +88767,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -88688,7 +88806,8 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -88732,7 +88851,7 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -89043,7 +89162,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89069,7 +89189,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -89083,7 +89203,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89137,7 +89258,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -89540,7 +89661,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89675,7 +89797,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89780,7 +89903,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -90101,7 +90225,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -90159,7 +90283,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90242,7 +90367,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -90285,7 +90411,7 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -90300,7 +90426,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90326,7 +90453,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -90340,7 +90467,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90394,7 +90522,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -90407,7 +90535,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90477,7 +90606,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) "str r4, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -94081,7 +94210,7 @@ static void sp_384_add_one_12(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -94485,7 +94614,8 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -94526,7 +94656,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -94626,7 +94756,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -95027,7 +95157,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -95086,7 +95216,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -95224,7 +95354,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -95952,7 +96082,8 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r10, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -95995,7 +96126,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = { static int sp_384_num_bits_12(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table; + register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = + (unsigned char*)&L_sp_384_num_bits_12_table; __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -96559,9 +96691,10 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_13_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) + : [a] "+r" (a), + [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -96710,7 +96843,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -98032,7 +98165,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_521_mul_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -109048,7 +109182,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -109210,7 +109345,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_521_sqr_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -115082,7 +115218,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -115126,7 +115263,8 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], r4, #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -115181,7 +115319,7 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -115409,7 +115547,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115435,7 +115574,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -115449,7 +115588,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115522,7 +115662,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -115650,7 +115790,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p "stm %[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -115663,7 +115804,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116279,7 +116421,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116291,7 +116434,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116537,7 +116681,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116549,7 +116694,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116750,7 +116896,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -117123,7 +117270,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -117181,7 +117328,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117256,7 +117404,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117332,7 +117481,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117428,7 +117578,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117440,7 +117591,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117516,7 +117668,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117595,7 +117748,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -121830,7 +121983,7 @@ static void sp_521_add_one_17(sp_digit* a_p) "stm %[a]!, {r1}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -122304,7 +122457,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) #endif : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122424,7 +122577,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122642,7 +122795,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122681,7 +122834,8 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], %[a], %[a]\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -122733,7 +122887,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -122833,7 +122987,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -123394,7 +123548,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -123453,7 +123607,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -123591,7 +123745,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -124281,7 +124435,8 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -124335,7 +124490,7 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -124481,7 +124636,8 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r9, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -124524,7 +124680,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = { static int sp_521_num_bits_17(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table; + register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = + (unsigned char*)&L_sp_521_num_bits_17_table; __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -125403,9 +125560,10 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_18_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) + : [a] "+r" (a), + [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -125629,7 +125787,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -136390,7 +136548,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -141622,7 +141781,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -141671,7 +141831,7 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -141746,7 +141906,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -141824,7 +141984,7 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -141942,7 +142102,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -142179,7 +142339,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_1024_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142336,7 +142497,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_1024_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142456,7 +142618,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -142471,7 +142634,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142497,7 +142661,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -142511,7 +142675,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142635,7 +142800,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -142674,7 +142839,8 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -142774,7 +142940,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -143815,7 +143981,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -143874,7 +144040,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144012,7 +144178,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144441,7 +144607,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -145755,7 +145921,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146055,7 +146222,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146265,7 +146433,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146415,7 +146584,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146577,7 +146747,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -146587,7 +146758,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146732,7 +146904,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -146742,7 +146915,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147042,7 +147216,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -147053,7 +147228,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147209,7 +147385,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -147222,7 +147399,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147248,7 +147426,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -147262,7 +147440,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147386,7 +147565,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -147526,7 +147705,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #124]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } From a13f48aea06f1b4ca8dacd2feed683ee53b0033d Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 15 Oct 2024 18:36:28 -0700 Subject: [PATCH 150/325] Update Espressif Examples --- IDE/Espressif/ESP-IDF/README.md | 39 +- IDE/Espressif/ESP-IDF/README_32se.md | 2 +- IDE/Espressif/ESP-IDF/examples/README.md | 7 +- .../ESP-IDF/examples/template/CMakeLists.txt | 8 +- .../ESP-IDF/examples/template/README.md | 10 +- .../components/wolfssl/CMakeLists.txt | 28 +- .../template/components/wolfssl/Kconfig | 25 + .../template/components/wolfssl/README.md | 162 +++++ .../template/components/wolfssl/component.mk | 296 ++++++++ .../wolfssl/include/user_settings.h | 61 +- .../examples/template/main/CMakeLists.txt | 2 +- .../examples/template/main/include/main.h | 3 + .../examples/template/sdkconfig.defaults | 126 +++- .../template/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_benchmark/CMakeLists.txt | 67 +- .../examples/wolfssl_benchmark/README.md | 38 +- .../components/wolfssl/CMakeLists.txt | 395 +++++++++-- .../components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 347 +++++---- .../wolfssl/include/user_settings.h | 669 +++++++++++++----- .../wolfssl_benchmark/main/CMakeLists.txt | 2 + .../wolfssl_benchmark/main/include/main.h | 9 +- .../examples/wolfssl_benchmark/main/main.c | 94 +-- .../partitions_singleapp_large.csv | 62 +- .../wolfssl_benchmark/sdkconfig.defaults | 51 +- .../sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_client/CMakeLists.txt | 28 +- .../ESP-IDF/examples/wolfssl_client/README.md | 6 +- .../components/wolfssl/CMakeLists.txt | 626 ++++++++++++++-- .../wolfssl_client/components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 2 +- .../wolfssl/include/user_settings.h | 621 ++++++++++++++-- .../wolfssl_client/main/CMakeLists.txt | 18 +- .../wolfssl_client/main/Kconfig.projbuild | 81 ++- .../examples/wolfssl_client/main/client-tls.c | 16 +- .../wolfssl_client/main/include/client-tls.h | 4 +- .../wolfssl_client/main/include/main.h | 3 + .../wolfssl_client/main/include/time_helper.h | 4 +- .../main/include/wifi_connect.h | 14 +- .../examples/wolfssl_client/main/main.c | 44 +- .../wolfssl_client/main/time_helper.c | 32 +- .../wolfssl_client/main/wifi_connect.c | 24 +- .../wolfssl_client/sdkconfig.defaults | 58 +- .../wolfssl_client/sdkconfig.defaults.esp32c2 | 7 + .../wolfssl_client/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_server/CMakeLists.txt | 28 +- .../ESP-IDF/examples/wolfssl_server/README.md | 2 +- .../components/wolfssl/CMakeLists.txt | 628 ++++++++++++++-- .../wolfssl_server/components/wolfssl/Kconfig | 523 ++++++++++++++ .../components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 68 +- .../wolfssl/include/user_settings.h | 626 ++++++++++++++-- .../wolfssl_server/main/CMakeLists.txt | 18 +- .../wolfssl_server/main/Kconfig.projbuild | 89 ++- .../examples/wolfssl_server/main/component.mk | 7 +- .../wolfssl_server/main/include/main.h | 2 +- .../wolfssl_server/main/include/time_helper.h | 13 +- .../main/include/wifi_connect.h | 58 +- .../examples/wolfssl_server/main/main.c | 150 ++-- .../examples/wolfssl_server/main/server-tls.c | 45 +- .../wolfssl_server/main/time_helper.c | 174 +++-- .../wolfssl_server/main/wifi_connect.c | 156 +++- .../wolfssl_server/sdkconfig.defaults | 114 ++- .../wolfssl_server/sdkconfig.defaults.esp32c2 | 7 + .../wolfssl_server/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_test/CMakeLists.txt | 73 +- .../ESP-IDF/examples/wolfssl_test/README.md | 45 +- .../components/wolfssl/CMakeLists.txt | 399 +++++++++-- .../wolfssl_test/components/wolfssl/Kconfig | 523 ++++++++++++++ .../wolfssl_test/components/wolfssl/README.md | 162 +++++ .../components/wolfssl/component.mk | 345 +++++---- .../wolfssl/include/user_settings.h | 646 ++++++++++++----- .../examples/wolfssl_test/main/CMakeLists.txt | 2 + .../examples/wolfssl_test/main/component.mk | 2 +- .../examples/wolfssl_test/main/include/main.h | 5 +- .../ESP-IDF/examples/wolfssl_test/main/main.c | 83 ++- .../examples/wolfssl_test/sdkconfig.defaults | 53 +- .../wolfssl_test/sdkconfig.defaults.esp8266 | 30 + .../examples/wolfssl_test_idf/README.md | 4 +- .../examples/wolfssl_test_idf/main/main.c | 31 +- .../wolfssl_test_idf/main/time_helper.c | 2 +- IDE/Espressif/ESP-IDF/test/README.md | 2 +- IDE/Espressif/README.md | 19 +- IDE/Espressif/include.am | 92 ++- examples/configs/user_settings_platformio.h | 3 +- wolfcrypt/src/port/Espressif/README.md | 16 +- wolfcrypt/src/port/Espressif/esp32_mp.c | 4 + wolfcrypt/src/port/Espressif/esp32_sha.c | 2 +- .../port/Espressif/esp_crt_bundle/README.md | 2 +- .../Espressif/esp_crt_bundle/esp_crt_bundle.c | 2 +- .../src/port/Espressif/esp_sdk_time_lib.c | 6 +- .../src/port/Espressif/esp_sdk_wifi_lib.c | 8 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 6 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 3 +- wolfssl/wolfcrypt/settings.h | 2 +- 97 files changed, 9488 insertions(+), 1535 deletions(-) create mode 100644 IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk create mode 100644 IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md create mode 100644 IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index cc1a1d661..01a860fd9 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,11 +1,12 @@ # ESP-IDF Port These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). -The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. -Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). +ESP-IDF v5.2, v5.3 and the master branch -See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). +The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. +Espressif has [a list of all ESP-IDF versions](Espressifversions.html). + +See the latest Espressif Migration Guides. ## Examples @@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below. ### File: `sdkconfig.h` The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig` -file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html) +file at [build](Espressif api-guides/build-system.html) time, should be included before any other files. ### File: `user_settings.h` @@ -101,7 +102,7 @@ of your source code, particularly before the `#include git clone -b v5.0.2 --recursive https://github.com/espre - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715 - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777) - WSL 1 Ubuntu 22.04.3 LTS - - ESP-IDF: ESP-IDF v5.1 - - SoC Module : all those supported in ESP-IDF v5.1 + - ESP-IDF: ESP-IDF v5.2 + - SoC Module : all those supported in ESP-IDF v5.2 ## JTAG Debugging Notes @@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020 reset_config srst_push_pull trst_push_pull ``` + +## Windows long paths + +Check "Long Paths Enabled" in Windows registry. + +Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. + +The operation requires Administrator privileges. Command: + +```powershell +powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}" +``` diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md index af440a8b5..438723c6b 100644 --- a/IDE/Espressif/ESP-IDF/README_32se.md +++ b/IDE/Espressif/ESP-IDF/README_32se.md @@ -10,7 +10,7 @@ Including the following examples: The `user_settings.h` file enables some of the hardened settings. ## Requirements -1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/ +1. ESP-IDF development framework: https://github.com/espressif/esp-idf 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index d4a0ad696..a25289432 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -78,7 +78,7 @@ wolfSSL to be installed. If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux). -The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl) +The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) also installs source code locally, instead of pointing to a source repository. ## VisualGDB @@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058) -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf). - - - +See also the `ESP-FAQ Handbook`. diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt index 2f3e1630a..54971360f 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt @@ -1,12 +1,12 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.2 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) # Optional no watchdog typically used for test & benchmark -# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: @@ -71,6 +71,10 @@ else() message(STATUS "No conflicting wolfSSL components found.") endif() +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) + # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md index 8d9ebbe49..9e82e7280 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/README.md @@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ### Prerequisites -It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed. +It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed. ### Files Included @@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp- - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed. -- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1. +- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices. - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory: @@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") ## Getting Started: -Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html). +Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html). Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory. ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh @@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200 idf.py flash -p /dev/ttyS19 -b 115200 monitor ``` -Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html). +Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html). ## Other Examples: diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index 8c678fbf3..8b90966f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") # function: IS_ESP_IDF_COMPONENT # output: RESULT = 1 (true) if this component is located in the ESP-IDF components @@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -404,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -420,6 +428,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -757,6 +766,7 @@ else() REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" PRIV_REQUIRES + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -768,7 +778,10 @@ else() endif() # function(WOLFSSL_INIT_CERT_BUNDLE) -if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) if (CMAKE_BUILD_EARLY_EXPANSION) message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") endif() @@ -1001,10 +1014,13 @@ if(WOLFSSL_ROOT) set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") - file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n") # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE if(CONFIG_ESP_TLS_USING_WOLFSSL) - message(STATUS "wolfSSL will be used for ESP-TLS") + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() else() message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") endif() diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig index 5e21683b3..cdd039d73 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig @@ -382,6 +382,24 @@ menu "wolfSSL" Hardware acceleration enabled by default. Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + endmenu # wolfSSL Hardware Acceleration # ----------------------------------------------------------------------------------------------------------------- @@ -410,6 +428,13 @@ menu "wolfSSL" default n help Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + endmenu # wolfSSL Debug Options # ----------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md new file mode 100644 index 000000000..d77912416 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk new file mode 100644 index 000000000..45a1aa08f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk @@ -0,0 +1,296 @@ +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +$(info *********** wolfssl component ************) + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src + +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test + +## +## wolfcrypt +## +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 3939302b9..71b82c68e 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -85,6 +85,9 @@ /* Turn on messages that are useful to see only in examples. */ #define WOLFSSL_EXAMPLE_VERBOSITY +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + /* wolfSSL Examples: set macros used in example applications. * * These Settings NOT available in ESP-IDF (e.g. esp-tls) @@ -153,8 +156,13 @@ /* Other applications detected by cmake */ #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) - /* The wolfSSL Version */ - #define FP_MAX_BITS (8192 * 2) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif #define HAVE_ALPN #define HAVE_SNI #define OPENSSL_EXTRA_X509_SMALL @@ -240,9 +248,23 @@ /* Used by ESP-IDF components: */ #if defined(CONFIG_ESP_TLS_USING_WOLFSSL) /* The ESP-TLS */ - #define FP_MAX_BITS (8192 * 2) + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif #define HAVE_ALPN - #define HAVE_SNI + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif #define OPENSSL_EXTRA_X509_SMALL #define HAVE_TLS_EXTENSIONS @@ -349,18 +371,25 @@ /* Required for RSA */ #define WC_RSA_PSS - /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */ + /* TLS 1.3 normally requires HAVE_FFDHE */ #if defined(HAVE_FFDHE_2048) || \ defined(HAVE_FFDHE_3072) || \ defined(HAVE_FFDHE_4096) || \ defined(HAVE_FFDHE_6144) || \ defined(HAVE_FFDHE_8192) #else + #define HAVE_FFDHE_2048 /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ #endif #endif - +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -477,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -733,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -791,7 +827,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options optionally increase error message size for very long paths. #define WOLFSSL_MAX_ERROR_SZ 500 -Turn debugging on/off: +Turn wolfSSL debugging on/off: wolfSSL_Debugging_ON(); wolfSSL_Debugging_OFF(); @@ -801,6 +837,7 @@ Turn debugging on/off: #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_DEBUG_IGNORE_ASN_TIME #define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC @@ -809,6 +846,8 @@ Turn debugging on/off: #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK #define ESP_MONITOR_HW_TASK_LOCK #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt index a038d035b..3d7246465 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt @@ -1,5 +1,5 @@ # wolfSSL Espressif Example Project/main CMakeLists.txt -# v1.0 +# v1.1 # # wolfssl template # diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h index 94d913235..ec666f37d 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults index d14a51ee0..c3b5367a6 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults @@ -1,30 +1,142 @@ # Set the known example app config to template example (see user_settings.h) CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y -# Set the known example app config to TLS Client (see user_settings.h) -CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 - +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=3584 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 new file mode 100644 index 000000000..77299dfe4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 8c66ae269..f11fcd13e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -1,11 +1,13 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.0 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) + # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: # @@ -20,19 +22,58 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # Linux: ~/workspace # Windows: C:\workspace # +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME -# Optionally specify a location for wolfSSL component source code -# set(WOLFSSL_ROOT "c:/mydir/wolfssl" ) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# -#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") -# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -#else() -# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -#endif() +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 143a6a699..e760db5f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Espressif ESP Component Registry -See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl) +See the wolfSSL namespace and additional details: +https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ ## Windows COM Port @@ -38,9 +39,7 @@ using the VisualGDB extension. The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. - --------- |------------- |------------- | -ChipSet | ESP-IDF v4.4 | ESP-IDF v5.1 | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.2 | -------- |------------- |------------- | ESP32 | x | | ESP32-S2 | | | @@ -66,7 +65,8 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh 1-1. Example Configuration -> BENCH_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md) + Features to be benchmarked are enabled in the `user_settings.h`. When you want to run the benchmark program @@ -89,14 +89,34 @@ git fetch git pull git submodule update --init --recursive -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# pick your workspace location +# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB +# The ESP8266 uses a completely different toolchain: +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 +# Pick ESP-IDF toolchain install directory WRK_IDF_PATH=~/esp/esp-idf +# ESP-IDF v4.x uses toolchain v8.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 + +# ESP-IDF v5.0 with toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 + +# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1 + +# The most recent version: +# ESP-IDF v5.2 uses toolchain v13.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 + + . $WRK_IDF_PATH/export.sh # Set target SoC diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index f0bef7fc3..8b90966f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. + else() + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig new file mode 100644 index 000000000..cdd039d73 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md new file mode 100644 index 000000000..d77912416 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk index 54ae8041f..95a5a4723 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 1c30597da..0ce13530b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif #endif +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - /* TODO: SRP Not enabled, known to fail on this target - * See https://github.com/wolfSSL/wolfssl/issues/7210 */ - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -750,3 +1042,34 @@ Turn on timer debugging (used when CPU cycles not available) #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt index 6614af4fc..bb71f4b28 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl benchmark test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index cae03b4a9..30c2289f3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,4 +1,4 @@ -/* benchmark main.h +/* wolfssl_benchmark main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -19,12 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _MAIN_ -#define _MAIN_ +#ifndef _MAIN_H_ +#define _MAIN_H_ void app_main(void); -/* see wolfssl/wolfcrypt/benchmark/benchmark.h */ -extern void wolf_benchmark_task(); - #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 3381f25fe..02c277181 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -27,20 +27,27 @@ /* The wolfSSL user_settings.h file is automatically included by the settings.h * file and should never be explicitly included in any other source files. * The settings.h should also be listed above wolfssl library include files. */ -#include -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #error "Problem with wolfSSL user_settings. " \ - "Check components/wolfssl/include " \ - "and confirm WOLFSSL_USER_SETTINGS is defined, " \ - "typically in the component CMakeLists.txt" +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include -#include - /* Hardware; include after other libraries, * particularly after freeRTOS from settings.h */ #include @@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS]; int construct_argv() { + #define ARG_BUFF_SIZE 16 int cnt = 0; int i = 0; int len = 0; @@ -212,15 +220,16 @@ int construct_argv() /* entry point */ void app_main(void) { - int stack_start = 0; - uart_config_t uart_config = { .baud_rate = THIS_MONITOR_UART_BAUD_DATE, .data_bits = UART_DATA_8_BITS, .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + word32 loops = 0; esp_err_t ret = 0; + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, @@ -270,7 +279,7 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task") #else - /* although wolfCrypt_Init() may be explicitly called above, + /* Although wolfCrypt_Init() may be explicitly called above, ** note it is still always called in wolf_benchmark_task. */ stack_start = uxTaskGetStackHighWaterMark(NULL); @@ -278,36 +287,41 @@ void app_main(void) do { ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - wolf_benchmark_task(); /* TODO capture return value! */ +#ifdef WOLFSSL_BENCH_ARGV + ret = benchmark_test(__argv); +#else + ret = benchmark_test(NULL); +#endif ESP_LOGI(TAG, "Stack used: %d\n", stack_start - uxTaskGetStackHighWaterMark(NULL)); - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) - esp_hw_show_metrics(); - #endif - } while (BENCHMARK_LOOP); - /* Reminder: wolfCrypt_Cleanup should always be called at completion, + esp_hw_show_metrics(); + + loops++; /* count of the number of tests run before fail. */ + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "loops = %d", loops); + + } while (BENCHMARK_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, ** and is called in wolf_benchmark_task(). */ +#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1) + /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */ + ESP_LOGI(TAG, "Benchmark loops completed: %d", loops); +#endif + #if defined(SINGLE_THREADED) /* need stack monitor for single thread */ #else ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ - -#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) - esp_hw_show_mp_metrics(); -#endif - #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -318,19 +332,19 @@ void app_main(void) ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); } #elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) - ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); #else ESP_LOGI(TAG, "\n\nDone!\n\n" "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* after the test, we'll just wait */ + /* After completion, we'll just wait */ while (1) { - /* do something other than nothing to help next program/debug session*/ -#ifndef SINGLE_THREADED - vTaskDelay(1000); +#if defined(SINGLE_THREADED) + while (1); +#else + vTaskDelay(60000); #endif - } - + } /* done while */ #endif /* NO_CRYPT_BENCHMARK */ -} /* main */ +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv index a9c373bec..0b2fcd1a9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv @@ -1,31 +1,31 @@ -# to view: idf.py partition-table -# -# ESP-IDF Partition Table -# Name, Type, SubType, Offset, Size, Flags -nvs, data, nvs, 0x9000, 24K, -phy_init,data, phy, 0xf000, 4K, -factory, app, factory, 0x10000, 1500K, - - -# For other settings, see: -# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables -# -# Here is the summary printed for the "Single factory app, no OTA" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x6000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# -# -# Here is the summary printed for the "Factory app, two OTA definitions" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x4000, -# otadata, data, ota, 0xd000, 0x2000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# ota_0, app, ota_0, 0x110000, 1M, -# ota_1, app, ota_1, 0x210000, 1M, +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults index e7f303736..5dd65ae9d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -1,18 +1,31 @@ +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP8266 + ESP32 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -30,6 +43,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -45,6 +62,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 new file mode 100644 index 000000000..77299dfe4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index 14d08bf9f..0518aedc2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_client) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 43961ec9b..ff275c711 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Quick Start -Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html) -for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html) -for the ESP8266. +Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266. Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266) and set the various parameters for the target device, along with local WiFi settings: @@ -49,7 +47,7 @@ Difficulty flashing: * Check that quality USB cables are being used. * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable. * Review board specifications: some require manual boot mode via on-board buttons. -* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`. ## ESP-IDF Commandline v5.x diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index c3c09ca53..8b90966f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. + else() + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() + +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() - - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig new file mode 100644 index 000000000..cdd039d73 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md new file mode 100644 index 000000000..d77912416 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index 1008e04af..45a1aa08f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -20,7 +20,7 @@ $(info *********** wolfssl component ************) - # +# # Component Makefile # # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 325e54b6a..71b82c68e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ - -/* This user_settings.h is for Espressif ESP-IDF */ - +/* The Espressif project config file. See also sdkconfig.defaults */ #include "sdkconfig.h" -/* #define DEBUG_WOLFSSL */ -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ + +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -58,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -84,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -103,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -132,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -175,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -204,23 +506,40 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ @@ -230,13 +549,26 @@ /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -256,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -378,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -403,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -466,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -543,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -562,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -584,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt index 621eb8702..e339d2509 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl client test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild index 83dcd6439..061d0aa5a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -1,4 +1,83 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice config WOLFSSL_TARGET_HOST string "Target host" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 638fdf343..2883f2f25 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "client-tls.h" /* Espressif FreeRTOS */ @@ -36,6 +37,8 @@ /* wolfSSL */ #include +/* This project not yet using the library */ +#undef USE_WOLFSSL_ESP_SDK_WIFI #include #if defined(WOLFSSL_WC_KYBER) @@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) size_t len; - wolfSSL_Debugging_ON(); WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); doPeerCheck = 1; @@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Create and initialize WOLFSSL_CTX */ ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */ /* options: */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); only TLS 1.2 */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); only TLS 1.3 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method()); only TLS 1.2 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method()); only TLS 1.3 */ /* wolfSSL_CTX_NoTicketTLSv12(); */ /* wolfSSL_NoTicketTLSv12(); */ if (ctx == NULL) { @@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) } ESP_LOGI(TAG, "Connect to wolfSSL server..."); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif ret_i = wolfSSL_connect(ssl); #ifdef DEBUG_WOLFSSL this_heap = esp_get_free_heap_size(); @@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #else xTaskHandle _handle; #endif - /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */ + /* See Espressif api-reference/system/freertos_idf.html#functions */ if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) { /* Observed approximately 6KB limit for the RTOS task stack size. * Reminder parameter is bytes, not words as with generic FreeRTOS. */ @@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index b016f29a6..80802af50 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -29,9 +29,9 @@ /* See main/Kconfig.projbuild for default configuration settings */ #ifdef CONFIG_WOLFSSL_TARGET_HOST - #define TLS_SMP_TARGET_HOST "192.168.1.36" + #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST #else - #define TLS_SMP_TARGET_HOST "192.168.1.41" + #define TLS_SMP_TARGET_HOST "192.168.1.37" #endif #ifdef CONFIG_WOLFSSL_TARGET_PORT diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h index 12c452d6e..fee34cbc4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h index 3586ac65a..ab73b2439 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h @@ -24,8 +24,8 @@ #ifndef _TIME_HELPER_H_ #define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See Espressif api-reference/system/system_time */ #ifdef __cplusplus diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index 6888228f3..404efc0d3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -106,20 +106,26 @@ /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else - #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif #endif #if defined(CONFIG_ESP_WIFI_PASSWORD) /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else - #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif #endif #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index 838ad66bd..376c853fc 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -28,22 +28,32 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here */ -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "client-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" /* * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 @@ -123,8 +133,12 @@ void my_atmel_free(int slotId) /* Entry for FreeRTOS */ void app_main(void) { +#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark int stack_start = 0; +#endif +#if !defined(SINGLE_THREADED) int this_heap = 0; +#endif esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -132,6 +146,9 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif #ifdef ESP_SDK_MEM_LIB_VERSION sdk_init_meminfo(); #endif @@ -155,7 +172,7 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif api-reference/system/freertos_idf */ stack_start = uxTaskGetStackHighWaterMark(NULL); #ifdef ESP_SDK_MEM_LIB_VERSION @@ -172,7 +189,15 @@ void app_main(void) #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -267,7 +292,6 @@ void app_main(void) - (uxTaskGetStackHighWaterMark(NULL)) ); ESP_LOGI(TAG, "Starting TLS Client task ...\n"); - ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", &this_heap, this_heap); tls_smp_client_init(args); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 0adfefcbc..1ff6af417 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -19,12 +19,30 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* See https://tf.nist.gov/tf-cgi/servers.cgi */ - -/* common Espressif time_helper v5.6.6.001 */ -#include "sdkconfig.h" +/* common Espressif time_helper */ #include "time_helper.h" + +#include "sdkconfig.h" +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif + #include #include @@ -41,8 +59,8 @@ /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ @@ -285,7 +303,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 19ced3301..f2e13afc1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -31,12 +31,22 @@ #include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* When there's too little heap, WiFi quietly refuses to connect */ @@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults index 765df0fe6..146dabf0f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults @@ -1,12 +1,21 @@ -# sdkconfig.defaults for ESP8266 + ESP32 -# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. -# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults -CONFIG_BENCH_ARGV="-lng 0" +# Set the known example app config to TLS Client (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size. See user_settings.h +# Default main stack size +# +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others @@ -50,12 +59,43 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y -# Set max COU frequency (falls back as needed for lower maximum) +# Set max CPU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y -# FreeRTOS ticks at 1ms interval -CONFIG_FREERTOS_UNICORE=y -CONFIG_FREERTOS_HZ=1000 +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 new file mode 100644 index 000000000..a24d9302e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 new file mode 100644 index 000000000..77299dfe4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index 11a9e467a..e4ce3d8a0 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_server) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 6baa41aa7..0b88c035f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat ``` # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server # optionally erase diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index b809a1714..8b90966f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") - if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. + else() + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() + +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() - - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -383,7 +705,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig new file mode 100644 index 000000000..cdd039d73 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md new file mode 100644 index 000000000..d77912416 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk index 02c36849b..45a1aa08f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,17 +50,61 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + # NOTICE: the WOLFSSL_ROOT setting MUST be relative! # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables # In the wolfSSL GitHub examples for Espressif: # https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples # When this wolfssl component.mk makefile is in [project]/components/wolfssl -# The root is 7 directories up from here: +# The root is 7 directories up from here (the location of of this component.mk): WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. -COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt @@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o @@ -142,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o @@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o @@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o @@ -244,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib. ## ## wolfcrypt ## -# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 380da3e69..71b82c68e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ - -/* This user_settings.h is for Espressif ESP-IDF */ - +/* The Espressif project config file. See also sdkconfig.defaults */ #include "sdkconfig.h" -#define DEBUG_WOLFSSL -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ + +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -38,6 +215,7 @@ /* With limited RAM, we'll disable some of the Kyber sizes: */ #define WOLFSSL_NO_KYBER1024 #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE #endif #endif @@ -57,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -83,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -102,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -131,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -174,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -203,37 +506,69 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -253,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -375,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -400,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -463,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -540,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -559,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -581,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index 798cecceb..9b1e29369 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl server test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild index 64406069d..061d0aa5a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -1,9 +1,94 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice + +config WOLFSSL_TARGET_HOST + string "Target host" + default "127.0.0.1" + help + host address for the example to connect config WOLFSSL_TARGET_PORT int "Target port" default 11111 help - Host listening port for the example to connect. + host port for the example to connect endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk index 44bd2b527..c59edbee4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk @@ -1,3 +1,8 @@ # -# Main Makefile. This is basically the same as a component makefile. +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behavior is entirely configurable, +# please read the ESP-IDF documents if you need to do this. # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h index 94d913235..9e0096839 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_server main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index b3574b66b..3d335c652 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -1,4 +1,5 @@ -/* +/* time_helper.h + * * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. @@ -20,11 +21,11 @@ /* common Espressif time_helper v5.6.3.001 */ -#ifndef _TIME_HELPER_H -#define _TIME_HELPER_H +#ifndef _TIME_HELPER_H_ +#define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See: Espressif api-reference/system/system_time */ #ifdef __cplusplus @@ -32,7 +33,7 @@ extern "C" { #endif /* a function to show the current data and time */ -int esp_show_current_datetime(); +int esp_show_current_datetime(void); /* worst case, if GitHub time not available, used fixed time */ int set_fixed_default_time(void); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index b5debf364..668f6b8e9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -21,9 +21,6 @@ #ifndef _WIFI_CONNECT_H_ #define _WIFI_CONNECT_H_ -#include -#include - /* ESP lwip */ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY @@ -31,8 +28,10 @@ #define TLS_SMP_SERVER_TASK_BYTES 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 +/* Optionally use ESP-IDF config settings #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID #define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD +*/ #define USE_WIFI_EXAMPLE #ifdef USE_WIFI_EXAMPLE @@ -52,18 +51,53 @@ * file my_private_config.h should be excluded from git updates */ /* #define USE_MY_PRIVATE_CONFIG */ -#ifdef USE_MY_PRIVATE_CONFIG +/* Note that IntelliSense may not work properly in the next section for the + * Espressif SDK 3.4 on the ESP8266. Macros should still be defined. + * See the project-level Makefile. Example found in: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that + * triggers the make (not cmake) to add compiler defines. + */ +#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG) + #include "/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_WSL_CONFIG) + #include "/mnt/c/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_LINUX_CONFIG) + #include "~/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_MAC_CONFIG) + #include "~/Documents/my_private_config.h" +#elif defined(USE_MY_PRIVATE_CONFIG) + /* This section works best with cmake & non-environment variable setting */ #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_CMAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_MAKE #include "/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_CMAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_MAKE #include "/mnt/c/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_CMAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_MAKE #include "~/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) #include "~/Documents/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE) + #define WOLFSSL_MAKE + #include "~/Documents/my_private_config.h" + #elif defined(OS_WINDOWS) + #include "/workspace/my_private_config.h" #else - #warning "did not detect environment. using ~/my_private_config.h" - #include "~/my_private_config.h" + /* Edit as needed for your private config: */ + #warning "default private config using /workspace/my_private_config.h" + #include "/workspace/my_private_config.h" #endif #else @@ -74,8 +108,12 @@ ** If you'd rather not, just change the below entries to strings with ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" */ - #ifdef CONFIG_ESP_WIFI_SSID + #if defined(CONFIG_ESP_WIFI_SSID) + /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_SSID @@ -83,8 +121,12 @@ #endif #endif - #ifdef CONFIG_ESP_WIFI_PASSWORD + #if defined(CONFIG_ESP_WIFI_PASSWORD) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_PASS diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index b25991ca2..e8195416f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -27,29 +27,43 @@ #include /* wolfSSL */ -#include /* includes wolfSSL user-settings.h */ -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "server-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" + /* + * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 + * See https://github.com/espressif/esp-modbus/issues/2 + */ #endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif -static const char* const TAG = "TLS Client"; +static const char* TAG = "main"; #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ && defined(WOLFSSL_ATECC508A) @@ -114,10 +128,11 @@ void my_atmel_free(int slotId) #endif /* CUSTOM_SLOT_ALLOCATION */ #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ -/* for FreeRTOS */ +/* Entry for FreeRTOS */ void app_main(void) { int stack_start = 0; + int this_heap = 0; esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -125,31 +140,58 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif +#ifdef ESP_SDK_MEM_LIB_VERSION + sdk_init_meminfo(); +#endif #ifdef ESP_TASK_MAIN_STACK ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); #endif #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif -#ifdef INCLUDE_uxTaskGetStackHighWaterMark + +#ifdef SINGLE_THREADED + ESP_LOGI(TAG, "Single threaded"); +#else ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, - (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); - /* Returns the high water mark of the stack associated with xTask. That is, - * the minimum free stack space there has been (in bytes not words, unlike - * vanilla FreeRTOS) since the task started. The smaller the returned - * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html - */ - stack_start = uxTaskGetStackHighWaterMark(NULL); - ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); -#endif + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + { + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see Espressif api-reference/system/freertos_idf + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + #ifdef ESP_SDK_MEM_LIB_VERSION + { + sdk_var_whereis("stack_start", &stack_start); + } + #endif + + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); + } + #endif /* INCLUDE_uxTaskGetStackHighWaterMark */ +#endif /* SINGLE_THREADED */ #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -183,11 +225,23 @@ void app_main(void) /* Initialize NVS */ ret = nvs_flash_init(); - if (ret == ESP_ERR_NVS_NO_FREE_PAGES || - ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { - ESP_ERROR_CHECK(nvs_flash_erase()); - ret = nvs_flash_init(); + #if defined(CONFIG_IDF_TARGET_ESP8266) + { + if (ret == ESP_ERR_NVS_NO_FREE_PAGES) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } } + #else + { + /* Non-ESP8266 initialization is slightly different */ + if (ret == ESP_ERR_NVS_NO_FREE_PAGES || + ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } + } + #endif /* else not CONFIG_IDF_TARGET_ESP8266 */ ESP_ERROR_CHECK(ret); #if defined(CONFIG_IDF_TARGET_ESP32H2) @@ -202,8 +256,8 @@ void app_main(void) ESP_LOGI(TAG, "Trying WiFi again..."); ret = wifi_init_sta(); } - #endif -#endif + #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */ +#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */ /* Once we are connected to the network, start & wait for NTP time */ ret = set_time_wait_for_ntp(); @@ -215,34 +269,46 @@ void app_main(void) esp_show_current_datetime(); } - /* HWM is maximum amount of stack space that has been unused, in bytes - * not words (unlike vanilla freeRTOS). */ - ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", - CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL)) - ); - ESP_LOGI(TAG, "Starting TLS Server...\n"); - #if defined(SINGLE_THREADED) /* just call the task */ tls_smp_server_task((void*)NULL); #else tls_args args[1] = {0}; /* start a thread with the task */ + /* HWM is maximum amount of stack space that has been unused, in bytes + * not words (unlike vanilla freeRTOS). */ + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", + CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL)) + ); + ESP_LOGI(TAG, "Starting TLS Server task...\n"); + ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", + &this_heap, this_heap); + + + tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */ #endif + /* Done */ +#ifdef SINGLE_THREADED + ESP_LOGV(TAG, "\n\nDone!\n\n"); + while (1); +#else + ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); + vTaskDelete(NULL); /* done */ while (1) { + ESP_LOGV(TAG, "\n\nLoop...\n\n"); + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); -#if defined(SINGLE_THREADED) - ESP_LOGV(TAG, "\n\nDone!\n\n"); - while (1); -#else - /* Delete this main task to free up memory */ - ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); - vTaskDelete(NULL); -#endif + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL) )); + #endif + vTaskDelay(60000); } /* done while */ +#endif /* else not SINGLE_THREADED */ } /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index b966e4e17..8e1a14e91 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -39,10 +39,28 @@ #endif /* wolfSSL */ -#include -#include -#include - +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +#if defined(WOLFSSL_WC_KYBER) + #include + #include +#endif +#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + #include +#endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif @@ -286,15 +304,19 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) my_atmel_slotInit(); atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif +#endif +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Initial stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL) ); #endif ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES - - uxTaskGetStackHighWaterMark(NULL) ); WOLFSSL_MSG("Waiting for a connection..."); +#if ESP_IDF_VERSION_MAJOR >=4 + /* TODO: IP Address is problematic in RTOS SDK 3.4 */ wifi_show_ip(); - +#endif /* Accept client socket connections */ if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { @@ -319,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) } } #else - ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ."); #endif /* show what cipher connected for this WOLFSSL* object */ ShowCiphers(ssl); @@ -363,6 +385,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ close(connd); /* Close the connection to the client */ +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL)); +#endif } /* !shutdown */ /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ @@ -398,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) xTaskHandle _handle; #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 41a0e0975..75ab617b4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -19,7 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* common Espressif time_helper v5.6.3.002 */ +/* See https://tf.nist.gov/tf-cgi/servers.cgi */ + +/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" #include "time_helper.h" @@ -36,25 +38,23 @@ #include #endif #else - /* TODO Consider pre IDF v5? */ + /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues - */ -const static char* TAG = "time_helper"; +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ #ifndef TIME_ZONE -/* - * PST represents Pacific Standard Time. - * +8 specifies the offset from UTC (Coordinated Universal Time), indicating - * that Pacific Time is UTC-8 during standard time. - * PDT represents Pacific Daylight Time. - * M3.2.0 indicates that Daylight Saving Time (DST) starts on the - * second (2) Sunday (0) of March (3). - * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) - */ + /* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), indicating + * that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) + */ #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" #endif /* not defined: TIME_ZONE, so we are setting our own */ @@ -87,11 +87,13 @@ const static char* TAG = "time_helper"; char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; +const static char* TAG = "time_helper"; + /* our NTP server list is global info */ extern char* ntpServerList[NTP_SERVER_COUNT]; /* Show the current date and time */ -int esp_show_current_datetime() +int esp_show_current_datetime(void) { time_t now; char strftime_buf[64]; @@ -104,7 +106,7 @@ int esp_show_current_datetime() localtime_r(&now, &timeinfo); strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); - return 0; + return ESP_OK; } /* the worst-case scenario is a hard-coded date/time */ @@ -113,9 +115,9 @@ int set_fixed_default_time(void) /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ struct tm timeinfo = { - .tm_year = 2023 - 1900, + .tm_year = 2024 - 1900, .tm_mon = 10, - .tm_mday = 02, + .tm_mday = 11, .tm_hour = 13, .tm_min = 01, .tm_sec = 05 @@ -130,7 +132,38 @@ int set_fixed_default_time(void) ESP_LOGI(TAG, "Adjusting time from fixed value"); now = (struct timeval){ .tv_sec = interim_time }; ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "settimeofday result = %d", ret); + return ret; +} +/* probably_valid_time_string(s) + * + * some sanity checks on time string before calling sscanf() + * + * returns 0 == ESP_OK == Success if str is likely a valid time. + * -1 == ESP_FAIL otherwise + */ +int probably_valid_time_string(const char* str) +{ + int ret = ESP_OK; + size_t length = 0; + size_t spaces = 0; + size_t colons = 0; + + while (str[length] != '\0') { + if (str[length] == ' ') { + spaces++; + } + if (str[length] == ':') { + colons++; + } + length++; + } + + if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) { + ret = ESP_FAIL; + ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str); + } return ret; } @@ -138,60 +171,67 @@ int set_fixed_default_time(void) * * returns 0 = success if able to set the time from the provided string * error for any other value, typically -1 */ -int set_time_from_string(char* time_buffer) +int set_time_from_string(const char* time_buffer) { /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + char offset[28]; /* large arrays, just in case there's still bad data */ + char day_str[28]; + char month_str[28]; const char *format = "%3s %3s %d %d:%d:%d %d %s"; struct tm this_timeinfo; struct timeval now; time_t interim_time; - char offset[6]; /* expecting trailing single quote, not used */ - char day_str[4]; - char month_str[4]; int day, year, hour, minute, second; int quote_offset = 0; int ret = 0; - /* we are expecting the string to be encapsulated in single quotes */ - if (*time_buffer == 0x27) { - quote_offset = 1; - } - - ret = sscanf(time_buffer + quote_offset, - format, - day_str, month_str, - &day, &hour, &minute, &second, &year, &offset); - - if (ret == 8) { - /* we found a match for all componets */ - - const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - - for (int i = 0; i < 12; i++) { - if (strcmp(month_str, months[i]) == 0) { - this_timeinfo.tm_mon = i; - break; - } + /* perform some basic sanity checkes */ + ret = probably_valid_time_string(time_buffer); + if (ret == ESP_OK) { + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; } - this_timeinfo.tm_mday = day; - this_timeinfo.tm_hour = hour; - this_timeinfo.tm_min = minute; - this_timeinfo.tm_sec = second; - this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); - interim_time = mktime(&this_timeinfo); - now = (struct timeval){ .tv_sec = interim_time }; - ret = settimeofday(&now, NULL); - ESP_LOGI(TAG, "Time updated to %s", time_buffer); - } - else { - ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer); - ESP_LOGI(TAG, "Trying fixed date that was hard-coded."); - set_fixed_default_time(); - ret = -1; + if (ret == 8) { + /* we found a match for all componets */ + + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } + } + + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ + + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", + time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded...."); + set_fixed_default_time(); + ret = ESP_FAIL; + } } + return ret; } @@ -224,14 +264,16 @@ int set_time(void) #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE /* initialy set a default approximate time from recent git commit */ - ESP_LOGI(TAG, "Found git hash date, attempting to set system date."); - set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE); + ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s", + LIBWOLFSSL_VERSION_GIT_HASH_DATE); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0"); esp_show_current_datetime(); ret = -4; #else /* otherwise set a fixed time that was hard coded */ set_fixed_default_time(); + esp_show_current_datetime(); ret = -3; #endif @@ -242,7 +284,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization * * WARNING: do not set operating mode while SNTP client is running! */ @@ -262,6 +304,7 @@ int set_time(void) } ESP_LOGI(TAG, "%s", thisServer); sntp_setservername(i, thisServer); + ret = ESP_OK; } #ifdef HAS_ESP_NETIF_SNTP ret = esp_netif_sntp_init(&config); @@ -289,6 +332,9 @@ int set_time(void) ESP_LOGW(TAG, "No sntp time servers found."); ret = -1; } + + esp_show_current_datetime(); + ESP_LOGI(TAG, "time helper existing with result = %d", ret); return ret; } @@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void) ret = esp_netif_sntp_start(); ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#else + ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined"); #endif /* HAS_ESP_NETIF_SNTP */ esp_show_current_datetime(); @@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void) #endif if (ret == ESP_OK) { - ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + ESP_LOGI(TAG, "Successfully set time via NTP servers."); } else { ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 1b33f9805..2c66126d9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -18,24 +18,42 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #include "wifi_connect.h" +#include "wifi_connect.h" +/* FreeRTOS */ #include #include #include -#include + +/* Espressif */ #include +#include +#include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#if ESP_IDF_VERSION_MAJOR >= 5 +/* When there's too little heap, WiFi quietly refuses to connect */ +#define WIFI_LOW_HEAP_WARNING 21132 + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#elif ESP_IDF_VERSION_MAJOR >= 5 + /* example path set in cmake file */ #elif ESP_IDF_VERSION_MAJOR >= 4 #include "protocol_examples_common.h" #else @@ -43,7 +61,9 @@ static EventGroupHandle_t wifi_event_group; #endif -#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) +#if defined(CONFIG_IDF_TARGET_ESP8266) + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) #if ESP_IDF_VERSION_MAJOR >= 4 /* likely using examples, see wifi_connect.h */ #else @@ -63,7 +83,114 @@ /* breadcrumb prefix for logging */ const static char *TAG = "wifi_connect"; -#if ESP_IDF_VERSION_MAJOR < 4 +#if defined(CONFIG_IDF_TARGET_ESP8266) +#ifndef CONFIG_ESP_MAX_STA_CONN + #define CONFIG_ESP_MAX_STA_CONN 4 +#endif +#define EXAMPLE_MAX_STA_CONN CONFIG_ESP_MAX_STA_CONN + +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 +#ifndef CONFIG_ESP_MAXIMUM_RETRY + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; +static int s_retry_num = 0; + +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG,"connect to the AP fail"); + } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +int wifi_init_sta(void) +{ + word32 this_heap; + + s_wifi_event_group = xEventGroupCreate(); + + tcpip_adapter_init(); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS + }, + }; + + /* Setting a password implies station will connect to all security modes including WEP/WPA. + * However these modes are deprecated and not advisable to be used. Incase your Access point + * doesn't support WPA2, these mode can be enabled by commenting below line */ + + if (strlen((char *)wifi_config.sta.password)) { + wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK; + } + + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished. Connecting..."); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "this heap = %d", this_heap); + if (this_heap < WIFI_LOW_HEAP_WARNING) { + ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING); + } + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum + * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + ESP_LOGI(TAG, "xEventGroupWaitBits finished."); + /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually + * happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s", + EXAMPLE_ESP_WIFI_SSID); + } else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } + + ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler)); + ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler)); + vEventGroupDelete(s_wifi_event_group); + return ESP_OK; +} + +#elif ESP_IDF_VERSION_MAJOR < 4 /* event handler for wifi events */ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) { @@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf.html */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: @@ -269,7 +396,8 @@ int wifi_init_sta(void) int wifi_show_ip(void) { - /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */ - return 0; + /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR, + * IP2STR(&event->ip_info.ip)); */ + return ESP_OK; } #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults index f8bce25ff..273489943 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults @@ -1,25 +1,133 @@ +# Set the known example app config to TLS Server (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y + +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55500 +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 new file mode 100644 index 000000000..a24d9302e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 new file mode 100644 index 000000000..77299dfe4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 6e70b4a62..4260db5ca 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,15 +1,82 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.1 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) -include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". +include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md index ee66039f0..298ea015c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -1,5 +1,6 @@ # wolfSSL Crypt Test Example + This is the ESP32 Version of the [wolfSSL wolfcrypt test application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). For general information on [wolfSSL examples for Espressif](../README.md), see the @@ -8,7 +9,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## ESP Registry The easiest way to get started with wolfSSL is by using the -[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples. +[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples. ``` . ~/esp/esp-idf/export.sh @@ -22,13 +23,13 @@ idf.py -b 115200 flash monitor Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button. No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. -## ESP-IDF Commandline +## ESP-IDF Commandline (version 4.4 or greater for the ESP32) 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program @@ -42,16 +43,17 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor Example build on WSL, assuming `git clone` from `c:\workspace`: ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh # switch to test example -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh # set target chipset idf.py set-target esp32s3 @@ -65,6 +67,33 @@ idf.py idf.py build flash -p /dev/ttyS24 -b 115200 monitor ``` +## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266) + + +``` +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 +. $WRK_IDF_PATH/export.sh + +# install as needed / prompted +/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh + +cd IDE/Espressif/ESP-IDF/examples/ESP8266 + +# adjust settings as desired +idf.py menuconfig + +idf.py build flash -p /dev/ttyS55 -b 115200 +``` + +## Putty (via WSL) + +Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows. +Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`. + +```bash +export ESPIDF_PUTTY_MONITOR=true +``` + ## Example Output Note the default wolfSSL `user_settings.h` is configured by default to be the most diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index 5f42ad345..8b90966f9 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. + else() + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -589,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig new file mode 100644 index 000000000..cdd039d73 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md new file mode 100644 index 000000000..d77912416 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk index 2540584c8..bab08b552 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) # NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 9cf87e8fd..71b82c68e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif #endif +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -773,3 +1065,11 @@ Turn on timer debugging (used when CPU cycles not available) #else #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" #endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 2fe1790be..3690d140f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl crypt test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk index df684f1e0..d9b752f16 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -6,4 +6,4 @@ # in the build directory. This behavior is entirely configurable, # please read the ESP-IDF documents if you need to do this. # -# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) +# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h index 94d913235..ac09e7843 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_test main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 315ff304c..0e18bedcc 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -1,4 +1,4 @@ -/* main.c +/* test main.c * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -26,17 +26,20 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ /* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS +#if defined(WOLFSSL_USER_SETTINGS) #include - #ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" #endif - #include - #include - #include - #include - #include #else /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ @@ -44,8 +47,9 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include "driver/uart.h" - +/* Hardware; include after other libraries, + * particularly after freeRTOS from settings.h */ +#include /* set to 0 for one test, ** set to 1 for continuous test loop */ @@ -76,9 +80,13 @@ /* ** although the wolfcrypt/test includes a default time setting, -** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */ - +** see the enclosed optional time helper for adding NNTP. +** be sure to add "time_helper.c" in main/CMakeLists.txt +*/ #undef WOLFSSL_USE_TIME_HELPER +#if defined(WOLFSSL_USE_TIME_HELPER) + #include "time_helper.h" +#endif /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); @@ -155,13 +163,16 @@ void app_main(void) .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + int loops = 0; esp_err_t ret = 0; - wc_ptr_t stack_start = esp_sdk_stack_pointer(); + + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ - /* Some targets may need to have UART speed set. TODO: which? */ + /* Some targets may need to have UART speed set, such as ESP8266 */ ESP_LOGI(TAG, "UART init"); uart_param_config(UART_NUM_0, &uart_config); uart_driver_install(UART_NUM_0, @@ -186,6 +197,7 @@ void app_main(void) #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif + #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, @@ -195,13 +207,13 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif esp32/api-reference/system/freertos_idf.html */ stack_start = uxTaskGetStackHighWaterMark(NULL); ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); #endif -#ifdef HAVE_VERSION_EXTENDED_INFO +#if defined(HAVE_VERSION_EXTENDED_INFO) esp_ShowExtendedSystemInfo(); #endif @@ -230,38 +242,45 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task"); #else /* Although wolfCrypt_Init() may be explicitly called above, - ** Note it is still always called in wolf_test_task. + ** note it is still always called in wolf_test_task. */ - int loops = 0; + stack_start = uxTaskGetStackHighWaterMark(NULL); + do { - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + + ret = wolf_test_task(); + #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) esp_hw_show_metrics(); #endif - ret = wolf_test_task(); + loops++; /* count of the number of tests run before fail. */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); ESP_LOGI(TAG, "loops = %d", loops); - loops++; - } - while (TEST_LOOP && (ret == 0)); + } while (TEST_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, + ** and is called in wolf_test_task(). */ #if defined TEST_LOOP && (TEST_LOOP == 1) ESP_LOGI(TAG, "Test loops completed: %d", loops); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ +#if defined(SINGLE_THREADED) + /* need stack monitor for single thread */ +#else + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); +#endif #if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #endif #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -278,7 +297,7 @@ void app_main(void) "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* done */ + /* After completion, we'll just wait */ while (1) { #if defined(SINGLE_THREADED) while (1); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index 2a5ad756d..6f5dcdb8f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,19 +1,32 @@ -# sdkconfig.defaults for ESP8266 + ESP32 +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP32. +# See separate sdkconfig.defaults.esp8266 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -31,6 +44,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -46,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 new file mode 100644 index 000000000..77299dfe4 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md index f8ec01cec..7d0988aaf 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md @@ -15,8 +15,8 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c index ba8c82a76..4c29ecc97 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c @@ -24,15 +24,26 @@ #include "sdkconfig.h" /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF -#warning "problem with wolfSSL user settings. Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + /* Unlike other examples with wolfSSL as a local component, this */ + /* example tests wolSSL *in* the ESP-IDF. If you get an error: */ + /* wolfssl/wolfcrypt/settings.h: No such file or directory */ + /* Then wolfSSL is missing from the ESP-IDF components */ + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include + #include +#else + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \ +CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include - /* ** the wolfssl component can be installed in either: ** @@ -152,8 +163,8 @@ void app_main(void) /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) + /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */ #elif defined(CONFIG_IDF_TARGET_ESP32S3) ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ @@ -173,7 +184,7 @@ void app_main(void) #if defined(NO_ESP32_CRYPT) ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); #else - #if defined(CONFIG_IDF_TARGET_ESP32C3) + #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) #error "ESP32_CRYPT not yet supported on ESP32-C3" #elif defined(CONFIG_IDF_TARGET_ESP32S2) #error "ESP32_CRYPT not yet supported on ESP32-S2" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index 70a6cb816..95977ee9c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -94,7 +94,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time */ sntp_setoperatingmode(SNTP_OPMODE_POLL); diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md index 8a12a50fe..e499c970e 100644 --- a/IDE/Espressif/ESP-IDF/test/README.md +++ b/IDE/Espressif/ESP-IDF/test/README.md @@ -7,4 +7,4 @@ When you want to run the app 2. `idf.py menuconfig` to configure unit test app. 3. `idf.py -T wolfssl build` to build wolfssl unit test app. -See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app. +See Espressif for more information about unit test app. diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md index 5bb1622f3..530c1012c 100644 --- a/IDE/Espressif/README.md +++ b/IDE/Espressif/README.md @@ -28,18 +28,16 @@ resource. ## Requirements The wolfSSL Espressif code requires the ESP-IDF to be installed for -[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html) -or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html). +Windows or Linux / MacOS. -See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/). +See the Espressif Getting Started Guide. -Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html) -for a list of feature-rich Integrated Development Environments. +Any editor can be used. The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations to help get started quickly. -Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html) -can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically +Although not required, a JTAG Adapter can be helpful for development. +When not using a built-in JTAG from Espressif, the examples typically use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme). ## Examples: @@ -52,7 +50,7 @@ There are a variety of examples to help get started: The wolfSSL library can be installed as a managed component: -* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl) +* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) ## Notes: @@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t Connecting...................................... A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode. -For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html CMake Error at run_serial_tool.cmake:56 (message): /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py @@ -188,7 +185,7 @@ Task watchdog got triggered. Guru Meditation Error: Core 0 panic'ed (unknown). Exception was unhandled. ``` -The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis +The watchdog needs to be fed on a regular basis with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`. Try turning off the WDT in menuconfig, or for Makefiles: @@ -199,4 +196,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG #### Other Solutions -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +See also Espressif `esp-faq-en-master.pdf` diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index ab57c84ab..eea296f2c 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -22,17 +22,21 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -43,23 +47,27 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_ # Benchmark EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln @@ -72,17 +80,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_ # TLS Client EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk @@ -95,6 +104,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -105,18 +118,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include @@ -129,6 +139,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln @@ -139,24 +157,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln @@ -174,7 +196,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg -# Other test +# Other test for wolfSSL installed in the ESP-IDF EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h index 25babd211..020a81b46 100644 --- a/examples/configs/user_settings_platformio.h +++ b/examples/configs/user_settings_platformio.h @@ -513,8 +513,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index a95d86ff2..3c27d8373 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -14,18 +14,18 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric More details about ESP32 HW Acceleration can be found in: -* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf) -* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf) -* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf) -* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf) -* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf) -* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf) -* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf) +* `esp32_technical_reference_manual_en.pdf` +* `esp32-s2_technical_reference_manual_en.pdf` +* `esp32-s3_technical_reference_manual_en.pdf` +* `esp8684_technical_reference_manual_en.pdf` +* `esp32-c3_technical_reference_manual_en.pdf` +* `esp32-c6_technical_reference_manual_en.pdf` +* `esp32-h2_technical_reference_manual_en.pdf` ### Building Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples). -See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h). diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 952a12c1c..458719d3e 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -3039,12 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } /* 8. clear and release HW */ + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGI(TAG, "Unlock esp_mp_exptmod"); + #endif if (exptmod_lock_called) { ret = esp_mp_hw_unlock(); } else { + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "Lock not called"); + #endif } /* end if CONFIG_IDF_TARGET_ESP32C6 */ diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index ad371c760..c1aec3e39 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -20,7 +20,7 @@ */ /* - * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf + * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf * see page 335: no SHA-512 * */ diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md index 55635e89e..9f52338e9 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md @@ -6,7 +6,7 @@ and with the intention of using Certificate Bundles in the esp-tls component. See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig) file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl) -when not using a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). ## Getting Started diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index c0a092b75..97b406312 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -67,7 +67,7 @@ esp_err_t esp_crt_bundle_attach(void *conf) * * See the latest code at: * https://github.com/wolfSSL/wolfssl or - * https://components.espressif.com/components/wolfssl/wolfssl + * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ */ #if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 9c574451a..678de3b9a 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -74,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void) /* ESP-IDF uses a 64-bit signed integer to represent time_t * starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues) */ -/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +/* see gnu TZ-Variable */ #ifndef TIME_ZONE /* * PST represents Pacific Standard Time. @@ -379,7 +379,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference system_time (sntp-time-synchronization) * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 06c9f81e8..d56d549b2 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -28,7 +28,7 @@ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#if defined(USE_WOLFSSL_ESP_SDK_WIFI) +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4 /* Espressif */ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ @@ -59,8 +59,8 @@ esp_err_t esp_sdk_wifi_lib_init(void) #if defined(CONFIG_IDF_TARGET_ESP8266) #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) /* example path set in cmake file */ -#elif ESP_IDF_VERSION_MAJOR >= 4 - #include "protocol_examples_common.h" +#elif ESP_IDF_VERSION_MAJOR > 4 +/* #include "protocol_examples_common.h" */ #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -266,7 +266,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 3d6c4e1de..99d2ca20a 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1009,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); /* * Errata Mitigation. See - * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf + * esp32_errata_en.pdf + * esp32-c3_errata_en.pdf + * esp32-s3_errata_en.pdf */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index 632b371f5..a9857a2d1 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -31,8 +31,7 @@ * wolfSSL libraries. It is used when the wolfssl libary component is configured * to be utilized by the Espressif ESP-IDF, specifically the esp-tls layer. * - * See: - * https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/protocols/esp_tls.html + * See: esp-idf api-reference for esp_tls. * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h * ******************************************************************************* diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 440a3e558..ece446faa 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -540,7 +540,7 @@ * used in the esp-wolfssl or other places in the ESP-IDF. They should * be always be included for backward compatibility. * - * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html + * See also: Espressif api-reference kconfig docs. * * These settings should be checked and assigned wolfssl equivalents before * any others. From b8d3b990ea6eba48cbe6e3af3d72fd104bb6f588 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 16 Oct 2024 12:40:02 +1000 Subject: [PATCH 151/325] Unit test: fix coverity issue test_wolfSSL_i2d_ASN1_TYPE: don't use str after freeing it. --- tests/api.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index 15c2191cf..14f275a47 100644 --- a/tests/api.c +++ b/tests/api.c @@ -55178,8 +55178,8 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void) #if defined(OPENSSL_EXTRA) /* Taken from one of sssd's certs othernames */ unsigned char str_bin[] = { - 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, - 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 + 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, + 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 }; ASN1_TYPE* asn1type = NULL; unsigned char* der = NULL; @@ -55190,10 +55190,12 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void) ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE)); ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1); ExpectNotNull(asn1type = ASN1_TYPE_new()); - if (EXPECT_FAIL()) { + if (asn1type != NULL) { + ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); + } + else { ASN1_STRING_free(str); } - ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); } ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin)); From 1ce90cc8a51dbc5a576b4d222dfbdfe4f625ff0b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 16 Oct 2024 13:56:44 +1000 Subject: [PATCH 152/325] Thumb2 ASM: indicated by WOLFSSL_ARMASM_THUMB2 Detecting ARM or Thumb2 is not simple so making our own define that will work: WOLFSSL_ARMASM_THUMB2 to indicate to use Thumb2 assembly code. --- configure.ac | 6 ++++-- wolfcrypt/src/port/arm/armv8-32-aes-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-curve25519_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-kyber-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha256-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 5 ++--- wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c | 5 ++--- wolfcrypt/src/port/arm/armv8-poly1305.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-aes-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-aes-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-chacha-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-chacha.c | 2 +- wolfcrypt/src/port/arm/thumb2-curve25519.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-curve25519_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-kyber-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-poly1305-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-poly1305.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha256-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha3-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha512-asm.S | 4 ++-- wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c | 4 ++-- wolfcrypt/src/wc_kyber_poly.c | 2 +- wolfssl/wolfcrypt/chacha.h | 2 +- wolfssl/wolfcrypt/poly1305.h | 2 +- wolfssl/wolfcrypt/wc_kyber.h | 2 +- 40 files changed, 77 insertions(+), 91 deletions(-) diff --git a/configure.ac b/configure.ac index eb1fd6820..cc0217b44 100644 --- a/configure.ac +++ b/configure.ac @@ -3030,7 +3030,8 @@ then ;; armv7m*) # QEMU doesn't work with armv7-m - AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2" + AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7" # Include options.h AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" ENABLED_ARMASM_CRYPTO=no @@ -8388,7 +8389,8 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then ;; *cortex* | *armv7m*) if test "$ENABLED_ARMASM" = "no"; then - AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2" + AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index 45441ead1..64a0f630a 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_AES #ifdef HAVE_AES_DECRYPT @@ -5306,7 +5305,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index 3c34f3ef6..7f2fd804c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -4850,7 +4849,7 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S index 3c4119eb1..f035fbe23 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_CHACHA .text @@ -515,7 +514,7 @@ L_chacha_arm32_over_done: .size wc_chacha_use_over,.-wc_chacha_use_over #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index aebcff155..dfbee2da0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -566,7 +565,7 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index 1dea1e1d1..3a5d8382b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) @@ -9181,7 +9180,7 @@ sc_muladd: #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 6871aaade..f627c5346 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -9426,7 +9425,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S index ec2f1352b..2a73781e2 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_WC_KYBER .text @@ -9434,7 +9433,7 @@ L_kyber_arm32_rej_uniform_done: pop {r4, r5, r6, r7, r8, pc} .size kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index 4650b9bc8..95df90c50 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -9229,7 +9228,7 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, } #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index a7a1b9433..731836b9e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_POLY1305 .text @@ -349,7 +348,7 @@ poly1305_final: pop {r4, r5, r6, r7, r8, r9, pc} .size poly1305_final,.-poly1305_final #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index aaf596d4c..186bb5b3b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -385,7 +384,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) } #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index 62fc8eb1c..1a24afebf 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_SHA256 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -2867,7 +2866,7 @@ L_SHA256_transform_neon_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 05086af07..d85a28a81 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -2808,7 +2807,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 46a75cedc..0a966b769 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON @@ -2395,7 +2394,7 @@ L_sha3_arm32_begin: .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index e9e227ec3..97be28562 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -2353,7 +2352,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 3316e6006..ff26eaf3c 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -31,8 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -9368,7 +9367,7 @@ L_SHA512_transform_neon_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index 32506f64e..737fb0950 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -32,8 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && (!defined(__thumb__) || \ - defined(__THUMB_INTERWORK__)) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -9165,7 +9164,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && (!__thumb__ || __THUMB_INTERWORK__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c index 9527bbd9d..a258f3607 100644 --- a/wolfcrypt/src/port/arm/armv8-poly1305.c +++ b/wolfcrypt/src/port/arm/armv8-poly1305.c @@ -1120,7 +1120,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) } #else -#ifdef __thumb__ +#ifdef WOLFSSL_ARMASM_THUMB2 /* Process 16 bytes of message at a time. * * @param [in] ctx Poly1305 context. @@ -1226,7 +1226,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) for (; i < POLY1305_BLOCK_SIZE; i++) { ctx->buffer[i] = 0; } - #ifdef __thumb__ + #ifdef WOLFSSL_ARMASM_THUMB2 poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0); #else diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S index 34f860884..362a0ab80 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -3360,7 +3360,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c index ddf9d1141..e590ad8a8 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -3347,6 +3347,6 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S index 4c3c2e7e7..b26d8079b 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -566,7 +566,7 @@ L_chacha_thumb2_over_done: /* Cycle Count = 108 */ .size wc_chacha_use_over,.-wc_chacha_use_over #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c index 0dcdc4e3e..9ae0e23c0 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -726,6 +726,6 @@ void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len) } #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c index a189ccddd..041a25e03 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha.c +++ b/wolfcrypt/src/port/arm/thumb2-chacha.c @@ -26,7 +26,7 @@ #include -#if defined(WOLFSSL_ARMASM) && defined(__thumb__) +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_THUMB2) #ifdef HAVE_CHACHA #include diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S index 239203e48..298e9add7 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519.S +++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -6476,7 +6476,7 @@ sc_muladd: #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index d7ca98a6c..df8273840 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -7105,6 +7105,6 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S index 93e0a53e9..e3097c321 100644 --- a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -3894,7 +3894,7 @@ L_kyber_thumb2_rej_uniform_done: /* Cycle Count = 225 */ .size kyber_thumb2_rej_uniform,.-kyber_thumb2_rej_uniform #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c index 5c0895779..2c0147baf 100644 --- a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -3846,6 +3846,6 @@ unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* } #endif /* WOLFSSL_WC_KYBER */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S index c1aec82bf..42dc8f061 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -360,7 +360,7 @@ poly1305_final: /* Cycle Count = 82 */ .size poly1305_final,.-poly1305_final #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c index acf82c4a8..1862a8663 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -417,6 +417,6 @@ void poly1305_final(Poly1305* ctx, byte* mac) } #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c index 0091a3283..2b262c560 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c @@ -27,7 +27,7 @@ #include #ifdef WOLFSSL_ARMASM -#ifdef __thumb__ +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef HAVE_POLY1305 #include @@ -138,5 +138,5 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) } #endif /* HAVE_POLY1305 */ -#endif /* __aarch64__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S index 4809afbc7..d004d6b67 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -1481,7 +1481,7 @@ L_SHA256_transform_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c index 903b58e3d..cdf8b4cc1 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -1475,6 +1475,6 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S index de12f723c..a04b5adb8 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -1167,7 +1167,7 @@ L_sha3_thumb2_begin: /* Cycle Count = 1505 */ .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c index a22b9acc5..f9459f3f3 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -1163,6 +1163,6 @@ void BlockSha3(word64* state) } #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S index 9170e9457..b3c355411 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -3668,7 +3668,7 @@ L_SHA512_transform_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c index bd998025a..0fc857cc0 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -3590,6 +3590,6 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index ef38d8cd6..52c8af356 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -3371,7 +3371,7 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) #define kyber_csubq_c kyber_csubq_neon -#elif defined(__thumb__) +#elif defined(WOLFSSL_ARMASM_THUMB2) #define kyber_csubq_c kyber_thumb2_csubq diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index db4e5dd66..1c6ae1745 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -114,7 +114,7 @@ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter); void wc_chacha_setkey(word32* x, const byte* key, word32 keySz); #endif -#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(__thumb__) +#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2) void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len); void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len); diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index 70ed1efa8..d4db48762 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -156,7 +156,7 @@ void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, size_t bytes); void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m); #else -#if defined(__thumb__) +#if defined(WOLFSSL_ARMASM_THUMB2) #define poly1305_blocks poly1305_blocks_thumb2 #define poly1305_block poly1305_block_thumb2 diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 71d3fe73b..79a03cbd0 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -310,7 +310,7 @@ WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz); WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p); WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg); WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); -#elif defined(__thumb__) && defined(WOLFSSL_ARMASM) +#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM) #define kyber_ntt kyber_thumb2_ntt #define kyber_invntt kyber_thumb2_invntt #define kyber_basemul_mont kyber_thumb2_basemul_mont From 64a9e6f7c48b495ef323c8f9d65e0775284c5f80 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 16 Oct 2024 14:08:55 +1000 Subject: [PATCH 153/325] BN API: fix BN_bin2bn to handle NULL data properly BN_bin2bn was freeing the BN and returning it. Added test for this. --- src/ssl_bn.c | 4 +++- tests/api.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ssl_bn.c b/src/ssl_bn.c index e45e19da5..74eadcead 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -516,12 +516,14 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, ret = NULL; } else { - /* Don't free bn as we may be returning it. */ + /* Don't free bn as we are returning it. */ bn = NULL; } } else if (data == NULL) { wolfSSL_BN_zero(ret); + /* Don't free bn as we are returning it. */ + bn = NULL; } } diff --git a/tests/api.c b/tests/api.c index fc68a4471..eca756cfd 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61606,6 +61606,11 @@ static int test_wolfSSL_BN_enc_dec(void) ExpectNull(BN_bn2dec(NULL)); ExpectNull(BN_bn2dec(&emptyBN)); + ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL)); + BN_clear(c); + BN_free(c); + c = NULL; + ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a)); BN_free(a); ExpectNotNull(a = BN_new()); From d6fe15af8c8d9f319b19a94e702aac3262ec4acc Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 16 Oct 2024 11:23:33 -0500 Subject: [PATCH 154/325] coverity: check mp_sub_d return values. --- wolfcrypt/test/test.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 687a59ede..c8dc36742 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -56315,16 +56315,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC /* a = 2^(bits*2) - 1 */ mp_zero(a); mp_set_bit(a, bits[i] * 2); - mp_sub_d(a, 1, a); + ret = mp_sub_d(a, 1, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + /* m = 2^(bits) - 1 */ mp_zero(m); mp_set_bit(m, bits[i]); - mp_sub_d(m, 1, m); + ret = mp_sub_d(m, 1, m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp = 1; /* result = r = 2^(bits) - 1 */ mp_zero(r); mp_set_bit(r, bits[i]); - mp_sub_d(r, 1, r); + ret = mp_sub_d(r, 1, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); ret = mp_montgomery_reduce(a, m, mp); if (ret != MP_OKAY) From db6df887a61a01e72366b8ba1fdd35361cb32cd5 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 16 Oct 2024 10:00:19 -0400 Subject: [PATCH 155/325] Correct kyber levels. Was copy and paste error. --- src/ssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index dccec07af..b19d33400 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21830,12 +21830,12 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { #endif #ifdef WOLFSSL_HAVE_KYBER {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, #if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, #endif #endif #ifdef WOLFSSL_SM2 From 115507e0c0533c85718b6b21f7ecf22c9e41dc1b Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 16 Oct 2024 13:08:06 -0500 Subject: [PATCH 156/325] coverity: null check. --- src/ssl_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 3e4de554a..95f9cca15 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -282,7 +282,7 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, len = 0; break; } - if (buf != NULL && !mem->ex && mem->tag >= 0) { + if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) { /* Encode the implicit tag */ byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ]; SetImplicit(tmp[0], mem->tag, 0, imp, 0); From 554ebc2e9e6addc248124636345d4db31429db5c Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 16 Oct 2024 16:27:44 -0500 Subject: [PATCH 157/325] coverity: fix double free of encryptedContent. --- wolfcrypt/src/pkcs7.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 4858fe354..bb370540e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -13698,6 +13698,7 @@ authenv_atrbend: /* free memory, zero out keys */ ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13726,8 +13727,11 @@ authenv_atrbend: } #else if (ret < 0) { - ForceZero(encryptedContent, (word32)encryptedContentSz); - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + if (encryptedContent != NULL) { + ForceZero(encryptedContent, (word32)encryptedContentSz); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; + } ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); } #endif From 4ca0176668ecfc3c22176c4b747e58d0c3cfd87b Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 16 Oct 2024 17:37:17 -0400 Subject: [PATCH 158/325] Need 'libfile' for license.pl --- Docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index e6c3cd35d..1d17aae4e 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_UDP_PROXY="wget libevent-dev" ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" -ARG DEPS_TOOLS="ccache clang-tidy maven" +ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ && apt clean -y && rm -rf /var/lib/apt/lists/* From fa65da7bb028cef084d1603a389a1db7d455f24d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 17 Oct 2024 00:06:32 -0500 Subject: [PATCH 159/325] analyzer-driven cleanups of --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch: Dtls13HashClientHello(): fix wc_HashType handling; Dtls13SendFragment(): fix identicalConditionAfterEarlyExit; GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator); test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference, test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive, test_AEAD_limit_client(): fix an united-data defect found by valgrind. --- src/dtls13.c | 20 ++++++++++---------- src/internal.c | 4 ++-- tests/api.c | 13 +++++++------ 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/src/dtls13.c b/src/dtls13.c index f091ed62f..6f2f01489 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -495,22 +495,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz, wc_HashAlg hashCtx; int type = wolfSSL_GetHmacType_ex(specs); + if (type < 0) + return type; + header[0] = (byte)client_hello; c32to24(length, header + 1); - ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId); + ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN); if (ret == 0) - ret = wc_HashUpdate(&hashCtx, type, body, length); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length); if (ret == 0) - ret = wc_HashFinal(&hashCtx, type, hash); + ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash); if (ret == 0) { - *hashSz = wc_HashGetDigestSize(type); + *hashSz = wc_HashGetDigestSize((enum wc_HashType)type); if (*hashSz < 0) ret = *hashSz; } - wc_HashFree(&hashCtx, type); + wc_HashFree(&hashCtx, (enum wc_HashType)type); } return ret; } @@ -568,9 +571,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size, else { msg = output + recordHeaderLength; - if (length <= recordHeaderLength) - return BUFFER_ERROR; - if (hashOutput) { ret = Dtls13HashHandshake(ssl, msg, recordLength); if (ret != 0) @@ -1713,7 +1713,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, isFirst = fragOff == 0; isComplete = isFirst && fragLength == messageLength; - if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { + if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) { #ifdef WOLFSSL_DTLS_CH_FRAG byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ diff --git a/src/internal.c b/src/internal.c index 38a79997a..011dce610 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11471,8 +11471,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->options.tls1_3) { ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); if (ret == 0 || - ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || - ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) + ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) && + (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)))) return ret; } diff --git a/tests/api.c b/tests/api.c index 8ce4bb97f..cf2fa25fb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -87647,6 +87647,7 @@ static void test_AEAD_limit_client(WOLFSSL* ssl) /* Test the sending limit for AEAD ciphers */ Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; test_AEAD_seq_num = 1; + XMEMSET(msgBuf, 0, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); didReKey = 0; @@ -90812,14 +90813,13 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void) XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectNotNull(ssl_s); ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c)); ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8), WOLFSSL_SUCCESS); wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); - if (ssl_s != NULL) { - max_fragment = ssl_s->max_fragment; - } + max_fragment = ssl_s->max_fragment; /* send CH */ ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); @@ -95173,11 +95173,12 @@ static int test_dtls_frag_ch(void) /* Limit options to make the CH a fixed length */ /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2 * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */ - ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" #ifdef OPENSSL_EXTRA - ":DHE-RSA-AES256-GCM-SHA384" + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" + ":DHE-RSA-AES256-GCM-SHA384")); +#else + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384")); #endif - )); /* CH1 */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); From 06de22e72be26cef007b43b0bbc70fa2e1f1c08d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 17 Oct 2024 10:57:19 -0500 Subject: [PATCH 160/325] api.c:test_wolfSSL_dtls_stateless_maxfrag(): add missing condition (clang-analyzer-core.NullDereference). --- tests/api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index cf2fa25fb..6d765a8d5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -90819,7 +90819,9 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void) WOLFSSL_SUCCESS); wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); - max_fragment = ssl_s->max_fragment; + if (EXPECT_SUCCESS()) { + max_fragment = ssl_s->max_fragment; + } /* send CH */ ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); From 8ed406c69d94f0b04f15d83415d4f733e73bedd7 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 17 Oct 2024 12:08:21 -0400 Subject: [PATCH 161/325] Fix test issues --- .github/workflows/curl.yml | 3 +-- .github/workflows/hostap-vm.yml | 3 +-- .github/workflows/ipmitool.yml | 2 ++ .github/workflows/jwt-cpp.yml | 2 +- .github/workflows/mosquitto.yml | 3 +-- .github/workflows/multi-compiler.yml | 2 ++ .github/workflows/pam-ipmi.yml | 3 +-- .github/workflows/zephyr.yml | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 06cd338cb..b6fe4cc2d 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -52,8 +52,7 @@ jobs: - name: Install test dependencies run: | sudo apt-get update - sudo apt-get install nghttp2 libpsl5 libpsl-dev - sudo pip install impacket + sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket - name: Download lib uses: actions/download-artifact@v4 diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 94f305d1f..4c52175d4 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -196,8 +196,7 @@ jobs: # hostap dependencies sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \ - libnl-route-3-dev libdbus-1-dev bridge-utils tshark - sudo pip3 install pycryptodome + libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome - name: Checkout hostap uses: actions/checkout@v4 diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 36411261c..1dc2c18e5 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -51,6 +51,8 @@ jobs: runs-on: ubuntu-latest needs: build_wolfssl steps: + - name: Install dependencies + run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8 - name: Download lib uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 2b82ca6b3..020e066b5 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -44,7 +44,7 @@ jobs: strategy: fail-fast: false matrix: - ref: [ 0.6.0 ] + ref: [ 0.7.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 44a47ce92..6d9961cc9 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -68,8 +68,7 @@ jobs: run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make - sudo pip install --upgrade psutil + sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil - name: Checkout mosquitto uses: actions/checkout@v4 diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 3edf533f2..060683302 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -51,6 +51,8 @@ jobs: # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: + - name: Install dependencies + run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }} - uses: actions/checkout@v4 - name: Build env: diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index af127651f..5c773ea59 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -56,8 +56,7 @@ jobs: # Don't prompt for anything export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install libpam-dev ninja-build - sudo pip3 install meson + sudo apt-get install libpam-dev ninja-build python3-meson - name: Download lib uses: actions/download-artifact@v4 diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 52f1a21eb..0582154c8 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -46,7 +46,7 @@ jobs: libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \ libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \ net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \ - python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \ + python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \ texinfo unzip wget ovmf xz-utils - name: Install west From 752b2c075c7ac5a1671287175b1dd2fb55b12acd Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 17 Oct 2024 15:09:03 -0400 Subject: [PATCH 162/325] Add exception to forked repos --- .github/workflows/sssd.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 31011e187..7ab859133 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -14,6 +14,7 @@ concurrency: jobs: build_wolfssl: + if: github.repository_owner == 'wolfssl' name: Build wolfSSL # Just to keep it the same as the testing target runs-on: ubuntu-latest @@ -39,6 +40,7 @@ jobs: retention-days: 5 sssd_check: + if: github.repository_owner == 'wolfssl' strategy: fail-fast: false matrix: From b215398bd4e8005e453fc4f5ade15b117683cfb1 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 17 Oct 2024 16:49:27 -0400 Subject: [PATCH 163/325] Don't need to upload/download artifacts --- .github/workflows/sssd.yml | 39 ++++++-------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 7ab859133..73408b051 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -13,32 +13,6 @@ concurrency: # END OF COMMON SECTION jobs: - build_wolfssl: - if: github.repository_owner == 'wolfssl' - name: Build wolfSSL - # Just to keep it the same as the testing target - runs-on: ubuntu-latest - # This should be a safe limit for the tests to run. - timeout-minutes: 4 - steps: - - name: Build wolfSSL - uses: wolfSSL/actions-build-autotools-project@v1 - with: - path: wolfssl - configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT - install: true - check: false - - - name: tar build-dir - run: tar -zcf build-dir.tgz build-dir - - - name: Upload built lib - uses: actions/upload-artifact@v4 - with: - name: wolf-install-sssd - path: build-dir.tgz - retention-days: 5 - sssd_check: if: github.repository_owner == 'wolfssl' strategy: @@ -54,7 +28,6 @@ jobs: LD_LIBRARY_PATH: /usr/local/lib # This should be a safe limit for the tests to run. timeout-minutes: 20 - needs: build_wolfssl steps: - name: Install dependencies run: | @@ -71,13 +44,13 @@ jobs: ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h - - name: Download lib - uses: actions/download-artifact@v4 + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 with: - name: wolf-install-sssd - - - name: untar build-dir - run: tar -xf build-dir.tgz + path: wolfssl + configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT + install: true + check: false - name: Checkout OSP uses: actions/checkout@v4 From 984d16b72715ca08d4fff705adf069c79ed0291a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 17 Oct 2024 18:48:07 -0500 Subject: [PATCH 164/325] refactor wolfcrypt constructors: add delete APIs, matching recently added wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey: * wc_AesDelete() * wc_HashDelete() * wc_DeleteRsaKey() * wc_curve25519_delete() * wc_ed25519_delete() * remove handling in corresponding preexisting free APIs for recently added .isAllocated member -- this restores preexisting semantics; * add WC_NO_CONSTRUCTORS gate, and auto-activate it when NO_WOLFSSL_MEMORY && WOLFSSL_NO_MALLOC (unless preempted by XMALLOC_USER or XMALLOC_OVERRIDE); * exclude recently added .isAllocated members from wolfcrypt structs when defined(WC_NO_CONSTRUCTORS); * adjust wolfcrypt/test/test.c for consistency with the above, and fix cleanup codes/dynamics in several tests. --- wolfcrypt/src/aes.c | 27 +-- wolfcrypt/src/curve25519.c | 22 +-- wolfcrypt/src/ed25519.c | 25 ++- wolfcrypt/src/hash.c | 41 ++--- wolfcrypt/src/rsa.c | 22 ++- wolfcrypt/test/test.c | 322 +++++++++++++++++---------------- wolfssl/wolfcrypt/aes.h | 5 +- wolfssl/wolfcrypt/curve25519.h | 12 +- wolfssl/wolfcrypt/ed25519.h | 12 +- wolfssl/wolfcrypt/hash.h | 12 +- wolfssl/wolfcrypt/rsa.h | 10 +- wolfssl/wolfcrypt/types.h | 6 + 12 files changed, 284 insertions(+), 232 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 89af92a03..5d4f4a1e3 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11299,6 +11299,7 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ +#ifndef WC_NO_CONSTRUCTORS Aes* wc_AesNew(void* heap, int devId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -11314,6 +11315,17 @@ Aes* wc_AesNew(void* heap, int devId) return aes; } +int wc_AesDelete(Aes** aes) +{ + if ((aes == NULL) || (*aes == NULL)) + return BAD_FUNC_ARG; + wc_AesFree(*aes); + XFREE(*aes, (*aes)->heap, DYNAMIC_TYPE_AES); + *aes = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) { @@ -11448,18 +11460,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) /* Free Aes from use with async hardware */ void wc_AesFree(Aes* aes) { - void* heap; - byte isAllocated; - if (aes == NULL) { return; } - heap = aes->heap; - isAllocated = aes->isAllocated; - #ifdef WC_DEBUG_CIPHER_LIFECYCLE - (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); + (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) @@ -11497,7 +11503,7 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - XFREE(aes->streamData, heap, DYNAMIC_TYPE_AES); + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); aes->streamData = NULL; #endif @@ -11524,11 +11530,6 @@ void wc_AesFree(Aes* aes) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif - - if (isAllocated) { - XFREE(aes, heap, DYNAMIC_TYPE_AES); - } - } int wc_AesGetKeySize(Aes* aes, word32* keySize) diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index db3205a04..d4db9b28b 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -655,6 +655,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ +#ifndef WC_NO_CONSTRUCTORS curve25519_key* wc_curve25519_new(void* heap, int devId) { curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, @@ -671,6 +672,16 @@ curve25519_key* wc_curve25519_new(void* heap, int devId) return key; } +int wc_curve25519_delete(curve25519_key** key) { + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_curve25519_free(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_CURVE25519); + *key = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) @@ -707,15 +718,9 @@ int wc_curve25519_init(curve25519_key* key) /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) { - void* heap; - byte isAllocated = 0; - if (key == NULL) return; - heap = key->heap; - isAllocated = key->isAllocated; - #ifdef WOLFSSL_SE050 se050_curve25519_free_key(key); #endif @@ -729,11 +734,6 @@ void wc_curve25519_free(curve25519_key* key) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); #endif - - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); - (void)heap; - } } /* get key size */ diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index a00045388..02b318774 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -968,7 +968,7 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ -#ifndef WOLFSSL_NO_MALLOC +#ifndef WC_NO_CONSTRUCTORS ed25519_key* wc_ed25519_new(void* heap, int devId) { ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, @@ -984,7 +984,16 @@ ed25519_key* wc_ed25519_new(void* heap, int devId) } return key; } -#endif + +int wc_ed25519_delete(ed25519_key** key) { + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_ed25519_free(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_ED25519); + *key = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) @@ -1025,15 +1034,9 @@ int wc_ed25519_init(ed25519_key* key) /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) { - void* heap; - byte isAllocated = 0; - if (key == NULL) return; - heap = key->heap; - isAllocated = key->isAllocated; - #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); #endif @@ -1046,12 +1049,6 @@ void wc_ed25519_free(ed25519_key* key) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(ed25519_key)); #endif - - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_ED25519); - (void)heap; - } - } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 4249c39ea..73429c3ac 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -686,7 +686,7 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } -#ifndef WOLFSSL_NO_MALLOC +#ifndef WC_NO_CONSTRUCTORS wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) { wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, @@ -702,7 +702,19 @@ wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) } return hash; } -#endif + +int wc_HashDelete(wc_HashAlg **hash) { + int ret; + if ((hash == NULL) || (*hash == NULL)) + return BAD_FUNC_ARG; + ret = wc_HashFree(*hash, (*hash)->type); + if (ret < 0) + return ret; + XFREE(*hash, (*hash)->heap, DYNAMIC_TYPE_HASHES); + *hash = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) @@ -712,9 +724,14 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; - hash->isAllocated = 0; hash->type = type; +#ifdef WC_NO_CONSTRUCTORS + (void)heap; +#else + hash->heap = heap; +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 @@ -808,7 +825,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, ret = BAD_FUNC_ARG; }; - (void)heap; (void)devId; return ret; @@ -1043,8 +1059,6 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ - void* heap = NULL; - byte isAllocated = 0; if (hash == NULL) return BAD_FUNC_ARG; @@ -1056,47 +1070,39 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif - isAllocated = hash->isAllocated; - switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - heap = hash->alg.md5.heap; wc_Md5Free(&hash->alg.md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - heap = hash->alg.sha.heap; wc_ShaFree(&hash->alg.sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - heap = hash->alg.sha224.heap; wc_Sha224Free(&hash->alg.sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - heap = hash->alg.sha256.heap; wc_Sha256Free(&hash->alg.sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - heap = hash->alg.sha384.heap; wc_Sha384Free(&hash->alg.sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - heap = hash->alg.sha512.heap; wc_Sha512Free(&hash->alg.sha512); ret = 0; #endif @@ -1123,7 +1129,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - heap = hash->alg.sha3.heap; wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; #endif @@ -1149,7 +1154,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - heap = hash->alg.sm3.heap; wc_Sm3Free(&hash->alg.sm3); ret = 0; break; @@ -1172,11 +1176,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; - if (isAllocated) { - XFREE(hash, heap, DYNAMIC_TYPE_HASHES); - (void)heap; - } - return ret; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 3cd4c324b..9770d321b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -154,6 +154,7 @@ static void wc_RsaCleanup(RsaKey* key) #endif } +#ifndef WC_NO_CONSTRUCTORS RsaKey* wc_NewRsaKey(void* heap, int devId) { RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); @@ -169,6 +170,17 @@ RsaKey* wc_NewRsaKey(void* heap, int devId) return key; } +int wc_DeleteRsaKey(RsaKey** key) +{ + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_FreeRsaKey(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_RSA); + *key = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { int ret = 0; @@ -542,16 +554,11 @@ int wc_RsaGetKeyId(RsaKey* key, word32* keyId) int wc_FreeRsaKey(RsaKey* key) { int ret = 0; - void* heap; - byte isAllocated = 0; if (key == NULL) { return BAD_FUNC_ARG; } - heap = key->heap; - isAllocated = key->isAllocated; - wc_RsaCleanup(key); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) @@ -615,11 +622,6 @@ int wc_FreeRsaKey(RsaKey* key) wc_fspsm_RsaKeyFree(key); #endif - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_RSA); - (void)heap; - } - return ret; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c8dc36742..436f0c55f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -937,8 +937,8 @@ static void myFipsCb(int ok, int err, const char* hash) #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) -#ifndef NO_AES -static struct Aes *wc_AesNew(void *heap, int thisDevId) { +#if !defined(NO_AES) && !defined(WC_NO_CONSTRUCTORS) +static WC_MAYBE_UNUSED struct Aes *wc_AesNew(void *heap, int thisDevId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); if (aes != NULL) { if (wc_AesInit(aes, heap, thisDevId) != 0) { @@ -948,10 +948,19 @@ static struct Aes *wc_AesNew(void *heap, int thisDevId) { } return aes; } -#endif +static WC_MAYBE_UNUSED int wc_AesDelete(Aes** aes) +{ + if ((aes == NULL) || (*aes == NULL)) + return BAD_FUNC_ARG; + wc_AesFree(*aes); + XFREE(*aes, (*aes)->heap, DYNAMIC_TYPE_AES); + *aes = NULL; + return 0; +} +#endif /* !NO_AES && !WC_NO_CONSTRUCTORS */ -#ifndef NO_RSA -static RsaKey* wc_NewRsaKey(void* heap, int thisDevId) +#if !defined(NO_RSA) && !defined(WC_NO_CONSTRUCTORS) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId) { RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); if (key != NULL) { @@ -962,11 +971,19 @@ static RsaKey* wc_NewRsaKey(void* heap, int thisDevId) } return key; } -#endif +static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey** key) +{ + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_FreeRsaKey(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_RSA); + *key = NULL; + return 0; +} +#endif /* !NO_RSA && !WC_NO_CONSTRUCTORS */ #endif /* FIPS_VERSION3_LT(6,0,0) */ - #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; @@ -6039,7 +6056,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) ret = MEMORY_E; return WC_TEST_RET_ENC_EC(ret); } - hash->isAllocated = 0; /* free manually */ #else XMEMSET(hash, 0, sizeof(wc_HashAlg)); #endif @@ -6320,10 +6336,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (hash != NULL) { - hash->isAllocated = 1; /* free manually */ - (void)wc_HashFree(hash, hash->type); - } + (void)wc_HashDelete(&hash); #endif return 0; @@ -9545,16 +9558,18 @@ EVP_TEST_END: out: + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); + #else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + #endif #ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); + #else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + #endif #endif #endif /* WOLFSSL_AES_256 */ @@ -9873,14 +9888,16 @@ EVP_TEST_END: out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -10133,14 +10150,16 @@ EVP_TEST_END: out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -10343,14 +10362,16 @@ EVP_TEST_END: out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -10486,9 +10507,10 @@ static wc_test_ret_t aes_key_size_test(void) ret = 0; /* success */ out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&aes); +#else wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -13526,14 +13548,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif return ret; @@ -14100,14 +14124,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -14176,13 +14202,12 @@ static wc_test_ret_t aes_ecb_direct_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); + wc_AesDelete(&dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -14374,14 +14399,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif #endif /* HAVE_AES_CBC */ @@ -14579,14 +14606,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif #endif /* HAVE_AES_CBC */ @@ -14714,13 +14743,12 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); + wc_AesDelete(&dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -15652,13 +15680,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); + wc_AesDelete(&dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -15877,9 +15904,10 @@ static wc_test_ret_t aesccm_256_test(void) } #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&aes); +#else wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -16044,19 +16072,9 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(iv2, 0, sizeof(iv2)); wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); - if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); -#else - XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif #ifndef HAVE_SELFTEST /* selftest build does not have wc_AesCcmSetNonce() or @@ -16179,9 +16197,10 @@ static wc_test_ret_t aesccm_128_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(&enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -21553,7 +21572,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || out == NULL || plain == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif XMEMCPY(in, inStr, inLen); @@ -21561,25 +21580,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) key = wc_NewRsaKey(HEAP_HINT, devId); if (key == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) keypub = wc_NewRsaKey(HEAP_HINT, devId); if (keypub == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif #ifdef WOLFSSL_TEST_CERT if (cert == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif + +#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ /* initialize stack structures */ XMEMSET(&rng, 0, sizeof(rng)); - /* memset also clears isAllocated bit, so free must be called manually */ - XMEMSET(key, 0, sizeof(RsaKey)); -#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - XMEMSET(keypub, 0, sizeof(RsaKey)); -#endif #if !defined(NO_ASN) ret = rsa_decode_test(key); @@ -21850,7 +21876,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) ret = rsa_oaep_padding_test(key, &rng); if (ret != 0) - return ret; + goto exit_rsa; #endif /* !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ @@ -21860,14 +21886,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_export_key_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_flatten_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \ @@ -22130,16 +22156,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) exit_rsa: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (key != NULL) { - wc_FreeRsaKey(key); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_RSA); - } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_DeleteRsaKey(&key); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - if (keypub != NULL) { - wc_FreeRsaKey(keypub); - XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_RSA); - } + wc_DeleteRsaKey(&keypub); #endif #ifdef WOLFSSL_TEST_CERT XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -35059,21 +35079,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) (void)x; WOLFSSL_ENTER("curve25519_test"); -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) userA = wc_curve25519_new(HEAP_HINT, devId); userB = wc_curve25519_new(HEAP_HINT, devId); pubKey = wc_curve25519_new(HEAP_HINT, devId); if (userA == NULL || userB == NULL || pubKey == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), cleanup); } #else wc_curve25519_init_ex(userA, HEAP_HINT, devId); @@ -35081,35 +35092,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); #endif +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + /* make curve25519 keys */ ret = wc_curve25519_make_key(&rng, 32, userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { printf("wc_curve25519_shared_secret 1 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } y = sizeof(sharedB); if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { printf("wc_curve25519_shared_secret 2 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #endif #ifdef HAVE_CURVE25519_KEY_EXPORT @@ -35117,12 +35136,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) x = sizeof(exportBuf); ret = wc_curve25519_export_public(userA, exportBuf, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_KEY_IMPORT ret = wc_curve25519_import_public(exportBuf, x, pubKey); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif #endif @@ -35132,104 +35151,104 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); } if (XMEMCMP(sharedA, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* import RFC test vectors and compare shared key */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test swapping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test with 1 generated key and 1 from known test vector */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); wc_curve25519_free(userB); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - userB = wc_curve25519_new(HEAP_HINT, devId); - if (userB == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } -#else wc_curve25519_init_ex(userB, HEAP_HINT, devId); -#endif ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); x = sizeof(sharedA); ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); ret = curve25519_overflow_test(); if (ret != 0) - return ret; + goto cleanup; ret = curve25519_check_public_test(); if (ret != 0) - return ret; + goto cleanup; #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \ defined(HAVE_CURVE25519_KEY_IMPORT) ret = curve255519_der_test(); if (ret != 0) - return ret; + goto cleanup; #endif +cleanup: + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_curve25519_delete(&pubKey); + wc_curve25519_delete(&userB); + wc_curve25519_delete(&userA); +#else wc_curve25519_free(pubKey); wc_curve25519_free(userB); wc_curve25519_free(userA); +#endif wc_FreeRng(&rng); - return 0; + return ret; } #endif /* HAVE_CURVE25519 */ @@ -36387,15 +36406,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* HAVE_ED25519_VERIFY */ wc_ed25519_free(key3); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key3 = wc_ed25519_new(HEAP_HINT, devId); - if (key3 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } -#else wc_ed25519_init_ex(key3, HEAP_HINT, devId); -#endif idx = 0; ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, @@ -36410,13 +36421,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) if (XMEMCMP(out, sigs[0], 64)) return WC_TEST_RET_ENC_NC; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(&key3); +#else wc_ed25519_free(key3); +#endif #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(&key); + wc_ed25519_delete(&key2); +#else wc_ed25519_free(key); wc_ed25519_free(key2); +#endif #if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index c01482c34..a4327d0ee 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -726,8 +726,11 @@ WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); #endif -WOLFSSL_API Aes* wc_AesNew(void* heap, int devId); WOLFSSL_API void wc_AesFree(Aes* aes); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId); +WOLFSSL_API int wc_AesDelete(Aes** aes); +#endif #ifdef WOLFSSL_AES_SIV typedef struct AesSivAssoc { diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index feb74aa99..adf7fe660 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -99,7 +99,9 @@ struct curve25519_key { /* bit fields */ WC_BITFIELD pubSet:1; WC_BITFIELD privSet:1; - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ +#ifndef WC_NO_CONSTRUCTORS + WC_BITFIELD isAllocated:1; +#endif }; enum { @@ -132,8 +134,6 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian); -WOLFSSL_API -curve25519_key* wc_curve25519_new(void* heap, int devId); WOLFSSL_API int wc_curve25519_init(curve25519_key* key); WOLFSSL_API @@ -142,6 +142,12 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +curve25519_key* wc_curve25519_new(void* heap, int devId); +WOLFSSL_API +int wc_curve25519_delete(curve25519_key** key); +#endif /* raw key helpers */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 1de20133a..f29dcfa3b 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -97,8 +97,9 @@ struct ed25519_key { WC_BITFIELD privKeySet:1; WC_BITFIELD pubKeySet:1; WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ - /* flag indicates if structure was allocated */ +#ifndef WC_NO_CONSTRUCTORS WC_BITFIELD isAllocated:1; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -177,14 +178,19 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ #endif /* HAVE_ED25519_VERIFY */ -WOLFSSL_API -ed25519_key* wc_ed25519_new(void* heap, int devId); WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); WOLFSSL_API void wc_ed25519_free(ed25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +ed25519_key* wc_ed25519_new(void* heap, int devId); +WOLFSSL_API +int wc_ed25519_delete(ed25519_key** key); +#endif + #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2abfafd18..3d235bc4f 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -125,7 +125,10 @@ typedef union { typedef struct { wc_Hashes alg; enum wc_HashType type; /* sanity check */ - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ +#ifndef WC_NO_CONSTRUCTORS + void *heap; + WC_BITFIELD isAllocated:1; +#endif } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -182,8 +185,6 @@ WOLFSSL_API int wc_Hash_ex(enum wc_HashType hash_type, byte* hash, word32 hash_len, void* heap, int devId); /* generic hash operation wrappers */ -WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, - int devId); WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId); WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type); @@ -192,6 +193,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, + int devId); +WOLFSSL_API int wc_HashDelete(wc_HashAlg **hash); +#endif #ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 8bb0f5fe4..be9aee32a 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,7 +269,9 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ +#ifndef WC_NO_CONSTRUCTORS + WC_BITFIELD isAllocated:1; +#endif }; #ifndef WC_RSAKEY_TYPE_DEFINED @@ -293,10 +295,14 @@ struct RsaPadding { typedef struct RsaPadding RsaPadding; #endif -WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId); WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId); +WOLFSSL_API int wc_DeleteRsaKey(RsaKey** key); +#endif + #ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e10f5f8b4..f1be16b9b 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -522,6 +522,12 @@ typedef struct w64wrapper { #elif defined(NO_WOLFSSL_MEMORY) #ifdef WOLFSSL_NO_MALLOC /* this platform does not support heap use */ + #ifdef WOLFSSL_SMALL_STACK + #error WOLFSSL_SMALL_STACK requires a heap implementation. + #endif + #ifndef WC_NO_CONSTRUCTORS + #define WC_NO_CONSTRUCTORS + #endif #ifdef WOLFSSL_MALLOC_CHECK #ifndef NO_STDIO_FILESYSTEM #include From f44d12026ab0f72f8765202064fce3df4bdbe870 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 18 Oct 2024 17:49:28 -0500 Subject: [PATCH 165/325] wolfssl/wolfcrypt/{aes.h,curve25519.h,ed25519.h,hash.h,rsa.h}: remove unneeded .isAllocated member from struct definitions, and add int *result_code argument to constructor prototypes; wolfssl/wolfcrypt/aes.h: add Aes.streamData_sz; src/tls13.c: fix devId passed to wc_HmacInit() in CreateCookieExt() and TlsCheckCookie(); src/keys.c: in SetKeys(), call wc_HmacInit() on hmacs only if newly allocated; wolfcrypt/src/aes.c: * in wc_Gmac(), wc_GmacVerify(), and AesSivCipher(), use wc_AesNew() and wc_AesDelete(); * in wc_AesInit(), zero the object on entry, and remove superseded piecemeal initializations to zero; * in wc_AesFree(), zero aes->streamData, and zero the entire object as final cleanup; wolfcrypt/src/curve25519.c: in wc_curve25519_free(), zero the entire object rather than zeroing piecemeal; wolfcrypt/test/test.c: * add fallback implementations (for old FIPS) of wc_HashNew(), wc_HashDelete(), wc_curve25519_new(), wc_curve25519_delete(), wc_ed25519_new(), and wc_ed25519_delete(); * update constructor calls throughout for new semantics; * refactor ed25519_test() for proper cleanup and error encoding. --- src/keys.c | 4 - src/tls13.c | 6 +- wolfcrypt/src/aes.c | 155 +++++-------- wolfcrypt/src/curve25519.c | 24 +- wolfcrypt/src/ed25519.c | 18 +- wolfcrypt/src/hash.c | 19 +- wolfcrypt/src/rsa.c | 18 +- wolfcrypt/test/test.c | 390 ++++++++++++++++++++++----------- wolfssl/wolfcrypt/aes.h | 6 +- wolfssl/wolfcrypt/curve25519.h | 6 +- wolfssl/wolfcrypt/ed25519.h | 6 +- wolfssl/wolfcrypt/hash.h | 3 +- wolfssl/wolfcrypt/rsa.h | 5 +- wolfssl/wolfcrypt/types.h | 4 + 14 files changed, 376 insertions(+), 288 deletions(-) diff --git a/src/keys.c b/src/keys.c index b13fbdf5b..b5b982c1b 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3318,9 +3318,7 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (enc->hmac == NULL) return MEMORY_E; - } - if (enc) { if (wc_HmacInit(enc->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER); @@ -3334,9 +3332,7 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (dec->hmac == NULL) return MEMORY_E; - } - if (dec) { if (wc_HmacInit(dec->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER); diff --git a/src/tls13.c b/src/tls13.c index 90e4568f4..e8268939b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2534,7 +2534,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -2930,7 +2929,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -3612,7 +3610,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, macSz = WC_SHA256_DIGEST_SIZE; #endif /* NO_SHA256 */ - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -6394,7 +6392,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz) return HRR_COOKIE_ERROR; cookieSz -= macSz; - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 5d4f4a1e3..44dc31cb6 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10026,7 +10026,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) if ((ret == 0) && (aes->streamData == NULL)) { /* Allocate buffers for streaming. */ - aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap, + aes->streamData_sz = 5 * AES_BLOCK_SIZE; + aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap, DYNAMIC_TYPE_AES); if (aes->streamData == NULL) { ret = MEMORY_E; @@ -10513,7 +10514,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, WC_RNG* rng) { #ifdef WOLFSSL_SMALL_STACK - Aes *aes = NULL; + Aes *aes; #else Aes aes[1]; #endif @@ -10526,25 +10527,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; -#endif - + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); - if (ret == 0) - ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); - if (ret == 0) - ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, +#endif + if (ret != 0) + return ret; + + ret = wc_AesGcmSetKey(aes, key, keySz); + if (ret == 0) + ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); + if (ret == 0) + ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - aes->isAllocated = 0; - wc_AesFree(aes); - } - ForceZero(aes, sizeof *aes); + #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(&aes); +#else + wc_AesFree(aes); #endif return ret; @@ -10570,24 +10570,21 @@ int wc_GmacVerify(const byte* key, word32 keySz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; -#endif - + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - aes->isAllocated = 0; - wc_AesFree(aes); } - ForceZero(aes, sizeof *aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(&aes); +#else + wc_AesFree(aes); #endif #else (void)key; @@ -11300,18 +11297,24 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ #ifndef WC_NO_CONSTRUCTORS -Aes* wc_AesNew(void* heap, int devId) +Aes* wc_AesNew(void* heap, int devId, int *result_code) { + int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); - if (aes != NULL) { - if (wc_AesInit(aes, heap, devId) != 0) { + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, devId); + if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; } - else { - aes->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return aes; } @@ -11326,7 +11329,7 @@ int wc_AesDelete(Aes** aes) } #endif /* !WC_NO_CONSTRUCTORS */ -/* Initialize Aes for use with async hardware */ +/* Initialize Aes */ int wc_AesInit(Aes* aes, void* heap, int devId) { int ret = 0; @@ -11334,18 +11337,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId) if (aes == NULL) return BAD_FUNC_ARG; - aes->isAllocated = 0; - aes->heap = heap; - aes->rounds = 0; + XMEMSET(aes, 0, sizeof(*aes)); -#ifdef WOLFSSL_AESNI - /* clear here for the benefit of wc_AesGcmInit(). */ - aes->use_aesni = 0; -#endif + aes->heap = heap; #ifdef WOLF_CRYPTO_CB aes->devId = devId; - aes->devCtx = NULL; #else (void)devId; #endif @@ -11358,51 +11355,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId) aes->alFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET; #endif -#ifdef WOLFSSL_KCAPI_AES - aes->handle = NULL; - aes->init = 0; -#endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; #endif -#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif #if defined(WOLFSSL_IMXRT_DCP) DCPAesInit(aes); #endif -#ifdef WOLFSSL_MAXQ10XX_CRYPTO - XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx)); -#endif - -#ifdef HAVE_AESGCM -#ifdef OPENSSL_EXTRA - XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH)); - aes->gcm.aadLen = 0; -#endif -#endif - -#ifdef WOLFSSL_AESGCM_STREAM -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes->streamData = NULL; -#endif - aes->keylen = 0; - aes->nonceSz = 0; - aes->gcmKeySet = 0; - aes->nonceSet = 0; - aes->ctrSet = 0; -#endif - #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) ret = wc_psa_aes_init(aes); #endif -#if defined(WOLFSSL_RENESAS_FSPSM) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif - #ifdef WC_DEBUG_CIPHER_LIFECYCLE if (ret == 0) ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap); @@ -11457,7 +11421,7 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) } #endif -/* Free Aes from use with async hardware */ +/* Free Aes resources */ void wc_AesFree(Aes* aes) { if (aes == NULL) { @@ -11503,8 +11467,11 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); - aes->streamData = NULL; + if (aes->streamData != NULL) { + ForceZero(aes->streamData, aes->streamData_sz); + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + aes->streamData = NULL; + } #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -11527,6 +11494,8 @@ void wc_AesFree(Aes* aes) wc_fspsm_Aesfree(aes); #endif + ForceZero(aes, sizeof(Aes)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif @@ -14018,29 +13987,17 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } + if (ret == 0) { #ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - } - } -#endif - - if (ret == 0) { + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret != 0) { WOLFSSL_MSG("Failed to initialized AES object."); } } -#ifndef WOLFSSL_SMALL_STACK - /* make aes has heap hint and isAllocated initialized for cleanup below */ - if (ret != 0) { - XMEMSET(aes, 0, sizeof(Aes)); - } -#endif - if (ret == 0 && dataSz > 0) { sivTmp[12] &= 0x7f; sivTmp[8] &= 0x7f; @@ -14071,14 +14028,10 @@ static WARN_UNUSED_RESULT int AesSivCipher( } #ifdef WOLFSSL_SMALL_STACK - if (aes != NULL) + wc_AesDelete(&aes); +#else + wc_AesFree(aes); #endif - { - wc_AesFree(aes); - #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); - #endif - } return ret; } diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index d4db9b28b..f4c7c11ab 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -656,19 +656,25 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ #ifndef WC_NO_CONSTRUCTORS -curve25519_key* wc_curve25519_new(void* heap, int devId) +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) { + int ret; curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, DYNAMIC_TYPE_CURVE25519); - if (key != NULL) { - if (wc_curve25519_init_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_init_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } @@ -725,11 +731,7 @@ void wc_curve25519_free(curve25519_key* key) se050_curve25519_free_key(key); #endif - key->dp = NULL; - ForceZero(key->k, sizeof(key->k)); - XMEMSET(&key->p, 0, sizeof(key->p)); - key->pubSet = 0; - key->privSet = 0; + ForceZero(key, sizeof(*key)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 02b318774..ce856b901 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -969,19 +969,25 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, #endif /* HAVE_ED25519_VERIFY */ #ifndef WC_NO_CONSTRUCTORS -ed25519_key* wc_ed25519_new(void* heap, int devId) +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) { + int ret; ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, DYNAMIC_TYPE_ED25519); - if (key != NULL) { - if (wc_ed25519_init_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 73429c3ac..f2eefad9c 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -687,19 +687,26 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, } #ifndef WC_NO_CONSTRUCTORS -wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) +wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, + int *result_code) { + int ret; wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, DYNAMIC_TYPE_HASHES); - if (hash != NULL) { - if (wc_HashInit_ex(hash, type, heap, devId) != 0) { + if (hash == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_HashInit_ex(hash, type, heap, devId); + if (ret != 0) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); hash = NULL; } - else { - hash->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return hash; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 9770d321b..dd5f7f8be 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -155,18 +155,24 @@ static void wc_RsaCleanup(RsaKey* key) } #ifndef WC_NO_CONSTRUCTORS -RsaKey* wc_NewRsaKey(void* heap, int devId) +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) { + int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key != NULL) { - if (wc_InitRsaKey_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 436f0c55f..b7f8131d2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -935,17 +935,27 @@ static void myFipsCb(int ok, int err, const char* hash) } #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */ -#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS) -#if !defined(NO_AES) && !defined(WC_NO_CONSTRUCTORS) -static WC_MAYBE_UNUSED struct Aes *wc_AesNew(void *heap, int thisDevId) { +#if !defined(NO_AES) +static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int devId, int *result_code) +{ + int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); - if (aes != NULL) { - if (wc_AesInit(aes, heap, thisDevId) != 0) { + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, devId); + if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; } } + + if (result_code != NULL) + *result_code = ret; + return aes; } static WC_MAYBE_UNUSED int wc_AesDelete(Aes** aes) @@ -957,18 +967,27 @@ static WC_MAYBE_UNUSED int wc_AesDelete(Aes** aes) *aes = NULL; return 0; } -#endif /* !NO_AES && !WC_NO_CONSTRUCTORS */ +#endif /* !NO_AES */ -#if !defined(NO_RSA) && !defined(WC_NO_CONSTRUCTORS) -static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId) +#if !defined(NO_RSA) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) { + int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key != NULL) { - if (wc_InitRsaKey_ex(key, heap, thisDevId) != 0) { + if (key = NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; } } + + if (result_code != NULL) + *result_code = ret; + return key; } static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey** key) @@ -980,9 +999,112 @@ static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey** key) *key = NULL; return 0; } -#endif /* !NO_RSA && !WC_NO_CONSTRUCTORS */ +#endif /* !NO_RSA */ -#endif /* FIPS_VERSION3_LT(6,0,0) */ +#if !defined(NO_HASH_WRAPPER) +static WC_MAYBE_UNUSED wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, + int *result_code) +{ + int ret; + wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, + DYNAMIC_TYPE_HASHES); + if (hash == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_HashInit_ex(hash, type, heap, devId); + if (ret != 0) { + XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + hash = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return hash; +} + +static WC_MAYBE_UNUSED int wc_HashDelete(wc_HashAlg **hash) { + int ret; + if ((hash == NULL) || (*hash == NULL)) + return BAD_FUNC_ARG; + ret = wc_HashFree(*hash, (*hash)->type); + if (ret < 0) + return ret; + XFREE(*hash, (*hash)->heap, DYNAMIC_TYPE_HASHES); + *hash = NULL; + return 0; +} +#endif /* !NO_HASH_WRAPPER */ + +#if defined(HAVE_CURVE25519) +static WC_MAYBE_UNUSED curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) +{ + int ret; + curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, + DYNAMIC_TYPE_CURVE25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +static WC_MAYBE_UNUSED int wc_curve25519_delete(curve25519_key** key) { + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_curve25519_free(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_CURVE25519); + *key = NULL; + return 0; +} +#endif /* HAVE_CURVE25519 */ + +#if defined(HAVE_ED25519) +static WC_MAYBE_UNUSED ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) +{ + int ret; + ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, + DYNAMIC_TYPE_ED25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_ED25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +static WC_MAYBE_UNUSED int wc_ed25519_delete(ed25519_key** key) { + if ((key == NULL) || (*key == NULL)) + return BAD_FUNC_ARG; + wc_ed25519_free(*key); + XFREE(*key, (*key)->heap, DYNAMIC_TYPE_ED25519); + *key = NULL; + return 0; +} +#endif /* HAVE_ED25519 */ + +#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) @@ -6051,9 +6173,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) WOLFSSL_ENTER("hash_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId); + hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret); if (hash == NULL) { - ret = MEMORY_E; return WC_TEST_RET_ENC_EC(ret); } #else @@ -9301,13 +9422,13 @@ EVP_TEST_END: WOLFSSL_ENTER("aesofb_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -9702,13 +9823,13 @@ EVP_TEST_END: #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -9999,13 +10120,13 @@ EVP_TEST_END: #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -10257,13 +10378,13 @@ EVP_TEST_END: #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -10406,9 +10527,9 @@ static wc_test_ret_t aes_key_size_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - aes = wc_AesNew(HEAP_HINT, devId); + aes = wc_AesNew(HEAP_HINT, devId, &ret); if (aes == NULL) - return WC_TEST_RET_ENC_ERRNO; + return WC_TEST_RET_ENC_EC(ret); #else ret = wc_AesInit(aes, HEAP_HINT, devId); /* 0 check OK for FIPSv1 */ @@ -13417,12 +13538,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) WOLFSSL_ENTER("aes_ctr_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); XMEMSET(dec, 0, sizeof(Aes)); @@ -13765,13 +13886,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) WOLFSSL_ENTER("aes_cbc_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -14169,13 +14290,13 @@ static wc_test_ret_t aes_ecb_direct_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else ret = wc_AesInit(enc, HEAP_HINT, devId); @@ -14341,13 +14462,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) WOLFSSL_ENTER("aes192_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -14471,13 +14592,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) WOLFSSL_ENTER("aes256_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -14650,12 +14771,12 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); XMEMSET(dec, 0, sizeof(Aes)); @@ -15082,12 +15203,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) @@ -15864,9 +15985,9 @@ static wc_test_ret_t aesccm_256_test(void) byte atag[sizeof(exp_tag)]; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes* aes = wc_AesNew(HEAP_HINT, devId); + Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret); if (aes == NULL) { - ret = WC_TEST_RET_ENC_EC(MEMORY_E); + ret = WC_TEST_RET_ENC_EC(ret); } #else Aes aes[1]; @@ -16020,9 +16141,9 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(p2, 0, sizeof(p2)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); @@ -21578,13 +21699,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) XMEMCPY(in, inStr, inLen); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key = wc_NewRsaKey(HEAP_HINT, devId); + key = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (key == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - keypub = wc_NewRsaKey(HEAP_HINT, devId); + keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (keypub == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif #ifdef WOLFSSL_TEST_CERT if (cert == NULL) @@ -35080,12 +35201,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) WOLFSSL_ENTER("curve25519_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - userA = wc_curve25519_new(HEAP_HINT, devId); - userB = wc_curve25519_new(HEAP_HINT, devId); - pubKey = wc_curve25519_new(HEAP_HINT, devId); - if (userA == NULL || userB == NULL || pubKey == NULL) { - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), cleanup); - } + userA = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + userB = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #else wc_curve25519_init_ex(userA, HEAP_HINT, devId); wc_curve25519_init_ex(userB, HEAP_HINT, devId); @@ -36175,18 +36299,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) return WC_TEST_RET_ENC_EC(ret); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key = wc_ed25519_new(HEAP_HINT, devId); - key2 = wc_ed25519_new(HEAP_HINT, devId); - if (key == NULL || key2 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } + key = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + key2 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - key3 = wc_ed25519_new(HEAP_HINT, devId); - if (key3 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } + key3 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif #else wc_ed25519_init_ex(key, HEAP_HINT, devId); @@ -36213,70 +36335,70 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], pKeySz[i], key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #ifdef WOLFSSL_ED25519_STREAMING_VERIFY /* test verify on good msg using streaming interface directly */ if (wc_ed25519_verify_msg_init(out, outlen, key, (byte)Ed25519, NULL, 0) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); for (j = 0; j < msgSz[i]; j += i) { if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); } if (wc_ed25519_verify_msg_final(out, outlen, &verify, key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key) == 0 || verify == 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_import_private_key(exportSKey, exportSSz, exportPKey, exportPSz, key2) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ } @@ -36330,36 +36452,36 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, pKeys[0], pKeySz[0], key); if (ret != 0) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } ret = ed25519ctx_test(); if (ret != 0) - return ret; + goto cleanup; ret = ed25519ph_test(); if (ret != 0) - return ret; + goto cleanup; #ifndef NO_ASN /* Try ASN.1 encoded private-only key and public key. */ @@ -36367,41 +36489,41 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3, sizeof(privateEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); idx = 0; if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3, sizeof(badPrivateEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* try with a buffer size that is too large */ idx = 0; if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3, sizeof(badPublicEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); idx = 0; ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3, sizeof(publicEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3); if (ret != 0 || verify != 1) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif /* HAVE_ED25519_VERIFY */ @@ -36412,14 +36534,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, sizeof(privPubEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) wc_ed25519_delete(&key3); @@ -36429,6 +36551,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + ret = ed25519_test_check_key(); + if (ret < 0) + goto cleanup; +#ifdef WOLFSSL_TEST_CERT + ret = ed25519_test_cert(); + if (ret < 0) + goto cleanup; +#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) + ret = ed25519_test_make_cert(); + if (ret < 0) + goto cleanup; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + +cleanup: + /* clean up keys when done */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) wc_ed25519_delete(&key); @@ -36446,21 +36584,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) (void)keySz; (void)sigSz; - ret = ed25519_test_check_key(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_TEST_CERT - ret = ed25519_test_cert(); - if (ret < 0) - return ret; -#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) - ret = ed25519_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; + return ret; } #endif /* HAVE_ED25519 */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index a4327d0ee..6f1a313bf 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -327,7 +327,7 @@ struct Aes { int alFd; /* server socket to bind to */ int rdFd; /* socket to read from */ struct msghdr msg; - int dir; /* flag for encrpyt or decrypt */ + int dir; /* flag for encrypt or decrypt */ #ifdef WOLFSSL_AFALG_XILINX_AES word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + GCM_NONCE_MID_SZ)]; @@ -382,6 +382,7 @@ struct Aes { ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; #else byte* streamData; + word32 streamData_sz; #endif word32 aSz; word32 cSz; @@ -392,7 +393,6 @@ struct Aes { WC_BITFIELD nonceSet:1; WC_BITFIELD ctrSet:1; #endif - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, * trackable by sanitizers. @@ -728,7 +728,7 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, #endif WOLFSSL_API void wc_AesFree(Aes* aes); #ifndef WC_NO_CONSTRUCTORS -WOLFSSL_API Aes* wc_AesNew(void* heap, int devId); +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); WOLFSSL_API int wc_AesDelete(Aes** aes); #endif diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index adf7fe660..e2367e21b 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -99,9 +99,6 @@ struct curve25519_key { /* bit fields */ WC_BITFIELD pubSet:1; WC_BITFIELD privSet:1; -#ifndef WC_NO_CONSTRUCTORS - WC_BITFIELD isAllocated:1; -#endif }; enum { @@ -144,10 +141,11 @@ void wc_curve25519_free(curve25519_key* key); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API -curve25519_key* wc_curve25519_new(void* heap, int devId); +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); WOLFSSL_API int wc_curve25519_delete(curve25519_key** key); #endif +WOLFSSL_API /* raw key helpers */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index f29dcfa3b..5f017e31a 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -97,9 +97,6 @@ struct ed25519_key { WC_BITFIELD privKeySet:1; WC_BITFIELD pubKeySet:1; WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ -#ifndef WC_NO_CONSTRUCTORS - WC_BITFIELD isAllocated:1; -#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -186,10 +183,11 @@ WOLFSSL_API void wc_ed25519_free(ed25519_key* key); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API -ed25519_key* wc_ed25519_new(void* heap, int devId); +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); WOLFSSL_API int wc_ed25519_delete(ed25519_key** key); #endif +WOLFSSL_API #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 3d235bc4f..2c3bd0363 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -127,7 +127,6 @@ typedef struct { enum wc_HashType type; /* sanity check */ #ifndef WC_NO_CONSTRUCTORS void *heap; - WC_BITFIELD isAllocated:1; #endif } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -195,7 +194,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, - int devId); + int devId, int *result_code); WOLFSSL_API int wc_HashDelete(wc_HashAlg **hash); #endif diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index be9aee32a..4b30e455e 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,9 +269,6 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif -#ifndef WC_NO_CONSTRUCTORS - WC_BITFIELD isAllocated:1; -#endif }; #ifndef WC_RSAKEY_TYPE_DEFINED @@ -299,7 +296,7 @@ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); #ifndef WC_NO_CONSTRUCTORS -WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId); +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); WOLFSSL_API int wc_DeleteRsaKey(RsaKey** key); #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index f1be16b9b..1b437c100 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -612,6 +612,10 @@ typedef struct w64wrapper { #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) + #error WOLFSSL_SMALL_STACK requires constructors. + #endif + #include /* declare/free variable handling for async and smallstack */ From 996986d0c1f6b507f3c949684df068f5c8868904 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 18 Oct 2024 21:13:38 -0500 Subject: [PATCH 166/325] refactor wc_AesDelete, wc_curve25519_delete, wc_ed25519_delete, wc_HashDelete, and wc_DeleteRsaKey to take two arguments, the first a required pointer to the object, the second an optional pointer to the pointer to be zeroed upon successful deletion, for the benefit of calling from C# without unsafe code. wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs: update for new calling conventions around wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey, and the corresponding delete functions. --- wolfcrypt/src/aes.c | 17 +- wolfcrypt/src/curve25519.c | 11 +- wolfcrypt/src/ed25519.c | 11 +- wolfcrypt/src/hash.c | 11 +- wolfcrypt/src/rsa.c | 11 +- wolfcrypt/test/test.c | 203 ++++++--------------- wolfssl/wolfcrypt/aes.h | 2 +- wolfssl/wolfcrypt/curve25519.h | 2 +- wolfssl/wolfcrypt/ed25519.h | 2 +- wolfssl/wolfcrypt/hash.h | 2 +- wolfssl/wolfcrypt/rsa.h | 2 +- wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | 114 +++++++----- 12 files changed, 155 insertions(+), 233 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 44dc31cb6..6a6b49403 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10542,7 +10542,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, authTag, authTagSz, authIn, authInSz); #ifdef WOLFSSL_SMALL_STACK - wc_AesDelete(&aes); + wc_AesDelete(aes, NULL); #else wc_AesFree(aes); #endif @@ -10582,7 +10582,7 @@ int wc_GmacVerify(const byte* key, word32 keySz, } #ifdef WOLFSSL_SMALL_STACK - wc_AesDelete(&aes); + wc_AesDelete(aes, NULL); #else wc_AesFree(aes); #endif @@ -11318,13 +11318,14 @@ Aes* wc_AesNew(void* heap, int devId, int *result_code) return aes; } -int wc_AesDelete(Aes** aes) +int wc_AesDelete(Aes *aes, Aes** aes_p) { - if ((aes == NULL) || (*aes == NULL)) + if (aes == NULL) return BAD_FUNC_ARG; - wc_AesFree(*aes); - XFREE(*aes, (*aes)->heap, DYNAMIC_TYPE_AES); - *aes = NULL; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; return 0; } #endif /* !WC_NO_CONSTRUCTORS */ @@ -14028,7 +14029,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( } #ifdef WOLFSSL_SMALL_STACK - wc_AesDelete(&aes); + wc_AesDelete(aes, NULL); #else wc_AesFree(aes); #endif diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index f4c7c11ab..7641055b4 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -678,12 +678,13 @@ curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) return key; } -int wc_curve25519_delete(curve25519_key** key) { - if ((key == NULL) || (*key == NULL)) +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) { + if (key == NULL) return BAD_FUNC_ARG; - wc_curve25519_free(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_CURVE25519); - *key = NULL; + wc_curve25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519); + if (key_p != NULL) + *key_p = NULL; return 0; } #endif /* !WC_NO_CONSTRUCTORS */ diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index ce856b901..09777dde7 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -991,12 +991,13 @@ ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) return key; } -int wc_ed25519_delete(ed25519_key** key) { - if ((key == NULL) || (*key == NULL)) +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) { + if (key == NULL) return BAD_FUNC_ARG; - wc_ed25519_free(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_ED25519); - *key = NULL; + wc_ed25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_ED25519); + if (key_p != NULL) + *key_p = NULL; return 0; } #endif /* !WC_NO_CONSTRUCTORS */ diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index f2eefad9c..b16c47dcb 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -710,15 +710,16 @@ wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, return hash; } -int wc_HashDelete(wc_HashAlg **hash) { +int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) { int ret; - if ((hash == NULL) || (*hash == NULL)) + if (hash == NULL) return BAD_FUNC_ARG; - ret = wc_HashFree(*hash, (*hash)->type); + ret = wc_HashFree(hash, hash->type); if (ret < 0) return ret; - XFREE(*hash, (*hash)->heap, DYNAMIC_TYPE_HASHES); - *hash = NULL; + XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES); + if (hash_p != NULL) + *hash_p = NULL; return 0; } #endif /* !WC_NO_CONSTRUCTORS */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index dd5f7f8be..f5ed3d353 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -176,13 +176,14 @@ RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) return key; } -int wc_DeleteRsaKey(RsaKey** key) +int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) { - if ((key == NULL) || (*key == NULL)) + if (key == NULL) return BAD_FUNC_ARG; - wc_FreeRsaKey(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_RSA); - *key = NULL; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; return 0; } #endif /* !WC_NO_CONSTRUCTORS */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b7f8131d2..4c3c9d771 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -938,7 +938,7 @@ static void myFipsCb(int ok, int err, const char* hash) #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS) #if !defined(NO_AES) -static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int devId, int *result_code) +static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code) { int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -946,7 +946,7 @@ static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int devId, int *result_code) ret = MEMORY_E; } else { - ret = wc_AesInit(aes, heap, devId); + ret = wc_AesInit(aes, heap, thisDevId); if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; @@ -958,27 +958,28 @@ static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int devId, int *result_code) return aes; } -static WC_MAYBE_UNUSED int wc_AesDelete(Aes** aes) +static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p) { - if ((aes == NULL) || (*aes == NULL)) + if (aes == NULL) return BAD_FUNC_ARG; - wc_AesFree(*aes); - XFREE(*aes, (*aes)->heap, DYNAMIC_TYPE_AES); - *aes = NULL; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; return 0; } #endif /* !NO_AES */ #if !defined(NO_RSA) -static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code) { int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key = NULL) { + if (key == NULL) { ret = MEMORY_E; } else { - ret = wc_InitRsaKey_ex(key, heap, devId); + ret = wc_InitRsaKey_ex(key, heap, thisDevId); if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; @@ -990,120 +991,18 @@ static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_c return key; } -static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey** key) +static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) { - if ((key == NULL) || (*key == NULL)) + if (key == NULL) return BAD_FUNC_ARG; - wc_FreeRsaKey(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_RSA); - *key = NULL; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; return 0; } #endif /* !NO_RSA */ -#if !defined(NO_HASH_WRAPPER) -static WC_MAYBE_UNUSED wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, - int *result_code) -{ - int ret; - wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, - DYNAMIC_TYPE_HASHES); - if (hash == NULL) { - ret = MEMORY_E; - } - else { - ret = wc_HashInit_ex(hash, type, heap, devId); - if (ret != 0) { - XFREE(hash, heap, DYNAMIC_TYPE_HASHES); - hash = NULL; - } - } - - if (result_code != NULL) - *result_code = ret; - - return hash; -} - -static WC_MAYBE_UNUSED int wc_HashDelete(wc_HashAlg **hash) { - int ret; - if ((hash == NULL) || (*hash == NULL)) - return BAD_FUNC_ARG; - ret = wc_HashFree(*hash, (*hash)->type); - if (ret < 0) - return ret; - XFREE(*hash, (*hash)->heap, DYNAMIC_TYPE_HASHES); - *hash = NULL; - return 0; -} -#endif /* !NO_HASH_WRAPPER */ - -#if defined(HAVE_CURVE25519) -static WC_MAYBE_UNUSED curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) -{ - int ret; - curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, - DYNAMIC_TYPE_CURVE25519); - if (key == NULL) { - ret = MEMORY_E; - } - else { - ret = wc_curve25519_init_ex(key, heap, devId); - if (ret != 0) { - XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); - key = NULL; - } - } - - if (result_code != NULL) - *result_code = ret; - - return key; -} - -static WC_MAYBE_UNUSED int wc_curve25519_delete(curve25519_key** key) { - if ((key == NULL) || (*key == NULL)) - return BAD_FUNC_ARG; - wc_curve25519_free(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_CURVE25519); - *key = NULL; - return 0; -} -#endif /* HAVE_CURVE25519 */ - -#if defined(HAVE_ED25519) -static WC_MAYBE_UNUSED ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) -{ - int ret; - ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, - DYNAMIC_TYPE_ED25519); - if (key == NULL) { - ret = MEMORY_E; - } - else { - ret = wc_ed25519_init_ex(key, heap, devId); - if (ret != 0) { - XFREE(key, heap, DYNAMIC_TYPE_ED25519); - key = NULL; - } - } - - if (result_code != NULL) - *result_code = ret; - - return key; -} - -static WC_MAYBE_UNUSED int wc_ed25519_delete(ed25519_key** key) { - if ((key == NULL) || (*key == NULL)) - return BAD_FUNC_ARG; - wc_ed25519_free(*key); - XFREE(*key, (*key)->heap, DYNAMIC_TYPE_ED25519); - *key = NULL; - return 0; -} -#endif /* HAVE_ED25519 */ - #endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ #ifdef WOLFSSL_STATIC_MEMORY @@ -6457,7 +6356,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - (void)wc_HashDelete(&hash); + (void)wc_HashDelete(hash, &hash); #endif return 0; @@ -9680,14 +9579,14 @@ EVP_TEST_END: out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -10010,13 +9909,13 @@ EVP_TEST_END: out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -10272,13 +10171,13 @@ EVP_TEST_END: out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -10484,13 +10383,13 @@ EVP_TEST_END: out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -10629,7 +10528,7 @@ static wc_test_ret_t aes_key_size_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&aes); + wc_AesDelete(aes, &aes); #else wc_AesFree(aes); #endif @@ -13670,13 +13569,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -14246,13 +14145,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -14324,8 +14223,8 @@ static wc_test_ret_t aes_ecb_direct_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); - wc_AesDelete(&dec); + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); #else wc_AesFree(enc); wc_AesFree(dec); @@ -14521,13 +14420,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -14728,13 +14627,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&dec); + wc_AesDelete(dec, &dec); #else wc_AesFree(dec); #endif @@ -14865,8 +14764,8 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); - wc_AesDelete(&dec); + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); #else wc_AesFree(enc); wc_AesFree(dec); @@ -15802,8 +15701,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); - wc_AesDelete(&dec); + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); #else wc_AesFree(enc); wc_AesFree(dec); @@ -16026,7 +15925,7 @@ static wc_test_ret_t aesccm_256_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&aes); + wc_AesDelete(aes, &aes); #else wc_AesFree(aes); #endif @@ -16319,7 +16218,7 @@ static wc_test_ret_t aesccm_128_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_AesDelete(&enc); + wc_AesDelete(enc, &enc); #else wc_AesFree(enc); #endif @@ -22278,9 +22177,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) exit_rsa: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_DeleteRsaKey(&key); + wc_DeleteRsaKey(key, &key); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - wc_DeleteRsaKey(&keypub); + wc_DeleteRsaKey(keypub, &keypub); #endif #ifdef WOLFSSL_TEST_CERT XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -35361,9 +35260,9 @@ cleanup: /* clean up keys when done */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_curve25519_delete(&pubKey); - wc_curve25519_delete(&userB); - wc_curve25519_delete(&userA); + wc_curve25519_delete(pubKey, &pubKey); + wc_curve25519_delete(userB, &userB); + wc_curve25519_delete(userA, &userA); #else wc_curve25519_free(pubKey); wc_curve25519_free(userB); @@ -36544,7 +36443,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_ed25519_delete(&key3); + wc_ed25519_delete(key3, &key3); #else wc_ed25519_free(key3); #endif @@ -36569,8 +36468,8 @@ cleanup: /* clean up keys when done */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - wc_ed25519_delete(&key); - wc_ed25519_delete(&key2); + wc_ed25519_delete(key, &key); + wc_ed25519_delete(key2, &key2); #else wc_ed25519_free(key); wc_ed25519_free(key2); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 6f1a313bf..eaa0c4715 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -729,7 +729,7 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, WOLFSSL_API void wc_AesFree(Aes* aes); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); -WOLFSSL_API int wc_AesDelete(Aes** aes); +WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p); #endif #ifdef WOLFSSL_AES_SIV diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index e2367e21b..4d18c5678 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -143,7 +143,7 @@ void wc_curve25519_free(curve25519_key* key); WOLFSSL_API curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); WOLFSSL_API -int wc_curve25519_delete(curve25519_key** key); +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); #endif WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 5f017e31a..8c660b218 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -185,7 +185,7 @@ void wc_ed25519_free(ed25519_key* key); WOLFSSL_API ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); WOLFSSL_API -int wc_ed25519_delete(ed25519_key** key); +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); #endif WOLFSSL_API diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2c3bd0363..edbc949bc 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -195,7 +195,7 @@ WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, int *result_code); -WOLFSSL_API int wc_HashDelete(wc_HashAlg **hash); +WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p); #endif #ifdef WOLFSSL_HASH_FLAGS diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 4b30e455e..3f39d5b4d 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -297,7 +297,7 @@ WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); -WOLFSSL_API int wc_DeleteRsaKey(RsaKey** key); +WOLFSSL_API int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); #endif #ifdef WOLF_PRIVATE_KEY_ID diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs index 2e5f30e93..223beafac 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs @@ -119,7 +119,9 @@ namespace wolfSSL.CSharp * RSA */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId); + private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -153,7 +155,9 @@ namespace wolfSSL.CSharp * ED25519 */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId); + private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private static extern int wc_ed25519_init(IntPtr key); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -194,7 +198,9 @@ namespace wolfSSL.CSharp * Curve25519 */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId); + private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_curve25519_init(IntPtr key); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -235,7 +241,9 @@ namespace wolfSSL.CSharp * AES-GCM */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static IntPtr wc_AesNew(IntPtr heap, int devId); + private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_AesFree(IntPtr aes); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -254,7 +262,9 @@ namespace wolfSSL.CSharp * HASH */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId); + private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_HashInit(IntPtr hash, uint hashType); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -373,7 +383,7 @@ namespace wolfSSL.CSharp /// Pointer to allocated WC_RNG or null public static IntPtr RandomNew() { - IntPtr rng; + IntPtr rng; try { @@ -386,7 +396,7 @@ namespace wolfSSL.CSharp { log(ERROR_LOG, "random new exception " + e.ToString()); rng = IntPtr.Zero; - } + } return rng; } @@ -551,7 +561,7 @@ namespace wolfSSL.CSharp public static IntPtr EccImportKey(byte[] keyASN1) { int ret; - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -577,7 +587,7 @@ namespace wolfSSL.CSharp log(ERROR_LOG, "ECC import key exception " + e.ToString()); EccFreeKey(key); /* make sure its free'd */ key = IntPtr.Zero; - } + } return key; } @@ -713,7 +723,7 @@ namespace wolfSSL.CSharp { log(ERROR_LOG, "ECC export private exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -747,7 +757,7 @@ namespace wolfSSL.CSharp { log(ERROR_LOG, "ECC export public exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -1317,12 +1327,12 @@ namespace wolfSSL.CSharp { int ret; IntPtr key = IntPtr.Zero; - IntPtr rng = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; try { /* Allocate and init new RSA key structure */ - key = wc_NewRsaKey(heap, devId); + key = wc_NewRsaKey(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { rng = RandomNew(); @@ -1348,7 +1358,7 @@ namespace wolfSSL.CSharp if (rng != IntPtr.Zero) RandomFree(rng); if (key != IntPtr.Zero) RsaFreeKey(key); key = IntPtr.Zero; - } + } return key; } @@ -1366,11 +1376,11 @@ namespace wolfSSL.CSharp public static IntPtr RsaImportKey(byte[] keyASN1) { int ret; - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { - key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID); + key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); @@ -1392,7 +1402,7 @@ namespace wolfSSL.CSharp log(ERROR_LOG, "RSA make key exception " + e.ToString()); RsaFreeKey(key); /* make sure its free'd */ key = IntPtr.Zero; - } + } return key; } @@ -1548,7 +1558,8 @@ namespace wolfSSL.CSharp { if (key != IntPtr.Zero) { - wc_FreeRsaKey(key); + wc_DeleteRsaKey(key, IntPtr.Zero); + key = IntPtr.Zero; } } /* END RSA */ @@ -1578,7 +1589,7 @@ namespace wolfSSL.CSharp throw new Exception("Failed to create RNG."); } - key = wc_ed25519_new(heap, devId); + key = wc_ed25519_new(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_ed25519_make_key(rng, 32, key); @@ -1595,7 +1606,7 @@ namespace wolfSSL.CSharp if (rng != IntPtr.Zero) RandomFree(rng); if (ret != 0) { - wc_ed25519_free(key); + wc_ed25519_delete(key, IntPtr.Zero); key = IntPtr.Zero; } } @@ -1611,7 +1622,7 @@ namespace wolfSSL.CSharp /// Private key used for signing /// 0 on success, otherwise an error code public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key) - { + { int ret; IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE); @@ -1633,7 +1644,7 @@ namespace wolfSSL.CSharp /* Clenup */ if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); - } + } return ret; } @@ -1682,7 +1693,7 @@ namespace wolfSSL.CSharp /* Cleanup */ if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); - } + } return ret; } @@ -1700,7 +1711,7 @@ namespace wolfSSL.CSharp try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); @@ -1734,7 +1745,7 @@ namespace wolfSSL.CSharp try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); @@ -1878,7 +1889,8 @@ namespace wolfSSL.CSharp /// Key to be freed public static void Ed25519FreeKey(IntPtr key) { - wc_ed25519_free(key); + wc_ed25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; } /* END ED25519 */ @@ -2104,7 +2116,7 @@ namespace wolfSSL.CSharp throw new Exception("Failed to create RNG."); } - key = wc_curve25519_new(heap, devId); + key = wc_curve25519_new(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_curve25519_make_key(rng, 32, key); @@ -2121,7 +2133,7 @@ namespace wolfSSL.CSharp if (rng != IntPtr.Zero) RandomFree(rng); if (ret != 0) { - wc_curve25519_free(key); + wc_curve25519_delete(key, IntPtr.Zero); key = IntPtr.Zero; } } @@ -2142,7 +2154,7 @@ namespace wolfSSL.CSharp try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); @@ -2176,7 +2188,7 @@ namespace wolfSSL.CSharp try { - key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); @@ -2280,7 +2292,8 @@ namespace wolfSSL.CSharp /// Key to be freed public static void Curve25519FreeKey(IntPtr key) { - wc_curve25519_free(key); + wc_curve25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; } /* END Curve25519 */ @@ -2313,7 +2326,7 @@ namespace wolfSSL.CSharp { log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -2325,7 +2338,7 @@ namespace wolfSSL.CSharp /// Allocated Curve25519 key structure or null public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) { - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -2343,7 +2356,7 @@ namespace wolfSSL.CSharp log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString()); if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); key = IntPtr.Zero; - } + } return key; } @@ -2355,7 +2368,7 @@ namespace wolfSSL.CSharp /// Allocated Curve25519 key structure or null public static IntPtr Curve25519ImportPublicKey(byte[] publicKey) { - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -2373,7 +2386,7 @@ namespace wolfSSL.CSharp log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString()); if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); key = IntPtr.Zero; - } + } return key; } @@ -2449,7 +2462,7 @@ namespace wolfSSL.CSharp try { - aesPtr = wc_AesNew(heap, devId); + aesPtr = wc_AesNew(heap, devId, IntPtr.Zero); if (aesPtr == IntPtr.Zero) { @@ -2460,7 +2473,7 @@ namespace wolfSSL.CSharp catch (Exception e) { Console.WriteLine($"AES context creation failed: {e.Message}"); - } + } return aesPtr; } @@ -2529,7 +2542,7 @@ namespace wolfSSL.CSharp /* Cleanup */ if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); - } + } return ret; } @@ -2596,7 +2609,7 @@ namespace wolfSSL.CSharp if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); - } + } return ret; } @@ -2663,7 +2676,7 @@ namespace wolfSSL.CSharp if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); - } + } return ret; } @@ -2676,7 +2689,8 @@ namespace wolfSSL.CSharp { if (aes != IntPtr.Zero) { - wc_AesFree(aes); + wc_AesDelete(aes, IntPtr.Zero); + aes = IntPtr.Zero; } } /* END AES-GCM */ @@ -2700,7 +2714,7 @@ namespace wolfSSL.CSharp try { /* Allocate new hash */ - hash = wc_HashNew(hashType, heap, devId); + hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero); if (hash == IntPtr.Zero) { throw new Exception("Failed to allocate new hash context."); @@ -2709,7 +2723,7 @@ namespace wolfSSL.CSharp catch (Exception e) { log(ERROR_LOG, "HashNew Exception: " + e.ToString()); - } + } return hash; } @@ -2740,8 +2754,11 @@ namespace wolfSSL.CSharp { /* Cleanup */ log(ERROR_LOG, "InitHash Exception: " + e.ToString()); - if (hash != IntPtr.Zero) wc_HashFree(hash, hashType); - } + if (hash != IntPtr.Zero) { + wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; + } + } return ret; } @@ -2856,7 +2873,8 @@ namespace wolfSSL.CSharp throw new Exception("Hash context is null, cannot free."); /* Free hash */ - ret = wc_HashFree(hash, hashType); + ret = wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; if (ret != 0) { throw new Exception($"Failed to free hash context. Error code: {ret}"); @@ -2865,7 +2883,7 @@ namespace wolfSSL.CSharp catch (Exception e) { log(ERROR_LOG, "HashFree Exception: " + e.ToString()); - } + } return ret; } From e1aba52e51f02b95dcec2d2430713886886cc500 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 21 Oct 2024 13:50:36 +0200 Subject: [PATCH 167/325] openvpn action: remove v2.6.0 as certs have expired --- .github/workflows/openvpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 5e731d031..974630145 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -43,7 +43,7 @@ jobs: fail-fast: false matrix: # List of refs to test - ref: [ release/2.6, v2.6.0, master ] + ref: [ release/2.6, master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-22.04 From 8fda4ce14730019e4e92ae44c75f97fb9c4afc53 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 14 Oct 2024 10:19:54 -0600 Subject: [PATCH 168/325] use heap hint with wolfSSL_CTX_check_private_key --- src/ssl.c | 4 ++-- src/x509.c | 2 +- wolfcrypt/src/asn.c | 28 +++++++++++++++------------- wolfcrypt/src/pkcs12.c | 2 +- wolfssl/wolfcrypt/asn.h | 6 ++++-- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2fe5e93d9..450ed2419 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6347,7 +6347,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0); + ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } @@ -6407,7 +6407,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1); + ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } } diff --git a/src/x509.c b/src/x509.c index 0f6fcfb65..58f5cc119 100644 --- a/src/x509.c +++ b/src/x509.c @@ -12984,7 +12984,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #ifndef NO_CHECK_PRIVATE_KEY return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, x509->pubKey.buffer, x509->pubKey.length, - (enum Key_Sum)x509->pubKeyOID) == 1 ? + (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; #else /* not compiled in */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9ec233855..1a4ce9518 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7446,9 +7446,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, * privKeySz : size of private key buffer * pubKey : buffer holding DER format public key * pubKeySz : size of public key buffer - * ks : type of key */ + * ks : type of key + * heap : heap hint to use */ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) + const byte* pubKey, word32 pubKeySz, enum Key_Sum ks, + void* heap) { int ret; (void)privKeySz; @@ -7485,14 +7487,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_InitRsaKey(a, NULL)) < 0) { + if ((ret = wc_InitRsaKey(a, heap)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return ret; } - if ((ret = wc_InitRsaKey(b, NULL)) < 0) { + if ((ret = wc_InitRsaKey(b, heap)) < 0) { wc_FreeRsaKey(a); #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); @@ -7553,7 +7555,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_ecc_init(key_pair)) < 0) { + if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC); @@ -7571,7 +7573,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz); #endif wc_ecc_free(key_pair); - ret = wc_ecc_init(key_pair); + ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID); if (ret == 0) { ret = wc_ecc_import_private_key(privDer, privSz, pubKey, @@ -7622,7 +7624,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed25519_init(key_pair)) < 0) { + if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519); #endif @@ -7672,7 +7674,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed448_init(key_pair)) < 0) { + if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448); #endif @@ -7933,7 +7935,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, * checkAlt : indicate if we check primary or alternative key */ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, - int checkAlt) + int checkAlt, void* heap) { int ret = 0; @@ -7947,7 +7949,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, word32 idx = 0; /* Dilithium has the largest public key at the moment */ word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL, + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { ret = MEMORY_E; @@ -7966,15 +7968,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, } if (ret == 0) { ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen, - (enum Key_Sum) der->sapkiOID); + (enum Key_Sum) der->sapkiOID, heap); } - XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); } else #endif { ret = wc_CheckPrivateKey(key, keySz, der->publicKey, - der->pubKeySize, (enum Key_Sum) der->keyOID); + der->pubKeySize, (enum Key_Sum) der->keyOID, heap); } (void)checkAlt; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 3cddc646b..e8cc11e9e 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { - if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { + if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) { WOLFSSL_MSG("Key Pair found"); *cert = current->buffer; *certSz = current->bufferSz; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 6df41eb29..b43b1c1bb 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2382,9 +2382,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, word32 sigOID); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, - DecodedCert* der, int checkAlt); + DecodedCert* der, int checkAlt, + void* heap); WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); + const byte* pubKey, word32 pubKeySz, + enum Key_Sum ks, void* heap); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, From 901384e704867623e4c8a4d07d3c8a5b3fbd786a Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 27 Aug 2024 15:26:46 +0200 Subject: [PATCH 169/325] Init SoftHSMv2 support - wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key - ToTraditionalInline_ex2: Add DH checking - wc_ecc_get_curve_id: check index is not negative - Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der - wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free - wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case - pkcs8_encode: Add DSA and DH support - wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer - RSA_LOW_MEM: export all integers in compat layer - Add softhsm action - Define - OPENSSL_DH_MAX_MODULUS_BITS - OPENSSL_DSA_MAX_MODULUS_BITS - OPENSSL_RSA_MAX_MODULUS_BITS - Implement - BN_mul_word - i2d_ECPKParameters - PEM_write_bio_PKCS8_PRIV_KEY_INFO - PEM_read_bio_PKCS8_PRIV_KEY_INFO - i2d_PKCS8_PRIV_KEY_INFO - RSA_padding_add_PKCS1_PSS_mgf1 - RSA_verify_PKCS1_PSS_mgf1 --- .github/workflows/softhsm.yml | 94 ++++++++++++++ src/pk.c | 234 ++++++++++++++++++++++++++++------ src/ssl.c | 87 +++++++++++-- src/ssl_bn.c | 81 +++++++++++- tests/api.c | 52 +++++++- wolfcrypt/src/asn.c | 9 ++ wolfcrypt/src/ecc.c | 2 +- wolfcrypt/src/evp.c | 11 +- wolfcrypt/src/sp_int.c | 15 ++- wolfssl/internal.h | 6 + wolfssl/openssl/bn.h | 2 + wolfssl/openssl/dh.h | 3 + wolfssl/openssl/dsa.h | 3 + wolfssl/openssl/ec.h | 2 + wolfssl/openssl/pem.h | 10 ++ wolfssl/openssl/rsa.h | 3 + wolfssl/openssl/ssl.h | 4 +- wolfssl/ssl.h | 11 ++ wolfssl/wolfcrypt/asn.h | 13 +- 19 files changed, 569 insertions(+), 73 deletions(-) create mode 100644 .github/workflows/softhsm.yml diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml new file mode 100644 index 000000000..1f30a7cff --- /dev/null +++ b/.github/workflows/softhsm.yml @@ -0,0 +1,94 @@ +name: SoftHSMv2 Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024 + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-softhsm + path: build-dir.tgz + retention-days: 5 + + softhsm_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 2.6.1 ] + name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libcppunit-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-softhsm + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout SoftHSMv2 + uses: actions/checkout@v4 + with: + repository: opendnssec/SoftHSMv2 + path: softhsm + ref: ${{ matrix.ref }} + + # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work + - name: Build softhsm + working-directory: softhsm + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch + autoreconf -if + ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir + make -j + + - name: Test softhsm + working-directory: softhsm + run: make -j check diff --git a/src/pk.c b/src/pk.c index 325e8b508..42468bfed 100644 --- a/src/pk.c +++ b/src/pk.c @@ -2598,6 +2598,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) } if (key->type == RSA_PRIVATE) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY if (ret == 1) { /* Copy private exponent. */ ret = wolfssl_bn_set_value(&rsa->d, &key->d); @@ -2619,7 +2620,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa q error"); } } - #ifndef RSA_LOW_MEM + #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) if (ret == 1) { /* Copy d mod p-1. */ ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); @@ -2641,7 +2643,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u error"); } } - #endif /* !RSA_LOW_MEM */ + #endif + #else + WOLFSSL_ERROR_MSG("rsa private key not compiled in "); + ret = 0; + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ } } if (ret == 1) { @@ -2696,6 +2702,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Enough numbers for public key */ key->type = RSA_PUBLIC; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Copy down private exponent if available. */ if ((ret == 1) && (rsa->d != NULL)) { if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { @@ -2722,7 +2729,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) ret = WOLFSSL_FATAL_ERROR; } - #ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) /* Copy down d mod p-1 if available. */ if ((ret == 1) && (rsa->dmp1 != NULL) && (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { @@ -2743,7 +2750,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u key error"); ret = WOLFSSL_FATAL_ERROR; } - #endif /* !RSA_LOW_MEM */ +#endif +#endif if (ret == 1) { /* All available numbers have been set down. */ @@ -3523,12 +3531,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, * @param [out] em Encoded message. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) + +int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; enum wc_HashType hashType; @@ -3551,6 +3562,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + if (ret == 1) { /* Get/create an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); @@ -3576,7 +3590,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, } if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - mgf = wc_hash2mgf(hashType); + mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); if (mgf == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; @@ -3647,6 +3661,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, return ret; } +int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) +{ + return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, + saltLen); +} + /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. * * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. @@ -3654,14 +3675,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, * @param [in] rsa RSA key. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] em Encoded message. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, - const WOLFSSL_EVP_MD *hashAlg, - const unsigned char *em, int saltLen) +int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) { int ret = 1; int hashLen = 0; @@ -3679,6 +3701,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ /* Set the external data from the wolfCrypt RSA key if not done. */ if ((ret == 1) && (!rsa->exSet)) { @@ -3741,7 +3766,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; } @@ -3784,6 +3809,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + +int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *em, int saltLen) +{ + return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, + saltLen); +} #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || * WOLFSSL_NGINX) */ @@ -5434,11 +5467,11 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, return ret; } -#endif /* HAVE_SELFTEST */ -/* return 1 on success, < 0 otherwise */ -int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, - WOLFSSL_DSA* dsa) +#endif /* !HAVE_SELFTEST */ + +static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet, + WOLFSSL_DSA* dsa) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int initTmpRng = 0; @@ -5449,8 +5482,6 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WC_RNG tmpRng[1]; #endif - WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); - if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5486,10 +5517,18 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } if (rng) { - if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { - WOLFSSL_MSG("DsaSign failed"); +#ifdef HAVE_SELFTEST + if (dLen != WC_SHA_DIGEST_SIZE || + wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length"); ret = WOLFSSL_FATAL_ERROR; } +#else + if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign_ex failed"); + ret = WOLFSSL_FATAL_ERROR; + } +#endif else ret = WOLFSSL_SUCCESS; } @@ -5503,6 +5542,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, return ret; } +/* return 1 on success, < 0 otherwise */ +int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, + WOLFSSL_DSA* dsa) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); + + return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa); +} + #ifndef HAVE_SELFTEST WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, int inLen, WOLFSSL_DSA* dsa) @@ -5513,12 +5561,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa) { WOLFSSL_MSG("Bad function arguments"); return NULL; } - if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) { + if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) { WOLFSSL_MSG("wolfSSL_DSA_do_sign error"); return NULL; } @@ -5537,15 +5585,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, /* 2 * sigLen for the two points r and s */ return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen); } -#endif /* !HAVE_SELFTEST */ +#endif -int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, +static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck) { int ret; - WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); - if (d == NULL || sig == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5560,13 +5606,30 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, } } - ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); - if (ret != 0 || *dsacheck != 1) { +#ifdef HAVE_SELFTEST + ret = dLen == WC_SHA_DIGEST_SIZE ? + wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; +#else + ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); +#endif + if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); - return ret; + return WOLFSSL_FATAL_ERROR; + } + if (*dsacheck != 1) { + WOLFSSL_MSG("DsaVerify sig failed"); + return WOLFSSL_FAILURE; } - return 1; + return WOLFSSL_SUCCESS; +} + +int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + + return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck); } @@ -5591,7 +5654,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex"); - if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) { + if (!digest || !sig || !dsa) { WOLFSSL_MSG("Bad function arguments"); return 0; } @@ -5643,14 +5706,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1) return 0; - if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) + if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck) != 1) || dsacheck != 1) { return 0; } return 1; } -#endif /* !HAVE_SELFTEST */ +#endif int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, unsigned char** out) @@ -8606,6 +8669,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) /* Private key size can be as much as the size of the prime. */ if (dh->length) { privSz = (word32)(dh->length / 8); /* to bytes */ + /* Special case where priv key is larger than dh->length / 8 + * See GeneratePrivateDh */ + if (dh->length == 128) + privSz = 21; } else { privSz = pubSz; @@ -9373,6 +9440,47 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, { return wolfssl_ec_group_d2i(out, in, len); } + +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) +{ + unsigned char* out = NULL; + int len = 0; + int idx; + const byte* oid = NULL; + word32 oidSz = 0; + + if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || + grp->curve_idx < 0) + return WOLFSSL_FATAL_ERROR; + + /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid + * is just the numerical representation. */ + if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + return WOLFSSL_FATAL_ERROR; + + len = SetObjectId(oidSz, NULL) + oidSz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = SetObjectId(oidSz, out); + XMEMCPY(out + idx, oid, oidSz); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} #endif /* !NO_BIO */ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) @@ -9663,6 +9771,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, ret = 0; } + if (ret == 1 && + (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); + ret = 0; + } + if (ret == 1) { mp = (mp_int*)order->internal; } @@ -15645,6 +15759,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, return pkey; } + + +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg) +{ + return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) @@ -16278,8 +16399,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, #ifdef OPENSSL_ALL #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM)) /* Encrypt the key into a buffer using PKCS$8 and a password. * * @param [in] pkey Private key to encrypt. @@ -16292,7 +16411,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, * @return 0 on success. * @return BAD_FUNC_ARG when EVP cipher not supported. */ -static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, +int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, word32* keySz) { @@ -16356,7 +16475,7 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, * @param On out, size of encoded key in bytes. * @return 0 on success. */ -static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) +int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; int algId; @@ -16379,6 +16498,34 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) curveOid = NULL; oidSz = 0; } + else if (pkey->type == EVP_PKEY_DSA) { + /* DSA has no curve information. */ + algId = DSAk; + curveOid = NULL; + oidSz = 0; + } + else if (pkey->type == EVP_PKEY_DH) { + if (pkey->dh == NULL) + return BAD_FUNC_ARG; + + if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) { + /* Special case. DH buffer is always in PKCS8 format */ + if (keySz == NULL) + return BAD_FUNC_ARG; + + *keySz = pkey->pkey_sz; + if (key == NULL) + return LENGTH_ONLY_E; + + XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz); + return pkey->pkey_sz; + } + + /* DH has no curve information. */ + algId = DHk; + curveOid = NULL; + oidSz = 0; + } else { ret = NOT_COMPILED_IN; } @@ -16392,6 +16539,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) return ret; } +#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM)) /* Write PEM encoded, PKCS#8 formatted private key to BIO. * * @param [out] pem Buffer holding PEM encoding. @@ -16424,7 +16573,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Guestimate key size and PEM size. */ - if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { res = 0; } } @@ -16472,7 +16621,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Encrypt the private key. */ - ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); + ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); if (ret <= 0) { res = 0; } @@ -16488,7 +16637,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, type = PKCS8_PRIVATEKEY_TYPE; /* Encode private key in PKCS#8 format. */ - ret = pem_pkcs8_encode(pkey, key, &keySz); + ret = pkcs8_encode(pkey, key, &keySz); if (ret < 0) { res = 0; } @@ -16554,6 +16703,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return res; } + +int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo) +{ + return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0, + NULL, NULL); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/src/ssl.c b/src/ssl.c index 2fe5e93d9..2a0ca0385 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7241,29 +7241,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; #ifdef WOLFSSL_PEM_TO_DER int ret; - DerBuffer* der = NULL; + DerBuffer* pkcs8Der = NULL; + DerBuffer rawDer; + EncryptedInfo info; + int advanceLen = 0; + + XMEMSET(&info, 0, sizeof(info)); + XMEMSET(&rawDer, 0, sizeof(rawDer)); if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { WOLFSSL_MSG("Bad key PEM/DER args"); return NULL; } - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, + NULL); if (ret < 0) { WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); if (ret == 0) { - XMEMCPY(der->buffer, *keyBuf, keyLen); + XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen); } } + else { + advanceLen = (int)info.consumed; + } if (ret == 0) { /* Verify this is PKCS8 Key */ word32 inOutIdx = 0; word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, - &algId); + ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, + pkcs8Der->length, &algId); if (ret >= 0) { + if (advanceLen == 0) /* Set only if not PEM */ + advanceLen = inOutIdx + ret; + if (algId == DHk) { + /* Special case for DH as we expect the DER buffer to be always + * be in PKCS8 format */ + rawDer.buffer = pkcs8Der->buffer; + rawDer.length = inOutIdx + ret; + } + else { + rawDer.buffer = pkcs8Der->buffer + inOutIdx; + rawDer.length = ret; + } ret = 0; /* good DER */ } } @@ -7274,21 +7296,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( ret = MEMORY_E; } if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkcs8->pkey.ptr == NULL) ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = (int)der->length; + XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); + pkcs8->pkey_sz = (int)rawDer.length; } - FreeDer(&der); + FreeDer(&pkcs8Der); if (ret != 0) { wolfSSL_EVP_PKEY_free(pkcs8); pkcs8 = NULL; } + else { + *keyBuf += advanceLen; + } if (pkey != NULL) { *pkey = pkcs8; } @@ -7301,6 +7326,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( return pkcs8; } +#ifdef OPENSSL_ALL +int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) +{ + word32 keySz = 0; + unsigned char* out; + int len; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); + + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + + if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WOLFSSL_FATAL_ERROR; + len = (int)keySz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + if (pkcs8_encode(key, out, &keySz) != len) { + if (*pp == NULL) + XFREE(out, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; + } + + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} +#endif #ifndef NO_BIO /* put SSL type in extra for now, not very common */ diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 74eadcead..227fc7160 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1312,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, #endif /* Validate parameters. */ - if (BN_IS_NULL(bn)) { + if (ret == 1 && BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); ret = 0; } @@ -1419,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) return ret; } +int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +{ + int ret = 1; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + mp_int* w_mp = NULL; +#else + mp_int w_mp[1]; +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_ENTER("wolfSSL_BN_mul_word"); + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + /* Allocate temporary MP integer. */ + w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (w_mp == NULL) { + ret = 0; + } + else +#endif /* WOLFSSL_SMALL_STACK */ + { + /* Clear out MP integer so it can be freed. */ + XMEMSET(w_mp, 0, sizeof(*w_mp)); + } +#endif + + /* Validate parameters. */ + if (ret == 1 && BN_IS_NULL(bn)) { + WOLFSSL_MSG("bn NULL error"); + ret = 0; + } + + if (ret == 1) { + int rc = 0; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + if (w > (WOLFSSL_BN_ULONG)MP_MASK) { + /* Initialize temporary MP integer. */ + if (mp_init(w_mp) != MP_OKAY) { + ret = 0; + } + /* Set value into temporary MP integer. */ + if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { + ret = 0; + } + if (ret == 1) { + rc = mp_mul((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul error"); + ret = 0; + } + } + } + else +#endif + { + rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul_d error"); + ret = 0; + } + } + } + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + mp_free(w_mp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); + + return ret; +} + #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) /* Calculate bn modulo word w. bn % w diff --git a/tests/api.c b/tests/api.c index 6d765a8d5..b334a1c7f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -57416,13 +57416,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); - ExpectIntEQ(BIO_pending(bio), 1178); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif BIO_reset(bio); #endif @@ -57451,6 +57460,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) BIO* bio = NULL; EVP_PKEY* pkey = NULL; + int expectedBytes = 0; ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); /* Private DH EVP_PKEY */ @@ -57462,8 +57472,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), expectedBytes); #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); @@ -57471,7 +57482,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), 1); - ExpectIntEQ(BIO_pending(bio), 806); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); BIO_free(bio); bio = NULL; @@ -65194,6 +65206,7 @@ static int test_wolfSSL_PKCS8_Compat(void) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \ !defined(NO_BIO) PKCS8_PRIV_KEY_INFO* pt = NULL; + PKCS8_PRIV_KEY_INFO* pt2 = NULL; BIO* bio = NULL; XFILE f = XBADFILE; int bytes = 0; @@ -65216,13 +65229,14 @@ static int test_wolfSSL_PKCS8_Compat(void) ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); /* gets PKCS8 pointer to pkey */ - ExpectNotNull(EVP_PKEY2PKCS8(pkey)); + ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey)); EVP_PKEY_free(pkey); #endif BIO_free(bio); PKCS8_PRIV_KEY_INFO_free(pt); + PKCS8_PRIV_KEY_INFO_free(pt2); #endif return EXPECT_RESULT(); } @@ -83723,10 +83737,11 @@ static int test_wolfSSL_RSA_GenAdd(void) ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1); -#ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1); #else - /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */ + /* dmp1 and dmq1 are not set (allocated) in this config */ ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); #endif @@ -85319,6 +85334,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void) return EXPECT_RESULT(); } +static int test_wolfSSL_i2d_ECPKParameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EC_GROUP* grp = NULL; + unsigned char p256_oid[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 + }; + unsigned char *der = p256_oid; + unsigned char out_der[sizeof(p256_oid)]; + + XMEMSET(out_der, 0, sizeof(out_der)); + ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der, + sizeof(p256_oid))); + der = out_der; + ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid)); + ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid)); + EC_GROUP_free(grp); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_EC_POINT(void) { EXPECT_DECLS; @@ -97848,6 +97885,7 @@ TEST_CASE testCases[] = { #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) TEST_DECL(test_wolfSSL_EC_GROUP), + TEST_DECL(test_wolfSSL_i2d_ECPKParameters), TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters), TEST_DECL(test_wolfSSL_EC_POINT), TEST_DECL(test_wolfSSL_SPAKE), diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9ec233855..28c8f31ee 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7174,6 +7174,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, ret = ASN_PARSE_E; } break; + #endif + #ifndef NO_DH + case DHk: + /* Neither NULL item nor OBJECT_ID item allowed. */ + if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) || + (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) { + ret = ASN_PARSE_E; + } + break; #endif /* DSAk not supported. */ /* Falcon, Dilithium and Sphincs not supported. */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9da876df9..bc59a947a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4262,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id) int wc_ecc_get_curve_id(int curve_idx) { - if (wc_ecc_is_valid_idx(curve_idx)) { + if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) { return ecc_sets[curve_idx].id; } return ECC_CURVE_INVALID; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 231222404..808aa0461 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Get size of DER buffer only */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); } else { ret = wc_DhParamsToDer(dhkey,NULL,&derSz); @@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Fill DER buffer */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); } else { ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); @@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) /* this function just casts and returns pointer */ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) { - return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; + if (pkey == NULL || pkey->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr, + pkey->pkey_sz); } #endif diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 0f89d3151..bbb872c96 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #define WOLFSSL_SP_PRIME_GEN #endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) +/* Determine when mp_mul_d is required */ +#define WOLFSSL_SP_MUL_D +#endif + /* Set the multi-precision number to zero. * * Assumes a is not NULL. @@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ + defined(WOLFSSL_SP_MUL_D) /* Multiply a by digit n and put result into r shifting up o digits. * r = (a * n) << (o * SP_WORD_SIZE) * @@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o) #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) +#ifdef WOLFSSL_SP_MUL_D /* Multiply a by digit n and put result into r. r = a * n * * @param [in] a SP integer to multiply. @@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || - * (WOLFSSL_KEY_GEN && !NO_RSA) */ +#endif /* WOLFSSL_SP_MUL_D */ /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ff9c1230d..1a6c97d8f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -7114,6 +7114,12 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); #endif +WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, + word32* keySz); +WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, + word32* keySz); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 6c0373630..a3afd61ff 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); @@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word +#define BN_mul_word wolfSSL_BN_mul_word #define BN_sub_word wolfSSL_BN_sub_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index ae0f02683..7ea0f6223 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #include #ifdef __cplusplus @@ -102,6 +103,8 @@ typedef WOLFSSL_DH DH; #define DH_set0_key wolfSSL_DH_set0_key #define DH_bits(x) (BN_num_bits((x)->p)) +#define OPENSSL_DH_MAX_MODULUS_BITS DH_MAX_SIZE + #define DH_GENERATOR_2 2 #define DH_CHECK_P_NOT_PRIME 0x01 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 76a1252e1..6acb59e00 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -26,6 +26,7 @@ #define WOLFSSL_DSA_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -119,6 +120,8 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( typedef WOLFSSL_DSA DSA; +#define OPENSSL_DSA_MAX_MODULUS_BITS 3072 + #define WOLFSSL_DSA_LOAD_PRIVATE 1 #define WOLFSSL_DSA_LOAD_PUBLIC 2 diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index c7b0cfffa..bd81894e8 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -25,6 +25,7 @@ #define WOLFSSL_EC_H_ #include +#include #include #include #include @@ -431,6 +432,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form #define d2i_ECPKParameters wolfSSL_d2i_ECPKParameters +#define i2d_ECPKParameters wolfSSL_i2d_ECPKParameters #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 0cfaedd0d..8ecc02c6b 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -69,6 +69,8 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, const unsigned char **in, long len); WOLFSSL_API +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp); +WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -179,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* pass); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); +#endif WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY **key, @@ -279,6 +286,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY #define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index a248b2307..931128397 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -27,6 +27,7 @@ #include #include +#include #include #include @@ -190,6 +191,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ef65f60ea..a08a96db0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -207,7 +207,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY -#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PKCS8_PKEY #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free @@ -1009,7 +1009,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_print_fp wolfSSL_RSA_print_fp #define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref +#define RSA_padding_add_PKCS1_PSS_mgf1 wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1 #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS +#define RSA_verify_PKCS1_PSS_mgf1 wolfSSL_RSA_verify_PKCS1_PSS_mgf1 #define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS #define PEM_def_callback wolfSSL_PEM_def_callback diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ec6c08fb6..13abb0bb3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1269,11 +1269,18 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1, WOLFSSL_BIO** bio2_p, size_t writebuf2); +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + unsigned char *em, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash, + int saltLen); WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen); +WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen); WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); @@ -2088,6 +2095,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); +WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, + unsigned char** pp); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, @@ -5382,6 +5391,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 6df41eb29..bba2b71b9 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -951,13 +951,14 @@ enum Misc_ASN { #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) - RSA_INTS = 8, /* RSA ints in private key */ -#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) - RSA_INTS = 5, /* RSA ints in private key */ -#else - RSA_INTS = 2, /* RSA ints in private key */ + RSA_INTS = 2 /* RSA ints in private key */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + + 3 +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + + 3 #endif +#endif + , DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ DSA_PUB_INTS = 4, /* DSA ints in public key */ From bc0a2c43e65003ca4a9a3c10fc768ec8ef63fb91 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 21 Oct 2024 10:04:26 -0600 Subject: [PATCH 170/325] avoid warning for unused parameter with certain build configurations --- wolfcrypt/src/asn.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1a4ce9518..9cad859e5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7921,6 +7921,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, ret = 0; } (void)ks; + (void)heap; return ret; } From 187a9b5b4db178e3c9eb48d372ba03f5ce2012d9 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 21 Oct 2024 09:20:32 -0700 Subject: [PATCH 171/325] Apply various Espressif compatibility updates --- wolfcrypt/src/port/Espressif/esp32_aes.c | 2 +- wolfcrypt/src/port/Espressif/esp32_sha.c | 2 +- .../Espressif/esp_crt_bundle/esp_crt_bundle.c | 24 ++++++++---- .../src/port/Espressif/esp_sdk_mem_lib.c | 38 ++++++++++++++----- .../src/port/Espressif/esp_sdk_wifi_lib.c | 7 +++- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 24 ++++++++---- 6 files changed, 68 insertions(+), 29 deletions(-) diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c index e8c917c9a..f85343ead 100644 --- a/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -637,7 +637,7 @@ int esp_hw_show_aes_metrics(void) #if defined(WOLFSSL_HW_METRICS) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu", diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index c1aec3e39..6fa955a9d 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -2384,7 +2384,7 @@ int esp_hw_show_sha_metrics(void) int ret = 0; #if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_sha_hw_copy_ct = %lu", diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index 97b406312..023b373a6 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -61,12 +61,17 @@ esp_err_t esp_crt_bundle_attach(void *conf) #include #include -#include /* needed only for esp_tls_free_global_ca_store() */ +#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS + /* We're already here since CONFIG_ESP_TLS_USING_WOLFSSL is enabled, */ + /* but do we have a recent version of wolfSSL CMakeLists.txt to support */ + /* using wolfSSL in ESP-IDF? If so, include the esp-tls component here: */ + #include /* needed only for esp_tls_free_global_ca_store() */ +#endif /* There's a minimum version of wolfSSL needed for Certificate Bundle Support. * * See the latest code at: - * https://github.com/wolfSSL/wolfssl or + * https://github.com/wolfSSL/wolfssl or Managed Components at * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ */ #if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) @@ -186,12 +191,10 @@ typedef struct crt_bundle_t { static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/ static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/ -static const uint8_t **crts = NULL; -static uint16_t num_certs = 0; - - -/* Found in */ -void esp_tls_free_global_ca_store(void); +#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + static const uint8_t **crts = NULL; + static uint16_t num_certs = 0; +#endif #ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, @@ -1514,7 +1517,12 @@ esp_err_t wolfSSL_bundle_cleanup(void) s_crt_bundle.crts = NULL; } +#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS + /* When the esp-tls is linked as a requirement in CMake and used by the + * ESP-IDF in the esp-tls component, call at cleanup time: */ esp_tls_free_global_ca_store(); +#endif + /* Be sure to free the bundle_cert first, as it may be part of store. */ if (bundle_cert != NULL) { #ifdef DEBUG_WOLFSSL_MALLOC diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 443438f70..81d88a654 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -25,10 +25,10 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS - #include -#endif +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ @@ -71,8 +71,6 @@ extern wc_ptr_t _rodata_start[]; extern wc_ptr_t _rodata_end[]; extern wc_ptr_t _bss_start[]; extern wc_ptr_t _bss_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; extern wc_ptr_t _rtc_bss_start[]; extern wc_ptr_t _rtc_bss_end[]; extern wc_ptr_t _iram_start[]; @@ -83,16 +81,24 @@ extern wc_ptr_t _init_end[]; #endif extern wc_ptr_t _iram_text_start[]; extern wc_ptr_t _iram_text_end[]; -extern wc_ptr_t _iram_bss_start[]; -extern wc_ptr_t _iram_bss_end[]; +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent */ +#else + extern wc_ptr_t _iram_bss_start[]; + extern wc_ptr_t _iram_bss_end[]; +#endif extern wc_ptr_t _noinit_start[]; extern wc_ptr_t _noinit_end[]; extern wc_ptr_t _text_start[]; extern wc_ptr_t _text_end[]; extern wc_ptr_t _heap_start[]; extern wc_ptr_t _heap_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; +#ifdef CONFIG_IDF_TARGET_ESP32C2 + /* no rtc_data on ESP32-C2*/ +#else + extern wc_ptr_t _rtc_data_start[]; + extern wc_ptr_t _rtc_data_end[]; +#endif #if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 extern void* _thread_local_start; @@ -194,7 +200,11 @@ int sdk_init_meminfo(void) { #endif sdk_log_meminfo(data, _data_start, _data_end); sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent of bss */ +#else sdk_log_meminfo(bss, _bss_start, _bss_end); +#endif sdk_log_meminfo(noinit, _noinit_start, _noinit_end); sdk_log_meminfo(ets_system, ETS_SYS_START, ETS_SYS_END); sdk_log_meminfo(rodata, _rodata_start, _rodata_end); @@ -203,12 +213,20 @@ int sdk_init_meminfo(void) { sdk_log_meminfo(iramf2, IRAMF2_START, IRAMF2_END); sdk_log_meminfo(iram, _iram_start, _iram_end); sdk_log_meminfo(iram_text, _iram_text_start, _iram_text_end); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(iram_bss, _iram_bss_start, _iram_bss_end); +#endif #if defined(CONFIG_IDF_TARGET_ESP8266) sdk_log_meminfo(init, _init_start, _init_end); #endif sdk_log_meminfo(text, _text_start, _text_end); +#if defined(CONFIG_IDF_TARGET_ESP32C2) + /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(rtc_data, _rtc_data_start, _rtc_data_end); +#endif ESP_LOGI(TAG, "-----------------------------------------------------"); sample_heap_var = malloc(1); if (sample_heap_var == NULL) { diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index d56d549b2..9a200a921 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -23,8 +23,11 @@ #include #endif -/* Reminder: user_settings.h is needed and included from settings.h - * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index a9857a2d1..afeb3526b 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -28,8 +28,9 @@ #define __ESP_CRT_BUNDLE_wolfssl_LIB_H__ /* This file is typically NOT directly used by applications utilizing the - * wolfSSL libraries. It is used when the wolfssl libary component is configured - * to be utilized by the Espressif ESP-IDF, specifically the esp-tls layer. + * wolfSSL libraries. It is used when the wolfssl library component is + * configured to be utilized by the Espressif ESP-IDF, specifically the + * esp-tls layer. * * See: esp-idf api-reference for esp_tls. * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h @@ -53,7 +54,16 @@ * Normally on, this uses the compiler `inline` decorator for bundle functions * to be optimized, since they are called during a TLS connection. * - * See Kconfig file (or use idy.py menufconfig) for other bundle settings. + * See Kconfig file (or use idy.py menuconfig) for other bundle settings. + * + ******************************************************************************* + ** Other Settings: + ******************************************************************************* + * WOLFSSL_CMAKE_REQUIRED_ESP_TLS + * This is defined in the wolfssl component cmake file when the esp-tls + * component is required. This is typically when Certificate Bundles are + * enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs + * to be called from the wolfSSL wolfSSL_bundle_cleanup(). */ /* wolfSSL */ @@ -121,14 +131,14 @@ esp_err_t esp_crt_bundle_attach(void *conf); #else /** - * @brief Return ESP_OK for valid bunder, otherwise ESP_FAIL. + * @brief Return ESP_OK for valid bundle, otherwise ESP_FAIL. * * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. */ esp_err_t esp_crt_bundle_is_valid(void); /** - * @brief Return 1 if Cert Bundle loaded, otheriwse 0. + * @brief Return 1 if Cert Bundle loaded, otherwise 0. * * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. */ @@ -169,7 +179,7 @@ void esp_crt_bundle_detach(wolfssl_ssl_config *conf); * * @return * - ESP_OK if adding certificates was successful. - * - Other if an error occured or an action must be taken + * - Other if an error occurred or an action must be taken * by the calling process. */ esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); @@ -179,7 +189,7 @@ esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); * @brief Set the issuer and subject values given the current cert. * * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging - * and general visibiity to certificate attributes. + * and general visibility to certificate attributes. * * The CERT_TAG can be used at the esp-tls or application layer to indicate * the usage of the respective cert (e.g. the string "peer"). From f24b987f5959bbe057d349111caf0cfccce18860 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 21 Oct 2024 12:26:29 -0500 Subject: [PATCH 172/325] wolfcrypt/src/rsa.c: fix wc_FreeRsaKey() WOLFSSL_XILINX_CRYPT XFREE() call to pass key->heap as before. --- wolfcrypt/src/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index f5ed3d353..9e34599ca 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -601,7 +601,7 @@ int wc_FreeRsaKey(RsaKey* key) mp_clear(&key->n); #ifdef WOLFSSL_XILINX_CRYPT - XFREE(key->mod, heap, DYNAMIC_TYPE_KEY); + XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); key->mod = NULL; #endif From 35def11781bf862ca5e2485fbd422a1c78564192 Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 21 Oct 2024 14:59:32 -0500 Subject: [PATCH 173/325] coverity: fix error, and cleanup. --- src/internal.c | 27 ++++++++++++++++++--------- wolfcrypt/src/sp_int.c | 4 +++- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/internal.c b/src/internal.c index 011dce610..005075f88 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13587,21 +13587,28 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_OCSP_STATUS); + DYNAMIC_TYPE_OCSP_STATUS); single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap, - DYNAMIC_TYPE_OCSP_ENTRY); + DYNAMIC_TYPE_OCSP_ENTRY); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_OCSP_REQUEST); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (status != NULL) { + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + } + if (single != NULL) { + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + } + if (response != NULL) { + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } return MEMORY_ERROR; } #endif + /* InitOcspResponse sets single and status to response struct. */ InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) @@ -13622,12 +13629,14 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; + /* FreeOcspResponse frees status and single only if + * single->isDynamic is set. */ FreeOcspResponse(response); #ifdef WOLFSSL_SMALL_STACK - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #endif WOLFSSL_LEAVE("ProcessCSR", ret); diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 0f89d3151..2a78ed881 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -12429,8 +12429,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x, ALLOC_SP_INT(d, m->used + 1, err, NULL); if (err == MP_OKAY) { - sp_init_size(d, m->used + 1); + err = sp_init_size(d, m->used + 1); + } + if (err == MP_OKAY) { /* 1. x = m, y = a, b = 1, c = 0 */ if (a != y) { _sp_copy(a, y); From 5690af82dcde16b8fccda48699a482bfc3a48aee Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 21 Oct 2024 15:57:24 -0500 Subject: [PATCH 174/325] wolfcrypt test: fix double free. --- wolfcrypt/test/test.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4c3c9d771..74fa6feb2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -33731,6 +33731,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) word32 plaintextLen; word32 encryptLen = MAX_ECIES_TEST_SZ; word32 decryptLen = MAX_ECIES_TEST_SZ; + int aInit = 0; + int bInit = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -33742,12 +33744,22 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) wc_ecc_free(b); ret = wc_ecc_init(a); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + aInit = 1; + } + + if (ret == 0) { ret = wc_ecc_init(b); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + bInit = 1; + } } if (ret == 0) @@ -33809,8 +33821,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0) ret = WC_TEST_RET_ENC_NC; - wc_ecc_free(a); - wc_ecc_free(b); + if (aInit) { + wc_ecc_free(a); + } + + if (bInit) { + wc_ecc_free(b); + } wc_ecc_ctx_free(aCtx); wc_ecc_ctx_free(bCtx); From ee24446bee88770849f67c5b9667101416e07060 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 21 Oct 2024 14:05:51 -0700 Subject: [PATCH 175/325] Add Visual Studio 2022 Project Files for wolfSSL, Test, & Benchmark --- .gitignore | 1 + Makefile.am | 1 + wolfcrypt/benchmark/benchmark-VS2022.sln | 87 +++ wolfcrypt/benchmark/benchmark-VS2022.vcxproj | 162 +++++ .../benchmark/benchmark-VS2022.vcxproj.user | 7 + wolfcrypt/benchmark/include.am | 3 + wolfcrypt/test/include.am | 4 + wolfcrypt/test/test-VS2022.sln | 87 +++ wolfcrypt/test/test-VS2022.vcxproj | 162 +++++ wolfcrypt/test/test-VS2022.vcxproj.user | 7 + wolfssl-VS2022.vcxproj | 577 ++++++++++++++++++ 11 files changed, 1098 insertions(+) create mode 100644 wolfcrypt/benchmark/benchmark-VS2022.sln create mode 100644 wolfcrypt/benchmark/benchmark-VS2022.vcxproj create mode 100644 wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user create mode 100644 wolfcrypt/test/test-VS2022.sln create mode 100644 wolfcrypt/test/test-VS2022.vcxproj create mode 100644 wolfcrypt/test/test-VS2022.vcxproj.user create mode 100644 wolfssl-VS2022.vcxproj diff --git a/.gitignore b/.gitignore index 8ef6f71b1..87ff413b3 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ ctaocrypt/src/src/ *.cache .dirstamp *.user +!*-VS2022.vcxproj.user configure config.* !cmake/config.in diff --git a/Makefile.am b/Makefile.am index 1d4f26c6b..d8e4b6ddf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -141,6 +141,7 @@ ACLOCAL_AMFLAGS= -I m4 EXTRA_DIST+= .cyignore EXTRA_DIST+= wolfssl.vcproj EXTRA_DIST+= wolfssl.vcxproj +EXTRA_DIST+= wolfssl-VS2022.vcxproj EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= valgrind-bash.supp diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln new file mode 100644 index 000000000..2831db510 --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.sln @@ -0,0 +1,87 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35327.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}" + ProjectSection(SolutionItems) = preProject + ..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h + ..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h + EndProjectSection +EndProject +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + DLL Debug|ARM64 = DLL Debug|ARM64 + DLL Debug|x64 = DLL Debug|x64 + DLL Debug|x86 = DLL Debug|x86 + DLL Release|ARM64 = DLL Release|ARM64 + DLL Release|x64 = DLL Release|x64 + DLL Release|x86 = DLL Release|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA} + EndGlobalSection +EndGlobal diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj new file mode 100644 index 000000000..ce5937e29 --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj @@ -0,0 +1,162 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + 17.0 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>17.0.35327.3 + + + Debug\ + Debug\ + true + + + true + + + Release\ + Release\ + true + + + true + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + MachineX86 + + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + MachineX86 + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + + + + {12226dbe-7278-4dfa-a119-5a0294cf0b33} + + + + + + diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user new file mode 100644 index 000000000..2219efc16 --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am index dc2b71c41..22cecbdae 100644 --- a/wolfcrypt/benchmark/include.am +++ b/wolfcrypt/benchmark/include.am @@ -23,5 +23,8 @@ endif EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user EXTRA_DIST += wolfcrypt/benchmark/README.md DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am index 64d0f1a4f..4e059dfa6 100644 --- a/wolfcrypt/test/include.am +++ b/wolfcrypt/test/include.am @@ -26,5 +26,9 @@ endif EXTRA_DIST += wolfcrypt/test/test.sln EXTRA_DIST += wolfcrypt/test/test.vcproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.sln +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user + EXTRA_DIST += wolfcrypt/test/README.md DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt diff --git a/wolfcrypt/test/test-VS2022.sln b/wolfcrypt/test/test-VS2022.sln new file mode 100644 index 000000000..557627482 --- /dev/null +++ b/wolfcrypt/test/test-VS2022.sln @@ -0,0 +1,87 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35327.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test-VS2022", "test-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}" + ProjectSection(SolutionItems) = preProject + ..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h + ..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + DLL Debug|ARM64 = DLL Debug|ARM64 + DLL Debug|x64 = DLL Debug|x64 + DLL Debug|x86 = DLL Debug|x86 + DLL Release|ARM64 = DLL Release|ARM64 + DLL Release|x64 = DLL Release|x64 + DLL Release|x86 = DLL Release|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA} + EndGlobalSection +EndGlobal diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj new file mode 100644 index 000000000..ed79d62ef --- /dev/null +++ b/wolfcrypt/test/test-VS2022.vcxproj @@ -0,0 +1,162 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + 17.0 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>17.0.35327.3 + + + Debug\ + Debug\ + true + + + true + + + Release\ + Release\ + true + + + true + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + MachineX86 + + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + MachineX86 + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + + + + {12226dbe-7278-4dfa-a119-5a0294cf0b33} + + + + + + diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user new file mode 100644 index 000000000..2219efc16 --- /dev/null +++ b/wolfcrypt/test/test-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj new file mode 100644 index 000000000..a52f42e6d --- /dev/null +++ b/wolfssl-VS2022.vcxproj @@ -0,0 +1,577 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Debug + ARM64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Debug + ARM64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + DLL Release + ARM64 + + + Release + Win32 + + + Release + x64 + + + Release + ARM64 + + + + {12226DBE-7278-4DFA-A119-5A0294CF0B33} + wolfssl + Win32Proj + + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + false + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + true + true + true + true + true + true + + + + + + From 4aa3d5f8ce2d17e767a689bd177f117c510f13a8 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 21 Oct 2024 15:39:28 -0500 Subject: [PATCH 176/325] Add more configs to Coverity scan schedule. --- .github/workflows/coverity-scan-fixes.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml index 5034e884f..9a70e080b 100644 --- a/.github/workflows/coverity-scan-fixes.yml +++ b/.github/workflows/coverity-scan-fixes.yml @@ -1,9 +1,11 @@ -name: Coverity Scan master branch on a daily basis +name: Coverity Scan master branch on: workflow_dispatch: schedule: - - cron: "0 0 * * *" + - cron: '0 0 * * 1-5' + - cron: '0 0 * * 0' + - cron: '0 12 * * 0' jobs: coverity: @@ -14,11 +16,24 @@ jobs: with: ref: master - - name: Configure wolfSSL + - name: Configure wolfSSL with enable-all M-F + if: github.event.schedule == '0 0 * * 1-5' run: | ./autogen.sh ./configure --enable-all + - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00 + if: github.event.schedule == '0 0 * * 0' + run: | + ./autogen.sh + ./configure --enable-all --enable-smallstack + + - name: Configure wolfSSL with bigendian Sun at 12:00 + if: github.event.schedule == '0 12 * * 0' + run: | + ./autogen.sh + ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER" + - name: Check secrets env: token_var: ${{ secrets.COVERITY_SCAN_TOKEN }} From 5fd9e99bbdeb9f894c1f286d2d5dd930c1fffd6d Mon Sep 17 00:00:00 2001 From: jordan Date: Mon, 21 Oct 2024 20:49:34 -0500 Subject: [PATCH 177/325] coverity: don't overwrite obj in wolfSSL_X509_get_ext_d2i. --- src/x509.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/x509.c b/src/x509.c index 58f5cc119..1fc6c289a 100644 --- a/src/x509.c +++ b/src/x509.c @@ -2445,6 +2445,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, sk = NULL; } } + obj = wolfSSL_ASN1_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); @@ -2455,6 +2456,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->grp = oidCertExtType; obj->obj = (byte*)(x509->certPolicies[i]); obj->objSz = MAX_CERTPOL_SZ; + + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; + } + + obj = NULL; } else { WOLFSSL_MSG("No Cert Policy set"); From 27267d7d2e057e25a76685d3e8e53fc45d0216dc Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 22 Oct 2024 00:21:26 -0600 Subject: [PATCH 178/325] CID 426066 fix check if null before free --- src/x509.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/x509.c b/src/x509.c index 58f5cc119..c19b2bbed 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14111,7 +14111,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, } #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + if (x != NULL) { + XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + } #endif return ret; From 18150a11aa03fa55cb5776207c7a5cd79ea56863 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 22 Oct 2024 00:24:29 -0600 Subject: [PATCH 179/325] CID 426062,426063 initialization and free check --- wolfcrypt/test/test.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4c3c9d771..24c0bfc06 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13939,6 +13939,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) if ((bigCipher == NULL) || (bigPlain == NULL)) { XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #else @@ -35099,6 +35100,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) (void)x; WOLFSSL_ENTER("curve25519_test"); + /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be + * called before any exit goto's */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) userA = wc_curve25519_new(HEAP_HINT, devId, &ret); if (ret != 0) @@ -35115,14 +35126,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); #endif -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); - /* make curve25519 keys */ ret = wc_curve25519_make_key(&rng, 32, userA); if (ret != 0) From 2847cbfbad41246f173757fd376d3361cd991335 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 22 Oct 2024 10:55:15 +0200 Subject: [PATCH 180/325] Simplify TLS 1.2 session ID logic Optimize entropy use. Only generate the exact amount of random data that we will actually keep. Refactor done as part of work on ZD18822 --- src/internal.c | 87 ++++++++++++++++++++++++-------------------------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/src/internal.c b/src/internal.c index 005075f88..8bc4bc5a4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -34510,6 +34510,29 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef WOLFSSL_NO_TLS12 + static int getSessionID(WOLFSSL* ssl) + { + int sessIdSz = 0; + (void)ssl; +#ifndef NO_SESSION_CACHE + /* if no session cache don't send a session ID */ + if (!ssl->options.sessionCacheOff) + sessIdSz = ID_LEN; +#endif +#ifdef HAVE_SESSION_TICKET + /* we may be echoing an ID as part of session tickets */ + if (ssl->options.useTicket) { + /* echo session id sz can be 0,32 or bogus len in between */ + sessIdSz = ssl->arrays->sessionIDSz; + if (sessIdSz > ID_LEN) { + WOLFSSL_MSG("Bad bogus session id len"); + return BUFFER_ERROR; + } + } +#endif /* HAVE_SESSION_TICKET */ + return sessIdSz; + } + /* handle generation of server_hello (2) */ int SendServerHello(WOLFSSL* ssl) { @@ -34518,17 +34541,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word16 length; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; - byte sessIdSz = ID_LEN; - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - byte echoId = 0; /* ticket echo id flag */ - #endif - byte cacheOff = 0; /* session cache off flag */ + byte sessIdSz; WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); WOLFSSL_ENTER("SendServerHello"); + ret = getSessionID(ssl); + if (ret < 0) + return ret; + sessIdSz = (byte)ret; + length = VERSION_SZ + RAN_LEN - + ID_LEN + ENUM_LEN + + ENUM_LEN + sessIdSz + SUITE_LEN + ENUM_LEN; @@ -34536,45 +34560,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = TLSX_GetResponseSize(ssl, server_hello, &length); if (ret != 0) return ret; - #ifdef HAVE_SESSION_TICKET - if (ssl->options.useTicket) { - /* echo session id sz can be 0,32 or bogus len in between */ - sessIdSz = ssl->arrays->sessionIDSz; - if (sessIdSz > ID_LEN) { - WOLFSSL_MSG("Bad bogus session id len"); - return BUFFER_ERROR; - } - if (!IsAtLeastTLSv1_3(ssl->version)) - length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */ - echoId = 1; - } - #endif /* HAVE_SESSION_TICKET */ #else if (ssl->options.haveEMS) { length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ; } #endif - /* is the session cache off at build or runtime */ -#ifdef NO_SESSION_CACHE - cacheOff = 1; -#else - if (ssl->options.sessionCacheOff == 1) { - cacheOff = 1; - } -#endif - - /* if no session cache don't send a session ID unless we're echoing - * an ID as part of session tickets */ - if (cacheOff == 1 - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - && echoId == 0 - #endif - ) { - length -= ID_LEN; /* adjust ID_LEN assumption */ - sessIdSz = 0; - } - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -34605,11 +34596,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* then random and session id */ if (!ssl->options.resuming) { - /* generate random part and session id */ - ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, - RAN_LEN + sizeof(sessIdSz) + sessIdSz); - if (ret != 0) - return ret; + word32 genRanLen = RAN_LEN; #ifdef WOLFSSL_TLS13 if (TLSv1_3_Capable(ssl)) { @@ -34617,6 +34604,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl); + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } else #endif @@ -34628,12 +34616,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = 0; + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } - /* store info in SSL for later */ + /* generate random part */ + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN); idx += RAN_LEN; + + /* generate session id */ output[idx++] = sessIdSz; + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz); ssl->arrays->sessionIDSz = sessIdSz; } From 5a1da526da984a397059daf9cfd0b7e98d50fb94 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 22 Oct 2024 10:27:38 -0400 Subject: [PATCH 181/325] Test using my branch --- .github/workflows/jwt-cpp.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 020e066b5..2f8f9de9c 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -68,7 +68,8 @@ jobs: - name: Checkout OSP uses: actions/checkout@v4 with: - repository: wolfssl/osp + repository: bandi13/wolfssl-osp + ref: 'updateJWTpatch' path: osp - name: Checkout jwt-cpp From 625585992583d33a755ad05d3430d57e1c9cf157 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 22 Oct 2024 10:56:42 -0400 Subject: [PATCH 182/325] Fix package name --- .github/workflows/pam-ipmi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index 5c773ea59..ec254d6f3 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -56,7 +56,7 @@ jobs: # Don't prompt for anything export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install libpam-dev ninja-build python3-meson + sudo apt-get install libpam-dev ninja-build meson - name: Download lib uses: actions/download-artifact@v4 From d981cd5b36c70b51efb052209501123d11697535 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 22 Oct 2024 12:22:08 -0400 Subject: [PATCH 183/325] Revert "Test using my branch" This reverts commit 5a1da526da984a397059daf9cfd0b7e98d50fb94. --- .github/workflows/jwt-cpp.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 2f8f9de9c..020e066b5 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -68,8 +68,7 @@ jobs: - name: Checkout OSP uses: actions/checkout@v4 with: - repository: bandi13/wolfssl-osp - ref: 'updateJWTpatch' + repository: wolfssl/osp path: osp - name: Checkout jwt-cpp From f21a763ae99ba1057df945a896eeff9ec14454c7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 22 Oct 2024 14:22:46 -0600 Subject: [PATCH 184/325] return out of test function if failing RNG init --- wolfcrypt/test/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 24c0bfc06..b00cfa00c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35108,7 +35108,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) ret = wc_InitRng(&rng); #endif if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + return WC_TEST_RET_ENC_EC(ret); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) userA = wc_curve25519_new(HEAP_HINT, devId, &ret); From 5a0bb3a3ed386e8ba937ab3ce12eca54f6c09883 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 22 Oct 2024 14:30:54 -0700 Subject: [PATCH 185/325] Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member. ZD 18841. --- wolfcrypt/src/aes.c | 27 ++++++++++--------- .../src/port/Renesas/renesas_fspsm_aes.c | 3 ++- wolfcrypt/src/port/arm/armv8-aes.c | 8 +++--- wolfcrypt/src/port/caam/caam_aes.c | 3 ++- wolfcrypt/src/port/devcrypto/devcrypto_aes.c | 3 ++- wolfcrypt/src/port/riscv/riscv-64-aes.c | 12 ++++----- wolfcrypt/src/port/ti/ti-aes.c | 3 ++- 7 files changed, 33 insertions(+), 26 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6a6b49403..acd8c017c 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3726,8 +3726,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -3807,8 +3807,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3838,8 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3890,8 +3890,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (rk == NULL) return BAD_FUNC_ARG; - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3971,8 +3971,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); ret = nrf51_aes_set_key(userKey); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -4028,7 +4028,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -4520,8 +4521,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index 0028786c5..e1ec04cc5 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 87df6f089..0baa39b5c 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -201,7 +201,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, } #endif - #ifdef WOLFSSL_AES_COUNTER + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif /* WOLFSSL_AES_COUNTER */ @@ -16581,9 +16582,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, XMEMCPY(aes->devKey, userKey, keylen); } #endif -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; -#endif /* WOLFSSL_AES_COUNTER */ +#endif aes->keylen = keylen; aes->rounds = keylen/4 + 6; diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c index b744c1244..20c4068ab 100644 --- a/wolfcrypt/src/port/caam/caam_aes.c +++ b/wolfcrypt/src/port/caam/caam_aes.c @@ -93,7 +93,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, return ret; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c index ba12d2583..e2f7d6c44 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c @@ -125,7 +125,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, aes->keylen = keylen; aes->rounds = keylen/4 + 6; -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->ctx.cfd = -1; diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c index 292c854d1..3ca35419c 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-aes.c +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -498,8 +498,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -1770,8 +1770,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -2978,8 +2978,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Initialize fields. */ - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->keylen = (int)keyLen; diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 8dcd10abc..ed5515ef7 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) aes->rounds = len / 4 + 6; XMEMCPY(aes->key, key, len); -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return AesSetIV(aes, iv); From 6429315216ac0ddd382fd11383b4c4405fe8d692 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 12:03:16 -0500 Subject: [PATCH 186/325] fix references to misnamed HAVE_SHA224, HAVE_SHA384, HAVE_SHA512 (correct names have WOLFSSL_ prefixes). --- src/ssl.c | 6 +++--- wolfssl/wolfcrypt/settings.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1bdcc8be6..bfe5ad46a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15108,7 +15108,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA1"; break; #endif -#ifdef HAVE_SHA224 +#ifdef WOLFSSL_SHA224 case sha224_mac: macStr = "SHA224"; break; @@ -15118,12 +15118,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA256"; break; #endif -#ifdef HAVE_SHA384 +#ifdef WOLFSSL_SHA384 case sha384_mac: macStr = "SHA384"; break; #endif -#ifdef HAVE_SHA512 +#ifdef WOLFSSL_SHA512 case sha512_mac: macStr = "SHA512"; break; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index ece446faa..e02870c13 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1481,7 +1481,7 @@ extern void uITRON4_free(void *p) ; #ifndef NO_WRITEV #define NO_WRITEV #endif - #ifndef HAVE_SHA512 + #ifndef WOLFSSL_SHA512 #ifndef NO_SHA512 #define NO_SHA512 #endif From bffcfb7efc22fef764a98b25d790b0ae12adac64 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 14:35:27 -0500 Subject: [PATCH 187/325] wolfcrypt/src/ecc.c: in wc_ecc_get_curve_id_from_oid(), deconditionalize guard against zero-length len added in 03a6eed037, to fix test_wc_ecc_get_curve_id_from_oid() failing in cross-mingw-all-crypto. --- wolfcrypt/src/ecc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index bc59a947a..da5009382 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4554,13 +4554,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len) } #endif -#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) if (len == 0) { /* SAKKE has zero oidSz and will otherwise match with len==0. */ WOLFSSL_MSG("zero oidSz"); return ECC_CURVE_INVALID; } -#endif for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) { #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) From 30181f2ced0deed7de8bfb9355e112a68900b10c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 16:53:03 -0500 Subject: [PATCH 188/325] configure.ac: for reproducible-build, use --build-id=sha1, not --build-id=none, to support users relying on build-id in the linked object. --- configure.ac | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index cc0217b44..b4d3aaa4b 100644 --- a/configure.ac +++ b/configure.ac @@ -573,16 +573,15 @@ then AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/=" fi - # opportunistically use linker option --build-id=none - - if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<' EOF' + # opportunistically force linker option --build-id=sha1 (usually the default) + if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<' EOF' #include int main(int argc, char **argv) { (void)argc; (void)argv; return 0; } EOF then - AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none" + AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1" fi fi From 508555c927d7632c79aa0344dc90a3c5eaa8276a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 23:56:02 -0500 Subject: [PATCH 189/325] configure.ac: add several missing low level crypto algorithms to all-crypto that are already included indirectly in enable-all. --- configure.ac | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b4d3aaa4b..3fdfab0d4 100644 --- a/configure.ac +++ b/configure.ac @@ -1155,7 +1155,8 @@ then test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes - test "$enable_brainpool" = "" && enable_brainpool=yes + test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes + test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3" fi test "$enable_srp" = "" && enable_srp=yes fi @@ -1194,6 +1195,7 @@ then if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then test "$enable_des3" = "" && enable_des3=yes + test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" fi AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES" From 3bbd00f918c3470a4dce5aa6b3434f72f79f78c1 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 23:57:56 -0500 Subject: [PATCH 190/325] wolfcrypt/src/asn.c: tweak retval handling in MakeSignature() CERTSIGN_STATE_DO section for the benefit of WOLFSSL_DEBUG_TRACE_ERROR_CODES. --- wolfcrypt/src/asn.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0ead2f464..0c520027b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -30198,7 +30198,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, case CERTSIGN_STATE_DO: certSignCtx->state = CERTSIGN_STATE_DO; - ret = ALGO_ID_E; /* default to error */ + ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ #ifndef NO_RSA if (rsaKey) { @@ -30281,6 +30281,9 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, } #endif /* HAVE_SPHINCS */ + if (ret == -1) + ret = ALGO_ID_E; + break; } From ea491b80ef1450579ed6aaadc23a2519c1afa16c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 22 Oct 2024 23:59:23 -0500 Subject: [PATCH 191/325] tests/api.c: gate test_GENERAL_NAME_set0_othername() on OPENSSL_ALL, not OPENSSL_EXTRA, as it fails with --enable-all-crypto --enable-opensslextra, and is commented to require --enable-opensslall. --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index b334a1c7f..7481e24b4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -68600,7 +68600,7 @@ static int test_GENERAL_NAME_set0_othername(void) { /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ static int test_othername_and_SID_ext(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ From ba1cd859341f8d58eeaa5765a8b9d073abd3fe04 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 23 Oct 2024 18:02:56 +0900 Subject: [PATCH 192/325] check Root CA by TSIP before adding it to ca-table --- .../EnvisionKit/Simple/common/wolfssl_dummy.c | 25 +++++++++-- .../EnvisionKit/Simple/test/src/test_main.c | 1 + src/ssl.c | 45 ++++++++++--------- 3 files changed, 45 insertions(+), 26 deletions(-) diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c index 3e4c1e56e..987436d93 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c @@ -21,15 +21,32 @@ #include -#define YEAR 2024 -#define MON 7 - static int tick = 0; +#define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ +) + +#define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) + time_t time(time_t *t) { (void)t; - return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++; + return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++; } #include diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c index 276ab79a7..e9869f7db 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c @@ -65,6 +65,7 @@ extern "C" { static long tick; static void timeTick(void *pdata) { + (void)pdata; tick++; } diff --git a/src/ssl.c b/src/ssl.c index 1bdcc8be6..10d46f74a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5567,6 +5567,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) row = HashSigner(signer->subjectNameHash); #endif + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) + /* Verify CA by TSIP so that generated tsip key is going to */ + /* be able to be used for peer's cert verification */ + /* TSIP is only able to handle USER CA, and only one CA. */ + /* Therefore, it doesn't need to call TSIP again if there is already */ + /* verified CA. */ + if ( ret == 0 && signer != NULL ) { + signer->cm_idx = row; + if (type == WOLFSSL_USER_CA) { + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, + cert->maxIdx, + cert->sigCtx.CertAtt.pubkey_n_start, + cert->sigCtx.CertAtt.pubkey_n_len - 1, + cert->sigCtx.CertAtt.pubkey_e_start, + cert->sigCtx.CertAtt.pubkey_e_len - 1, + row/* cm index */)) + < 0) + WOLFSSL_MSG("Renesas_RootCertVerify() failed"); + else + WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); + } + } + #endif /* TSIP or SCE */ if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { signer->next = cm->caTable[row]; @@ -5580,28 +5603,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) ret = BAD_MUTEX_E; } } -#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - /* Verify CA by TSIP so that generated tsip key is going to be able to */ - /* be used for peer's cert verification */ - /* TSIP is only able to handle USER CA, and only one CA. */ - /* Therefore, it doesn't need to call TSIP again if there is already */ - /* verified CA. */ - if ( ret == 0 && signer != NULL ) { - signer->cm_idx = row; - if (type == WOLFSSL_USER_CA) { - if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, - cert->sigCtx.CertAtt.pubkey_n_start, - cert->sigCtx.CertAtt.pubkey_n_len - 1, - cert->sigCtx.CertAtt.pubkey_e_start, - cert->sigCtx.CertAtt.pubkey_e_len - 1, - row/* cm index */)) - < 0) - WOLFSSL_MSG("Renesas_RootCertVerify() failed"); - else - WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); - } - } -#endif /* TSIP or SCE */ WOLFSSL_MSG("\tFreeing Parsed CA"); FreeDecodedCert(cert); From 031656ee7a40bc82bbd705b39fb878148348dfd9 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 23 Oct 2024 12:32:10 +0200 Subject: [PATCH 193/325] Send a new ticket when rejecting a ticket and tickets enabled --- src/tls.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/tls.c b/src/tls.c index 48161c6da..8441acf52 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5905,14 +5905,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, /* SERVER: ticket is peer auth. */ ssl->options.peerAuthGood = 1; } - } else if (ret == WOLFSSL_TICKET_RET_REJECT) { + } else if (ret == WOLFSSL_TICKET_RET_REJECT || + ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { WOLFSSL_MSG("Process client ticket rejected, not using"); - ssl->options.rejectTicket = 1; + if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) + WOLFSSL_MSG("\tbad TLS version"); ret = 0; /* not fatal */ - } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { - WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); + ssl->options.rejectTicket = 1; - ret = 0; /* not fatal */ + /* If we have session tickets enabled then send a new ticket */ + if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) { + ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); + ssl->options.createTicket = 1; + ssl->options.useTicket = 1; + } + } } else if (ret == WOLFSSL_TICKET_RET_FATAL) { WOLFSSL_MSG("Process client ticket fatal error, not using"); } else if (ret < 0) { From f20f96c8a2ec96f4f161dada2effb13b6bf51cb1 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 23 Oct 2024 08:43:00 -0500 Subject: [PATCH 194/325] Fix docs for invalid hash requirements. --- doc/dox_comments/header_files/ed25519.h | 3 +-- doc/dox_comments/header_files/ed448.h | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h index 41705ce33..9ab61de62 100644 --- a/doc/dox_comments/header_files/ed25519.h +++ b/doc/dox_comments/header_files/ed25519.h @@ -188,8 +188,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out, \brief This function signs a message digest using an ed25519_key object to guarantee authenticity. The context is included as part of the data - signed. The message is pre-hashed before signature calculation. The hash - algorithm used to create message digest must be SHAKE-256. + signed. The message is pre-hashed before signature calculation. \return 0 Returned upon successfully generating a signature for the message digest. diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h index a3ea82088..2f186b56b 100644 --- a/doc/dox_comments/header_files/ed448.h +++ b/doc/dox_comments/header_files/ed448.h @@ -133,7 +133,6 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, \brief This function signs a message digest using an ed448_key object to guarantee authenticity. The context is included as part of the data signed. The hash is the pre-hashed message before signature calculation. - The hash algorithm used to create message digest must be SHAKE-256. \return 0 Returned upon successfully generating a signature for the message digest. @@ -162,7 +161,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, byte sig[114]; // will hold generated signature sigSz = sizeof(sig); - byte hash[] = { initialize with SHAKE-256 hash of message }; + byte hash[] = { initialize hash of message }; byte context[] = { initialize with context of signing }; wc_InitRng(&rng); // initialize rng @@ -297,7 +296,6 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg, \brief This function verifies the Ed448 signature of the digest of a message to ensure authenticity. The context is included as part of the data verified. The hash is the pre-hashed message before signature calculation. - The hash algorithm used to create message digest must be SHAKE-256. The answer is returned through res, with 1 corresponding to a valid signature, and 0 corresponding to an invalid signature. @@ -325,7 +323,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg, int ret, verified = 0; byte sig[] { initialize with received signature }; - byte hash[] = { initialize with SHAKE-256 hash of message }; + byte hash[] = { initialize hash of message }; byte context[] = { initialize with context of signature }; // initialize key with received public key ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash), From cf6975b60361c4c50ab95b436be479d9a73b5ffd Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 23 Oct 2024 10:37:21 -0400 Subject: [PATCH 195/325] Add less frequently used tools that are handy to have --- Docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 1d17aae4e..d2c01b05d 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_UDP_PROXY="wget libevent-dev" ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" -ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl" +ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ && apt clean -y && rm -rf /var/lib/apt/lists/* From e3c9c07393de9e4b30d14d7abbeb5ba23584f89b Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 23 Oct 2024 09:51:18 -0700 Subject: [PATCH 196/325] Name VS2022 binary output wolfssl via project name --- wolfssl-VS2022.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj index a52f42e6d..7c011bbc7 100644 --- a/wolfssl-VS2022.vcxproj +++ b/wolfssl-VS2022.vcxproj @@ -54,6 +54,7 @@ {12226DBE-7278-4DFA-A119-5A0294CF0B33} wolfssl Win32Proj + wolfssl From afa5b0168e8b373a5a64ae9b0e8de457c6f97416 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Oct 2024 12:46:32 -0500 Subject: [PATCH 197/325] fix HAVE_SHA* configurations in IDE/iotsafe/user_settings.h to also set WOLFSSL_SHA*, and in IDE/STM32Cube/default_conf.ftl, IDE/iotsafe/user_settings.h, and examples/configs/user_settings_stm32.h, comment HAVE_SHA* as "old freeRTOS settings.h requires this". --- IDE/STM32Cube/default_conf.ftl | 2 +- IDE/iotsafe/user_settings.h | 6 ++++-- examples/configs/user_settings_stm32.h | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index 6041dc90a..3c77d687d 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -539,7 +539,7 @@ extern ${variable.value} ${variable.name}; //#define USE_SLOW_SHA512 #define WOLFSSL_SHA512 - #define HAVE_SHA512 /* freeRTOS settings.h requires this */ + #define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #endif /* Sha2-384 */ diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h index 368a76ed4..a03361a00 100644 --- a/IDE/iotsafe/user_settings.h +++ b/IDE/iotsafe/user_settings.h @@ -150,8 +150,10 @@ static inline long XTIME(long *x) { return jiffies;} #define WOLFSSL_AES_DIRECT /* Hashing */ -#define HAVE_SHA384 -#define HAVE_SHA512 +#define WOLFSSL_SHA384 +#define HAVE_SHA384 /* old freeRTOS settings.h requires this */ +#define WOLFSSL_SHA512 +#define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #define HAVE_HKDF /* TLS */ diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h index b0182ae44..eb7822f27 100644 --- a/examples/configs/user_settings_stm32.h +++ b/examples/configs/user_settings_stm32.h @@ -602,7 +602,7 @@ extern "C" { //#define USE_SLOW_SHA512 #define WOLFSSL_SHA512 - #define HAVE_SHA512 /* freeRTOS settings.h requires this */ + #define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #endif /* Sha2-384 */ From 8986a9dae0994d2a8b0e3a7884c3daec4bea3ef9 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 23 Oct 2024 11:12:48 -0700 Subject: [PATCH 198/325] Fix 256-bit ECC conditional in ecc_map_ex. --- wolfcrypt/src/ecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index da5009382..da6505cc6 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2917,7 +2917,7 @@ done: if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) { err = sp_ecc_map_sm2_256(P->x, P->y, P->z); } -#elif defined(WOLFSSL_SP_NO_256) +#elif !defined(WOLFSSL_SP_NO_256) if (mp_count_bits(modulus) == 256) { err = sp_ecc_map_256(P->x, P->y, P->z); } From 19d738cecf601ba30edb0f099ddeab6941082153 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 23 Oct 2024 14:28:24 -0400 Subject: [PATCH 199/325] Revert "Don't need to upload/download artifacts" This reverts commit b215398bd4e8005e453fc4f5ade15b117683cfb1. --- .github/workflows/sssd.yml | 39 ++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 73408b051..7ab859133 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -13,6 +13,32 @@ concurrency: # END OF COMMON SECTION jobs: + build_wolfssl: + if: github.repository_owner == 'wolfssl' + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-sssd + path: build-dir.tgz + retention-days: 5 + sssd_check: if: github.repository_owner == 'wolfssl' strategy: @@ -28,6 +54,7 @@ jobs: LD_LIBRARY_PATH: /usr/local/lib # This should be a safe limit for the tests to run. timeout-minutes: 20 + needs: build_wolfssl steps: - name: Install dependencies run: | @@ -44,13 +71,13 @@ jobs: ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h - - name: Build wolfSSL - uses: wolfSSL/actions-build-autotools-project@v1 + - name: Download lib + uses: actions/download-artifact@v4 with: - path: wolfssl - configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT - install: true - check: false + name: wolf-install-sssd + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 From 7cee9faa730f27d27e4e4810c390bc73c4ad3711 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 23 Oct 2024 16:53:10 -0400 Subject: [PATCH 200/325] Addressing PR comments --- .github/workflows/jwt-cpp.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 020e066b5..3b8348ad7 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -41,13 +41,17 @@ jobs: retention-days: 5 build_pam-ipmi: + if: github.repository_owner == 'wolfssl' strategy: fail-fast: false matrix: - ref: [ 0.7.0 ] - name: ${{ matrix.ref }} - if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + config: + - ref: 0.7.0 + runner: ubuntu-latest + - ref: 0.6.0 + runner: ubuntu-22.04 + name: ${{ matrix.config.ref }} + runs-on: ${{ matrix.config.runner }} needs: build_wolfssl steps: - name: Install dependencies @@ -76,12 +80,12 @@ jobs: with: repository: Thalhammer/jwt-cpp path: jwt-cpp - ref: v${{ matrix.ref }} + ref: v${{ matrix.config.ref }} - name: Build pam-ipmi working-directory: jwt-cpp run: | - patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch + patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON . make -j -C build From d0f5778429c9a62c0e604c472cbe45975803516a Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 23 Oct 2024 15:04:06 -0600 Subject: [PATCH 201/325] fix for state of aes.gcm.H on re-use --- wolfcrypt/src/aes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index acd8c017c..1cb98431a 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -8063,6 +8063,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) GHASH_LEN_BLOCK(aes); /* Copy the result into s. */ XMEMCPY(s, AES_TAG(aes), sSz); + /* reset aes->gcm.H in case of re-use */ + GHASH_INIT_EXTRA(aes); } #endif /* WOLFSSL_AESGCM_STREAM */ From 17c9e92b7f780c7e122b2bfb2a27985a3273354a Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 16 Oct 2024 16:34:57 -0700 Subject: [PATCH 202/325] Initial rewrite of X509 STORE to replicate openssl behavior --- src/ssl_certman.c | 21 +- src/x509.c | 11 +- src/x509_str.c | 494 +++++++++++++++++++++++++++++++++++++-------- tests/api.c | 382 ++++++++++++++++++++++++++++++++++- wolfssl/internal.h | 2 + wolfssl/ssl.h | 11 +- 6 files changed, 821 insertions(+), 100 deletions(-) diff --git a/src/ssl_certman.c b/src/ssl_certman.c index a5b622ded..700216c55 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -455,11 +455,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) return ret; } -int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +static int wolfSSL_CertManagerUnloadIntermediateCertsEx(WOLFSSL_CERT_MANAGER* cm, + int type) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx"); /* Validate parameter. */ if (cm == NULL) { @@ -471,7 +472,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) } if (ret == WOLFSSL_SUCCESS) { /* Dispose of CA table. */ - FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA, + FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type, cm->heap); /* Unlock CA table. */ @@ -481,6 +482,20 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) return ret; } +#if defined(OPENSSL_EXTRA) +static int wolfSSL_CertManagerUnloadTempIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_INTER_CA); +} +#endif + +int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA); +} + #ifdef WOLFSSL_TRUST_PEER_CERT /* Unload the trusted peers table. * diff --git a/src/x509.c b/src/x509.c index d130f9fe1..c440de498 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5559,7 +5559,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) * size of this subset and its memory usage */ #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */ -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) /* * Converts a and b to DER and then does an XMEMCMP to check if they match. * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't. @@ -7536,7 +7536,6 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, byte* pem = NULL; byte* curr = NULL; byte* prev = NULL; - WOLFSSL_X509* x509; const char* header = NULL; const char* footer = NULL; @@ -7597,12 +7596,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { - x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz, - WOLFSSL_FILETYPE_PEM); - if (x509 == NULL) - goto end; - ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509); - wolfSSL_X509_free(x509); + ret = wolfSSL_X509_STORE_load_cert_buffer(lookup->store, curr, sz, + WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); diff --git a/src/x509_str.c b/src/x509_str.c index dfb11fb02..ff1e72701 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -36,6 +36,17 @@ #ifndef NO_CERTS +#ifdef OPENSSL_EXTRA +static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, + WOLFSSL_STACK *certs, WOLFSSL_X509 *x); +static int wolfSSL_X509_STORE_add_ca(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type); +#endif + +#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH +#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 +#endif + /******************************************************************************* * START OF X509_STORE_CTX APIs ******************************************************************************/ @@ -78,6 +89,14 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) #ifdef OPENSSL_EXTRA XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->param = NULL; + + if (ctx->ctxIntermediates != NULL) { + wolfSSL_sk_X509_free(ctx->ctxIntermediates); + } + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } #endif XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX); @@ -97,7 +116,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLF_STACK_OF(WOLFSSL_X509)* sk) { int ret = 0; - (void)sk; + int i = 0; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); if (ctx != NULL) { @@ -106,51 +125,37 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->current_cert = x509; #else if(x509 != NULL){ - ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer, - x509->derCert->length, x509->heap); + ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, + x509->derCert->buffer, + x509->derCert->length, + x509->heap); if(ctx->current_cert == NULL) return WOLFSSL_FAILURE; } else ctx->current_cert = NULL; #endif - ctx->chain = sk; - /* Add intermediate certs, that verify to a loaded CA, to the store */ if (sk != NULL) { - byte addedAtLeastOne = 1; - WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk); - if (head == NULL) - return WOLFSSL_FAILURE; - while (addedAtLeastOne) { - WOLF_STACK_OF(WOLFSSL_X509)* cur = head; - WOLF_STACK_OF(WOLFSSL_X509)** prev = &head; - addedAtLeastOne = 0; - while (cur) { - WOLFSSL_X509* cert = cur->data.x509; - if (cert != NULL && cert->derCert != NULL && - wolfSSL_CertManagerVerifyBuffer(store->cm, - cert->derCert->buffer, - cert->derCert->length, - WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { - ret = wolfSSL_X509_STORE_add_cert(store, cert); - if (ret < 0) { - wolfSSL_sk_free(head); - return WOLFSSL_FAILURE; - } - addedAtLeastOne = 1; - *prev = cur->next; - wolfSSL_sk_free_node(cur); - cur = *prev; - } - else { - prev = &cur->next; - cur = cur->next; - } + if (ctx->ctxIntermediates == NULL) { + ctx->ctxIntermediates = sk_X509_new_null(); + if (ctx->ctxIntermediates == NULL) { + return WOLFSSL_FAILURE; + } + } + + for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { + ret = wolfSSL_sk_X509_push(ctx->ctxIntermediates, + wolfSSL_sk_X509_value(sk, i)); + if (ret <= 0) { + return WOLFSSL_FAILURE; } } - wolfSSL_sk_free(head); } + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + ctx->chain = NULL; + } ctx->sesChain = NULL; ctx->domain = NULL; #ifdef HAVE_EX_DATA @@ -192,10 +197,14 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) } -void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk) +void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509) *sk) { if (ctx != NULL) { - ctx->chain = sk; + if (ctx->setTrustedSk != NULL) { + wolfSSL_sk_X509_free(ctx->setTrustedSk); + } + ctx->setTrustedSk = sk; } } @@ -255,19 +264,15 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); } -/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX - * returns 0 on success or < 0 on failure. - */ -int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +static int wolfSSL_X509_verify_cert_ex(WOLFSSL_X509_STORE_CTX* ctx) { - WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL - && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { - int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, - ctx->current_cert->derCert->buffer, - ctx->current_cert->derCert->length, - WOLFSSL_FILETYPE_ASN1); + if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { + ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, + ctx->current_cert->derCert->buffer, + ctx->current_cert->derCert->length, + WOLFSSL_FILETYPE_ASN1); SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) if (ctx->store && ctx->store->verify_cb) @@ -278,9 +283,9 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or - ASN_BEFORE_DATE_E if there are no additional errors found in the - cert. Therefore, check if the cert is expired or not yet valid - in order to return the correct expected error. */ + ASN_BEFORE_DATE_E if there are no additional errors found in the + cert. Therefore, check if the cert is expired or not yet valid + in order to return the correct expected error. */ byte *afterDate = ctx->current_cert->notAfter.data; byte *beforeDate = ctx->current_cert->notBefore.data; @@ -300,10 +305,157 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) #endif } #endif - - return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } - return WOLFSSL_FATAL_ERROR; + + return ret; +} + +/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX + * returns 0 on success or < 0 on failure. + */ +int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int done = 0; + int added = 0; + int i = 0; + int numInterAdd = 0; + int depth = 0; + WOLFSSL_X509 *issuer = NULL; + WOLFSSL_X509 *orig = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + + if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL + || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + certs = ctx->store->certs; + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + ctx->chain = wolfSSL_sk_X509_new_null(); + + if (ctx->setTrustedSk != NULL) { + certs = ctx->setTrustedSk; + } + + if (certs == NULL && + wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) { + certs = ctx->ctxIntermediates; + } + else { + /* Add the intermediates provided on init to the list of untrusted + * intermediates to be used */ + for (i = 0; i < wolfSSL_sk_X509_num(ctx->ctxIntermediates); i++) { + ret = wolfSSL_sk_X509_push(certs, + wolfSSL_sk_X509_value(ctx->ctxIntermediates, i)); + if (ret <= 0) { + return WOLFSSL_FAILURE; + } + + numInterAdd++; + } + } + + if (ctx->depth > 0) { + depth = ctx->depth + 1; + } + else { + depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1; + } + + orig = ctx->current_cert; + while(done == 0 && depth > 0) { + issuer = NULL; + + /* Try to find an untrusted issuer first */ + ret = wolfSSL_X509_STORE_get_issuer_ex(&issuer, certs, + ctx->current_cert); + if (ret == WOLFSSL_SUCCESS) { + if (ctx->current_cert == issuer) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + break; + } + + /* We found our issuer in the non-trusted cert list, add it + * to the CM and verify the current cert against it */ + ret = wolfSSL_X509_STORE_add_ca(ctx->store, issuer, + WOLFSSL_INTER_CA); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + added = 1; + + ret = wolfSSL_X509_verify_cert_ex(ctx); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + /* Add it to the current chain and look at the issuer cert next */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ctx->current_cert = issuer; + } + else if (ret == WOLFSSL_FAILURE) { + /* Could not find in untrusted list, only place left is + * a trusted CA in the CM */ + ret = wolfSSL_X509_verify_cert_ex(ctx); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + /* Cert verified, finish building the chain */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + #ifdef WOLFSSL_SIGNER_DER_CERT + x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert); + if (issuer != NULL && ctx->store->owned != NULL) { + wolfSSL_sk_X509_push(ctx->store->owned, issuer); + } + #else + if (ctx->setTrustedSk == NULL) { + wolfSSL_X509_STORE_get_issuer_ex(&issuer, + ctx->store->trusted, ctx->current_cert); + } + else { + wolfSSL_X509_STORE_get_issuer_ex(&issuer, + ctx->setTrustedSk, ctx->current_cert); + } + #endif + if (issuer != NULL) { + wolfSSL_sk_X509_push(ctx->chain, issuer); + } + + done = 1; + } + else { + goto exit; + } + + depth--; + } + +exit: + /* Remove additional intermediates from init from the store */ + if (ctx != NULL && numInterAdd > 0) { + for (i = 0; i < numInterAdd; i++) { + wolfSSL_sk_X509_pop(ctx->store->certs); + } + } + /* Remove intermediates that were added to CM */ + if (ctx != NULL) { + if (ctx->store != NULL) { + if (added == 1) { + wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm); + } + } + if (orig != NULL) { + ctx->current_cert = orig; + } + } + + return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA */ @@ -743,7 +895,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, for (node = ctx->chain; node != NULL; node = node->next) { if (wolfSSL_X509_check_issued(node->data.x509, x) == WOLFSSL_X509_V_OK) { - *issuer = x; + *issuer = node->data.x509; return WOLFSSL_SUCCESS; } } @@ -755,6 +907,31 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, } #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ +#ifdef OPENSSL_EXTRA + +static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, + WOLFSSL_STACK * certs, WOLFSSL_X509 *x) +{ + int i; + + if (issuer == NULL || x == NULL) + return WOLFSSL_FATAL_ERROR; + + if (certs != NULL) { + for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) { + if (wolfSSL_X509_check_issued(wolfSSL_sk_X509_value(certs, i), x) == + WOLFSSL_X509_V_OK) { + *issuer = wolfSSL_sk_X509_value(certs, i); + return WOLFSSL_SUCCESS; + } + } + } + + return WOLFSSL_FAILURE; +} + +#endif + /******************************************************************************* * END OF X509_STORE_CTX APIs ******************************************************************************/ @@ -789,6 +966,17 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; + if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + + if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; +#endif + #ifdef HAVE_CRL store->crl = store->cm->crl; #endif @@ -849,6 +1037,20 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) wolfSSL_CertManagerFree(store->cm); store->cm = NULL; } + if (store->certs != NULL) { + wolfSSL_sk_X509_free(store->certs); + store->certs = NULL; + } + if (store->owned != NULL) { + wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free); + store->owned = NULL; + } +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if (store->trusted != NULL) { + wolfSSL_sk_X509_free(store->trusted); + store->trusted = NULL; + } +#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); @@ -1010,6 +1212,28 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, return &store->lookup; } +static int wolfSSL_X509_STORE_add_ca(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type) +{ + int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + DerBuffer* derCert = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_ca"); + if (store != NULL && x509 != NULL && x509->derCert != NULL) { + result = AllocDer(&derCert, x509->derCert->length, + x509->derCert->type, NULL); + if (result == 0) { + /* AddCA() frees the buffer. */ + XMEMCPY(derCert->buffer, + x509->derCert->buffer, x509->derCert->length); + result = AddCA(store->cm, &derCert, type, VERIFY); + } + } + + return result; +} + + int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) { int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); @@ -1017,15 +1241,27 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); if (store != NULL && store->cm != NULL && x509 != NULL && x509->derCert != NULL) { - DerBuffer* derCert = NULL; - - result = AllocDer(&derCert, x509->derCert->length, - x509->derCert->type, NULL); - if (result == 0) { - /* AddCA() frees the buffer. */ - XMEMCPY(derCert->buffer, - x509->derCert->buffer, x509->derCert->length); - result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY); + /* Mimic the openssl behavior, must be self signed to be considered + * trusted, addCA() internals will do additional checks for + * CA=TRUE */ + if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { + result = wolfSSL_X509_STORE_add_ca(store, x509, WOLFSSL_USER_CA); + #if !defined(WOLFSSL_SIGNER_DER_CERT) + if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { + result = wolfSSL_sk_X509_push(store->trusted, x509); + result = (result > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FATAL_ERROR; + } + #endif + } + else { + if (store->certs != NULL) { + result = wolfSSL_sk_X509_push(store->certs, x509); + result = (result > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FATAL_ERROR; + } + else { + result = wolfSSL_X509_STORE_add_ca( + store, x509, WOLFSSL_USER_CA); + } } } @@ -1065,7 +1301,99 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) return WOLFSSL_SUCCESS; } +int wolfSSL_X509_STORE_load_cert_buffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type) +{ + int ret = WOLFSSL_FAILURE; + WOLFSSL_X509 *x509 = NULL; + + if (str == NULL || buf == NULL) { + return WOLFSSL_FAILURE; + } + + /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */ + x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type); + if (str->owned != NULL) { + wolfSSL_sk_X509_push(str->owned, x509); + } + ret = wolfSSL_X509_STORE_add_cert(str, x509); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + if (str->owned == NULL) { + wolfSSL_X509_free(x509); + } + + return ret; +} + #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + +static int wolfSSL_X509_STORE_read_file(const char *fname, + StaticBuffer *content, word32 *bytesRead, int *type) +{ + int ret = -1; + long sz = 0; +#ifdef HAVE_CRL + const char* header = NULL; + const char* footer = NULL; +#endif + + ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE, + &sz); + if (ret == 0) { + *type = CERT_TYPE; + *bytesRead = (word32)sz; +#ifdef HAVE_CRL + /* Look for CRL header and footer. */ + if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content->buffer, header, (word32)sz) != NULL)) { + *type = CRL_TYPE; + } +#endif + } + + return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE); +} + +static int wolfSSL_X509_STORE_load_file(WOLFSSL_X509_STORE *str, const char *fname) +{ + int ret = WOLFSSL_SUCCESS; + int type = 0; +#ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; +#endif + StaticBuffer content; + word32 contentLen = 0; + +#ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&content); +#else + static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); +#endif + + ret = wolfSSL_X509_STORE_read_file(fname, &content, &contentLen, &type); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + + if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) { + ret = wolfSSL_X509_STORE_load_cert_buffer(str, content.buffer, + contentLen, WOLFSSL_FILETYPE_PEM); + } +#ifdef HAVE_CRL + else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) { + ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen, + WOLFSSL_FILETYPE_PEM, 0); + } +#endif + + static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE); + return ret; +} + /* Loads certificate(s) files in pem format into X509_STORE struct from either * a file or directory. * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs. @@ -1111,10 +1439,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, /* Load individual file */ if (file) { - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + ret = wolfSSL_X509_STORE_load_file(str, file); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; @@ -1139,10 +1464,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, ret = wc_ReadDirFirst(readCtx, dir, &name); while (ret == 0 && name) { WOLFSSL_MSG(name); - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + + ret = wolfSSL_X509_STORE_load_file(str, name); /* Not failing on load errors */ if (ret != WOLFSSL_SUCCESS) WOLFSSL_MSG("Failed to load file in path, continuing"); @@ -1185,17 +1508,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } table = store->cm->caTable; - if (table){ + if (table || (store->certs != NULL)){ if (wc_LockMutex(&store->cm->caLock) == 0){ - int i = 0; - for (i = 0; i < CA_TABLE_SIZE; i++) { - Signer* signer = table[i]; - while (signer) { - Signer* next = signer->next; - cnt_ret++; - signer = next; + if (table) { + int i = 0; + for (i = 0; i < CA_TABLE_SIZE; i++) { + Signer* signer = table[i]; + while (signer) { + Signer* next = signer->next; + cnt_ret++; + signer = next; + } } } + + if (store->certs != NULL) { + cnt_ret += wolfSSL_sk_X509_num(store->certs); + } wc_UnLockMutex(&store->cm->caLock); } } @@ -1299,6 +1628,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; WOLFSSL_X509* x509 = NULL; + int i = 0; WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects"); if (store == NULL || store->cm == NULL) { @@ -1329,6 +1659,10 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) cert_stack = wolfSSL_CertManagerGetCerts(store->cm); + for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) { + wolfSSL_sk_X509_push(cert_stack, + wolfSSL_sk_X509_value(store->certs, i)); + } /* wolfSSL_sk_X509_pop checks for NULL */ while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) { WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); diff --git a/tests/api.c b/tests/api.c index 7481e24b4..f84c6c82d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -59821,11 +59821,9 @@ static int test_wolfSSL_X509_STORE_CTX(void) ExpectNotNull((ctx = X509_STORE_CTX_new())); ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); - ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx))); - ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */ + ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); - ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); - ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); X509_STORE_CTX_free(ctx); ctx = NULL; X509_STORE_free(str); @@ -59892,6 +59890,373 @@ static int test_wolfSSL_X509_STORE_CTX(void) return EXPECT_RESULT(); } +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +typedef struct { + const char *caFile; + const char *caIntFile; + const char *caInt2File; + const char *leafFile; + X509 *x509Ca; + X509 *x509CaInt; + X509 *x509CaInt2; + X509 *x509Leaf; + STACK_OF(X509)* expectedChain; +} X509_STORE_test_data; + +static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) +{ + XFILE fp = XBADFILE; + X509 *x = NULL; + + fp = XFOPEN(file, "rb"); + if (fp == NULL) { + return NULL; + } + x = PEM_read_X509(fp, 0, 0, 0); + XFCLOSE(fp); + + return x; +} + +static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 1, add X509 certs to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 2, add certs by filename to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caIntFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caInt2File, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 3, mix and match X509 with files */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 4, CA loaded by file, intermediates passed on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + int i = 0; + + /* Test case 5, manually set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 6, manually set trusted stack will be unified with + * any intermediates provided on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 7, certs added to store after ctx init are still used */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 8, Only full chain verifies */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx2 = NULL; + STACK_OF(X509)* trusted = NULL; + + /* Test case 9, certs added to store should not be reflected in ctx that + * has been manually set with a trusted stack, but are reflected in ctx + * that has not set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx2 = X509_STORE_CTX_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + /* CTX1 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + /* CTX2 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_free(ctx); + X509_STORE_CTX_free(ctx2); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_X509_STORE_CTX_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_test_data testData = {0}; + testData.caFile = "./certs/ca-cert.pem"; + testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; + testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; + testData.leafFile = "./certs/intermediate/server-chain.pem"; + + ExpectNotNull(testData.x509Ca = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); + ExpectNotNull(testData.x509CaInt = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); + ExpectNotNull(testData.x509CaInt2 = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); + ExpectNotNull(testData.x509Leaf = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); + ExpectNotNull(testData.expectedChain = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); + + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + + if(testData.x509Ca) { + X509_free(testData.x509Ca); + } + if(testData.x509CaInt) { + X509_free(testData.x509CaInt); + } + if(testData.x509CaInt2) { + X509_free(testData.x509CaInt2); + } + if(testData.x509Leaf) { + X509_free(testData.x509Leaf); + } + if (testData.expectedChain) { + sk_X509_free(testData.expectedChain); + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + + #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, STACK_OF(X509)* chain) @@ -59994,9 +60359,9 @@ static int test_X509_STORE_untrusted(void) /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), TEST_SUCCESS); - /* Fails because root CA is in the untrusted stack */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS); + /* Root CA in untrusted chain is OK */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), + TEST_SUCCESS); /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), TEST_SUCCESS); @@ -80147,7 +80512,7 @@ static int test_wolfSSL_X509_load_crl_file(void) #ifdef WC_RSA_PSS ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); #endif } /* once feeing store */ @@ -97559,6 +97924,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_TBS), TEST_DECL(test_wolfSSL_X509_STORE_CTX), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), TEST_DECL(test_X509_STORE_untrusted), TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer), diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 1a6c97d8f..a6db36e50 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2756,6 +2756,8 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, WOLFSSL* ssl, void* heap, int x509Free); #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ +WOLFSSL_LOCAL int wolfSSL_X509_STORE_load_cert_buffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type); #endif /* !defined NO_CERTS */ /* wolfSSL Sock Addr */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 13abb0bb3..0d26abfac 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -600,6 +600,9 @@ struct WOLFSSL_X509_STORE { WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif wolfSSL_Ref ref; + WOLF_STACK_OF(WOLFSSL_X509)* certs; + WOLF_STACK_OF(WOLFSSL_X509)* trusted; + WOLF_STACK_OF(WOLFSSL_X509)* owned; }; #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 @@ -697,6 +700,11 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ void* heap; + WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified + * on store ctx init */ + WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override + * set with + * X509_STORE_CTX_trusted_stack*/ }; typedef char* WOLFSSL_STRING; @@ -3313,7 +3321,8 @@ enum { WOLFSSL_DTLSV1_3 = 7, WOLFSSL_USER_CA = 1, /* user added as trusted */ - WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ + WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ + WOLFSSL_INTER_CA = 3 /* Intermediate CA */ }; WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); From 38c7de1707115a8c475fe84f3fc118bbce51907a Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 16 Oct 2024 16:44:15 -0700 Subject: [PATCH 203/325] Fixes for CI build errors --- src/x509.c | 4 ++-- src/x509_str.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/x509.c b/src/x509.c index c440de498..f6ee7a64f 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7596,8 +7596,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { - ret = wolfSSL_X509_STORE_load_cert_buffer(lookup->store, curr, sz, - WOLFSSL_FILETYPE_PEM); + ret = wolfSSL_X509_STORE_load_cert_buffer(lookup->store, curr, + (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); diff --git a/src/x509_str.c b/src/x509_str.c index ff1e72701..a73d9ef8c 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1628,7 +1628,9 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; WOLFSSL_X509* x509 = NULL; +#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) int i = 0; +#endif WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects"); if (store == NULL || store->cm == NULL) { From 12f4f69fb44aed472f078f5a9cb0511bef297d3a Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 16 Oct 2024 21:59:48 -0700 Subject: [PATCH 204/325] Allow intermediate CA certs without keycertsign when added through X509 STORE --- src/ssl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index bfe5ad46a..defa11190 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5535,13 +5535,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } } - if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) { + if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && + type != WOLFSSL_INTER_CA) { WOLFSSL_MSG("\tCan't add as CA if not actually one"); ret = NOT_CA_ERROR; } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + type != WOLFSSL_INTER_CA && !cert->selfSigned && + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ WOLFSSL_MSG("\tDoesn't have key usage certificate signing"); From f7bfa71d9f691be90d47366b2638dde10a1cfd7e Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 17 Oct 2024 22:07:52 -0700 Subject: [PATCH 205/325] Implement support for verify flag X509_V_FLAG_PARTIAL_CHAIN --- src/x509_str.c | 5 +++++ wolfssl/openssl/ssl.h | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/x509_str.c b/src/x509_str.c index a73d9ef8c..3a5d870ad 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -403,6 +403,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) * a trusted CA in the CM */ ret = wolfSSL_X509_verify_cert_ex(ctx); if (ret != WOLFSSL_SUCCESS) { + if ((ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN) && + (added == 1)) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ret = WOLFSSL_SUCCESS; + } goto exit; } diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a08a96db0..1f7b640eb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -643,7 +643,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define X509_V_FLAG_PARTIAL_CHAIN 0 +#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 #define X509_V_FLAG_TRUSTED_FIRST 0 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME From 98eb6b398c403c3c95120c87156773fa58236691 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 17 Oct 2024 22:22:35 -0700 Subject: [PATCH 206/325] Fix for windows builds --- src/x509_str.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/x509_str.c b/src/x509_str.c index 3a5d870ad..bdffe2213 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -315,7 +315,6 @@ static int wolfSSL_X509_verify_cert_ex(WOLFSSL_X509_STORE_CTX* ctx) */ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) { - WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int done = 0; int added = 0; @@ -325,6 +324,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) WOLFSSL_X509 *issuer = NULL; WOLFSSL_X509 *orig = NULL; WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) { From f0fae6506f1e2e1671b9575d533928dd663e79d7 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Thu, 17 Oct 2024 22:42:11 -0700 Subject: [PATCH 207/325] Fix windows warnings --- src/ssl_certman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_certman.c b/src/ssl_certman.c index 700216c55..cb5233317 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -456,7 +456,7 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) } static int wolfSSL_CertManagerUnloadIntermediateCertsEx(WOLFSSL_CERT_MANAGER* cm, - int type) + byte type) { int ret = WOLFSSL_SUCCESS; From 6607314dc682b146603968d41e32ecd4c5fd580a Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Fri, 18 Oct 2024 15:22:25 -0700 Subject: [PATCH 208/325] Address code comments, rewrite get issuer internals, use better internal names, get rid of all lines over 80 chars --- src/x509.c | 6 +- src/x509_str.c | 229 +++++++++++++++++++++++++-------------------- tests/api.c | 25 +++-- wolfssl/internal.h | 2 +- wolfssl/ssl.h | 3 +- 5 files changed, 156 insertions(+), 109 deletions(-) diff --git a/src/x509.c b/src/x509.c index f6ee7a64f..dd05cd4b3 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7596,7 +7596,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { - ret = wolfSSL_X509_STORE_load_cert_buffer(lookup->store, curr, + ret = X509StoreLoadCertBuffer(lookup->store, curr, (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; @@ -14205,6 +14205,8 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) /** * Find the issuing cert of the input cert. On a self-signed cert this @@ -14275,6 +14277,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, return WOLFSSL_SUCCESS; } +#endif /* if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) */ void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { diff --git a/src/x509_str.c b/src/x509_str.c index bdffe2213..9a022cf96 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -37,9 +37,9 @@ #ifndef NO_CERTS #ifdef OPENSSL_EXTRA -static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, WOLFSSL_STACK *certs, WOLFSSL_X509 *x); -static int wolfSSL_X509_STORE_add_ca(WOLFSSL_X509_STORE* store, +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, int type); #endif @@ -47,9 +47,9 @@ static int wolfSSL_X509_STORE_add_ca(WOLFSSL_X509_STORE* store, #define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 #endif -/******************************************************************************* +/****************************************************************************** * START OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ /* This API is necessary outside of OPENSSL_EXTRA because it is used in * SetupStoreCtxCallback */ @@ -90,13 +90,14 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->param = NULL; - if (ctx->ctxIntermediates != NULL) { - wolfSSL_sk_X509_free(ctx->ctxIntermediates); - } - if (ctx->chain != NULL) { wolfSSL_sk_X509_free(ctx->chain); } + + if (ctx->current_issuer != NULL) { + wolfSSL_X509_free(ctx->current_issuer); + ctx->current_issuer = NULL; + } #endif XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX); @@ -115,8 +116,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) { - int ret = 0; - int i = 0; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); if (ctx != NULL) { @@ -135,23 +134,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->current_cert = NULL; #endif - if (sk != NULL) { - if (ctx->ctxIntermediates == NULL) { - ctx->ctxIntermediates = sk_X509_new_null(); - if (ctx->ctxIntermediates == NULL) { - return WOLFSSL_FAILURE; - } - } - - for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { - ret = wolfSSL_sk_X509_push(ctx->ctxIntermediates, - wolfSSL_sk_X509_value(sk, i)); - if (ret <= 0) { - return WOLFSSL_FAILURE; - } - } - } - + ctx->ctxIntermediates = sk; if (ctx->chain != NULL) { wolfSSL_sk_X509_free(ctx->chain); ctx->chain = NULL; @@ -201,9 +184,6 @@ void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk) { if (ctx != NULL) { - if (ctx->setTrustedSk != NULL) { - wolfSSL_sk_X509_free(ctx->setTrustedSk); - } ctx->setTrustedSk = sk; } } @@ -264,7 +244,7 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); } -static int wolfSSL_X509_verify_cert_ex(WOLFSSL_X509_STORE_CTX* ctx) +static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -371,7 +351,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) issuer = NULL; /* Try to find an untrusted issuer first */ - ret = wolfSSL_X509_STORE_get_issuer_ex(&issuer, certs, + ret = X509StoreGetIssuerEx(&issuer, certs, ctx->current_cert); if (ret == WOLFSSL_SUCCESS) { if (ctx->current_cert == issuer) { @@ -381,7 +361,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* We found our issuer in the non-trusted cert list, add it * to the CM and verify the current cert against it */ - ret = wolfSSL_X509_STORE_add_ca(ctx->store, issuer, + ret = X509StoreAddCa(ctx->store, issuer, WOLFSSL_INTER_CA); if (ret != WOLFSSL_SUCCESS) { goto exit; @@ -389,7 +369,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) added = 1; - ret = wolfSSL_X509_verify_cert_ex(ctx); + ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { goto exit; } @@ -398,10 +378,10 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); ctx->current_cert = issuer; } - else if (ret == WOLFSSL_FAILURE) { + else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { /* Could not find in untrusted list, only place left is * a trusted CA in the CM */ - ret = wolfSSL_X509_verify_cert_ex(ctx); + ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { if ((ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN) && (added == 1)) { @@ -420,11 +400,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #else if (ctx->setTrustedSk == NULL) { - wolfSSL_X509_STORE_get_issuer_ex(&issuer, + X509StoreGetIssuerEx(&issuer, ctx->store->trusted, ctx->current_cert); } else { - wolfSSL_X509_STORE_get_issuer_ex(&issuer, + X509StoreGetIssuerEx(&issuer, ctx->setTrustedSk, ctx->current_cert); } #endif @@ -467,7 +447,7 @@ exit: #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX* ctx) + WOLFSSL_X509_STORE_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert"); if (ctx) @@ -611,8 +591,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup( WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup"); if (ctx != NULL) { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, - cleanup_routine); + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, + data, cleanup_routine); } return WOLFSSL_FAILURE; } @@ -627,22 +607,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth) } #endif - WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_X509_STORE_CTX* ctx) { - int ret; - WOLFSSL_X509* issuer; - + WOLFSSL_STACK* node; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer"); - if (ctx == NULL) { + if (ctx == NULL) return NULL; - } - ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert); - if (ret == WOLFSSL_SUCCESS) { - return issuer; + /* get0 only checks currently built chain */ + if (ctx->chain != NULL) { + for (node = ctx->chain; node != NULL; node = node->next) { + if (wolfSSL_X509_check_issued(node->data.x509, + ctx->current_cert) == + WOLFSSL_X509_V_OK) { + return node->data.x509; + } + } } return NULL; @@ -662,7 +644,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er) /* Set the error depth in the X509 STORE CTX */ void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, - int depth) + int depth) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth"); @@ -690,7 +672,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (sk == NULL) return NULL; -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) /* add CA used to verify top of chain to the list */ if (c->count > 0) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); @@ -891,30 +874,35 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) { - WOLFSSL_STACK* node; + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer"); if (issuer == NULL || ctx == NULL || x == NULL) return WOLFSSL_FATAL_ERROR; - if (ctx->chain != NULL) { - for (node = ctx->chain; node != NULL; node = node->next) { - if (wolfSSL_X509_check_issued(node->data.x509, x) == - WOLFSSL_X509_V_OK) { - *issuer = node->data.x509; - return WOLFSSL_SUCCESS; - } - } + ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + *issuer = wolfSSL_X509_dup(*issuer); + return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } - /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */ +#ifdef WOLFSSL_SIGNER_DER_CERT + ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x); +#else + ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + *issuer = wolfSSL_X509_dup(*issuer); + return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + } +#endif - return x509GetIssuerFromCM(issuer, ctx->store->cm, x); + return ret; } #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ #ifdef OPENSSL_EXTRA -static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, WOLFSSL_STACK * certs, WOLFSSL_X509 *x) { int i; @@ -924,8 +912,9 @@ static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, if (certs != NULL) { for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) { - if (wolfSSL_X509_check_issued(wolfSSL_sk_X509_value(certs, i), x) == - WOLFSSL_X509_V_OK) { + if (wolfSSL_X509_check_issued( + wolfSSL_sk_X509_value(certs, i), x) == + WOLFSSL_X509_V_OK) { *issuer = wolfSSL_sk_X509_value(certs, i); return WOLFSSL_SUCCESS; } @@ -937,13 +926,13 @@ static int wolfSSL_X509_STORE_get_issuer_ex(WOLFSSL_X509 **issuer, #endif -/******************************************************************************* +/****************************************************************************** * END OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ -/******************************************************************************* +/****************************************************************************** * START OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) @@ -986,6 +975,8 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) store->crl = store->cm->crl; #endif + store->numAdded = 0; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Link store's new Certificate Manager to self by default */ @@ -1020,6 +1011,28 @@ err_exit: return NULL; } +static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, + WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs) +{ + int i; + WOLFSSL_X509_OBJECT *obj = NULL; + int cnt = store->numAdded; + + i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; + while (cnt > 0 && i > 0) { + /* The inner X509 is owned by somebody else, NULL out the reference */ + obj = wolfSSL_sk_X509_OBJECT_value(objs, i); + if (obj != NULL) { + obj->type = 0; + obj->data.x509 = NULL; + } + cnt--; + i--; + } + + wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL); +} + void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { int doFree = 0; @@ -1058,7 +1071,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) #endif #ifdef OPENSSL_ALL if (store->objs != NULL) { - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -1068,7 +1081,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) if (store->lookup.dirs != NULL) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (store->lookup.dirs->dir_entry) { - wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); + wolfSSL_sk_BY_DIR_entry_free( + store->lookup.dirs->dir_entry); } #endif wc_FreeMutex(&store->lookup.dirs->lock); @@ -1130,7 +1144,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store) * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure */ int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx, - void *data) + void *data) { WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data"); #ifdef HAVE_EX_DATA @@ -1217,13 +1231,13 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, return &store->lookup; } -static int wolfSSL_X509_STORE_add_ca(WOLFSSL_X509_STORE* store, +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, int type) { int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); DerBuffer* derCert = NULL; - WOLFSSL_ENTER("wolfSSL_X509_STORE_add_ca"); + WOLFSSL_ENTER("X509StoreAddCa"); if (store != NULL && x509 != NULL && x509->derCert != NULL) { result = AllocDer(&derCert, x509->derCert->length, x509->derCert->type, NULL); @@ -1250,7 +1264,7 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) * trusted, addCA() internals will do additional checks for * CA=TRUE */ if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { - result = wolfSSL_X509_STORE_add_ca(store, x509, WOLFSSL_USER_CA); + result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); #if !defined(WOLFSSL_SIGNER_DER_CERT) if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { result = wolfSSL_sk_X509_push(store->trusted, x509); @@ -1264,7 +1278,9 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) result = (result > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FATAL_ERROR; } else { - result = wolfSSL_X509_STORE_add_ca( + /* If store->certs is NULL, this is an X509_STORE managed by an + * SSL_CTX, preserve behavior and always add as USER_CA */ + result = X509StoreAddCa( store, x509, WOLFSSL_USER_CA); } } @@ -1306,7 +1322,7 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) return WOLFSSL_SUCCESS; } -int wolfSSL_X509_STORE_load_cert_buffer(WOLFSSL_X509_STORE *str, +int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, byte *buf, word32 bufLen, int type) { int ret = WOLFSSL_FAILURE; @@ -1335,7 +1351,7 @@ int wolfSSL_X509_STORE_load_cert_buffer(WOLFSSL_X509_STORE *str, #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -static int wolfSSL_X509_STORE_read_file(const char *fname, +static int X509StoreReadFile(const char *fname, StaticBuffer *content, word32 *bytesRead, int *type) { int ret = -1; @@ -1353,7 +1369,8 @@ static int wolfSSL_X509_STORE_read_file(const char *fname, #ifdef HAVE_CRL /* Look for CRL header and footer. */ if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)content->buffer, header, (word32)sz) != NULL)) { + (XSTRNSTR((char*)content->buffer, header, (word32)sz) != + NULL)) { *type = CRL_TYPE; } #endif @@ -1362,7 +1379,8 @@ static int wolfSSL_X509_STORE_read_file(const char *fname, return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE); } -static int wolfSSL_X509_STORE_load_file(WOLFSSL_X509_STORE *str, const char *fname) +static int X509StoreLoadFile(WOLFSSL_X509_STORE *str, + const char *fname) { int ret = WOLFSSL_SUCCESS; int type = 0; @@ -1378,14 +1396,14 @@ static int wolfSSL_X509_STORE_load_file(WOLFSSL_X509_STORE *str, const char *fna static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); #endif - ret = wolfSSL_X509_STORE_read_file(fname, &content, &contentLen, &type); + ret = X509StoreReadFile(fname, &content, &contentLen, &type); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; } if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) { - ret = wolfSSL_X509_STORE_load_cert_buffer(str, content.buffer, + ret = X509StoreLoadCertBuffer(str, content.buffer, contentLen, WOLFSSL_FILETYPE_PEM); } #ifdef HAVE_CRL @@ -1404,7 +1422,7 @@ static int wolfSSL_X509_STORE_load_file(WOLFSSL_X509_STORE *str, const char *fna * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs. */ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, - const char *file, const char *dir) + const char *file, const char *dir) { WOLFSSL_CTX* ctx; char *name = NULL; @@ -1444,7 +1462,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, /* Load individual file */ if (file) { - ret = wolfSSL_X509_STORE_load_file(str, file); + ret = X509StoreLoadFile(str, file); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; @@ -1457,7 +1475,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, #ifdef WOLFSSL_SMALL_STACK readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (readCtx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_CTX_free(ctx); @@ -1470,7 +1488,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, while (ret == 0 && name) { WOLFSSL_MSG(name); - ret = wolfSSL_X509_STORE_load_file(str, name); + ret = X509StoreLoadFile(str, name); /* Not failing on load errors */ if (ret != WOLFSSL_SUCCESS) WOLFSSL_MSG("Failed to load file in path, continuing"); @@ -1538,7 +1556,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } /****************************************************************************** -* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx +* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate +* store ctx * * This API can be used in SSL verify callback function to view cert chain * See examples/client/client.c and myVerify() function in test.h @@ -1569,7 +1588,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) /* get certificate buffer */ cert = &s->certs[certIdx]; - dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); if (dCert == NULL) { goto error; @@ -1632,8 +1652,8 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( { WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; - WOLFSSL_X509* x509 = NULL; #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) + WOLFSSL_X509* x509 = NULL; int i = 0; #endif WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects"); @@ -1646,7 +1666,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( if (store->objs != NULL) { #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) /* want to update objs stack by cm stack again before returning it*/ - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); store->objs = NULL; #else if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) { @@ -1666,12 +1686,16 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) cert_stack = wolfSSL_CertManagerGetCerts(store->cm); + store->numAdded = 0; for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) { wolfSSL_sk_X509_push(cert_stack, wolfSSL_sk_X509_value(store->certs, i)); + store->numAdded++; } - /* wolfSSL_sk_X509_pop checks for NULL */ - while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) { + /* Do not modify stack until after we guarantee success to + * simplify cleanup logic handling cert merging above */ + for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { + x509 = wolfSSL_sk_value(cert_stack, i); WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); @@ -1686,6 +1710,10 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( obj->data.x509 = x509; x509 = NULL; } + + while(wolfSSL_sk_X509_num(cert_stack) > 0) { + wolfSSL_sk_X509_pop(cert_stack); + } #endif #ifdef HAVE_CRL @@ -1711,11 +1739,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( return ret; err_cleanup: if (ret != NULL) - wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL); - if (cert_stack != NULL) + X509StoreFreeObjList(store, ret); + if (cert_stack != NULL) { + while(store->numAdded > 0) { + wolfSSL_sk_X509_pop(cert_stack); + store->numAdded--; + } wolfSSL_sk_X509_pop_free(cert_stack, NULL); - if (x509 != NULL) - wolfSSL_X509_free(x509); + } return NULL; } #endif /* OPENSSL_ALL */ @@ -1741,9 +1772,9 @@ int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx, #endif #endif -/******************************************************************************* +/****************************************************************************** * END OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #endif /* NO_CERTS */ diff --git a/tests/api.c b/tests/api.c index f84c6c82d..806410cb3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -59555,8 +59555,12 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNotNull(issuer); + ExpectNull(issuer); + ExpectIntEQ(X509_verify_cert(ctx), 1); + + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNotNull(issuer); caName = X509_get_subject_name(x509Ca); ExpectNotNull(caName); issuerName = X509_get_subject_name(issuer); @@ -59565,7 +59569,6 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) ExpectIntEQ(cmp, 0); /* load der format */ - X509_free(issuer); issuer = NULL; X509_STORE_CTX_free(ctx); ctx = NULL; @@ -59643,7 +59646,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) return res; } -static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) +static int test_wolfSSL_X509_STORE_CTX_get_issuer(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -59665,16 +59668,23 @@ static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + /* Issuer0 is not set until chain is built for verification */ ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + /* Issuer1 will use the store to make a new issuer */ + ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); + ExpectNotNull(issuer); + X509_free(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); ExpectNotNull(caName = X509_get_subject_name(x509Ca)); ExpectNotNull(issuerName = X509_get_subject_name(issuer)); #ifdef WOLFSSL_SIGNER_DER_CERT ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); #endif - X509_free(issuer); X509_STORE_CTX_free(ctx); X509_free(x509Svr); X509_STORE_free(str); @@ -60204,7 +60214,8 @@ static int test_wolfSSL_X509_STORE_CTX_ex(void) EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_test_data testData = {0}; + X509_STORE_test_data testData; + XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); testData.caFile = "./certs/ca-cert.pem"; testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; @@ -97927,7 +97938,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), TEST_DECL(test_X509_STORE_untrusted), TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer), TEST_DECL(test_wolfSSL_X509_STORE_set_flags), TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), TEST_DECL(test_wolfSSL_X509_Name_canon), diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a6db36e50..c62ef351c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2756,7 +2756,7 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, WOLFSSL* ssl, void* heap, int x509Free); #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ -WOLFSSL_LOCAL int wolfSSL_X509_STORE_load_cert_buffer(WOLFSSL_X509_STORE *str, +WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, byte *buf, word32 bufLen, int type); #endif /* !defined NO_CERTS */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0d26abfac..411d4f82b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -603,6 +603,7 @@ struct WOLFSSL_X509_STORE { WOLF_STACK_OF(WOLFSSL_X509)* certs; WOLF_STACK_OF(WOLFSSL_X509)* trusted; WOLF_STACK_OF(WOLFSSL_X509)* owned; + word32 numAdded; /* Number of objs in objs that are in certs sk */ }; #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 @@ -677,7 +678,7 @@ typedef struct WOLFSSL_BUFFER_INFO { struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ -#ifdef WOLFSSL_ASIO +#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA) WOLFSSL_X509* current_issuer; /* asio dereference */ #endif WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ From 1afbf55a809bcd184ee8190dd307e2d7b81a400f Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Fri, 18 Oct 2024 15:28:03 -0700 Subject: [PATCH 209/325] Fix new build error after refactor --- src/x509_str.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/x509_str.c b/src/x509_str.c index 9a022cf96..ae988a539 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1011,6 +1011,7 @@ err_exit: return NULL; } +#ifdef OPENSSL_ALL static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs) { @@ -1032,6 +1033,7 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL); } +#endif void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { From 87ce96527a99d9d20ab9150d3f74772409ee7721 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Fri, 18 Oct 2024 16:34:25 -0700 Subject: [PATCH 210/325] Changes for various failing build configs --- src/ssl_certman.c | 10 ++++++---- src/x509.c | 7 ++++--- src/x509_str.c | 31 +++++++++++++++++++++++++------ 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/src/ssl_certman.c b/src/ssl_certman.c index cb5233317..e5ecbea75 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -455,8 +455,8 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) return ret; } -static int wolfSSL_CertManagerUnloadIntermediateCertsEx(WOLFSSL_CERT_MANAGER* cm, - byte type) +static int wolfSSL_CertManagerUnloadIntermediateCertsEx( + WOLFSSL_CERT_MANAGER* cm, byte type) { int ret = WOLFSSL_SUCCESS; @@ -483,14 +483,16 @@ static int wolfSSL_CertManagerUnloadIntermediateCertsEx(WOLFSSL_CERT_MANAGER* cm } #if defined(OPENSSL_EXTRA) -static int wolfSSL_CertManagerUnloadTempIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +static int wolfSSL_CertManagerUnloadTempIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_INTER_CA); } #endif -int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +int wolfSSL_CertManagerUnloadIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA); diff --git a/src/x509.c b/src/x509.c index dd05cd4b3..18feff022 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7597,7 +7597,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { ret = X509StoreLoadCertBuffer(lookup->store, curr, - (word32)sz, WOLFSSL_FILETYPE_PEM); + (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); @@ -14205,8 +14205,9 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) -#if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ - defined(WOLFSSL_SIGNER_DER_CERT)) +#if defined(OPENSSL_EXTRA) && \ + ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) /** * Find the issuing cert of the input cert. On a self-signed cert this diff --git a/src/x509_str.c b/src/x509_str.c index ae988a539..49cd7deb6 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -247,6 +247,7 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_ENTER("X509StoreVerifyCert"); if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, @@ -874,7 +875,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer"); if (issuer == NULL || ctx == NULL || x == NULL) @@ -960,6 +961,7 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; +#ifdef OPENSSL_EXTRA if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; @@ -970,6 +972,7 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; #endif +#endif #ifdef HAVE_CRL store->crl = store->cm->crl; @@ -1057,6 +1060,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) wolfSSL_CertManagerFree(store->cm); store->cm = NULL; } +#if defined(OPENSSL_EXTRA) if (store->certs != NULL) { wolfSSL_sk_X509_free(store->certs); store->certs = NULL; @@ -1071,6 +1075,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) store->trusted = NULL; } #endif +#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { X509StoreFreeObjList(store, store->objs); @@ -1270,14 +1275,24 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) #if !defined(WOLFSSL_SIGNER_DER_CERT) if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { result = wolfSSL_sk_X509_push(store->trusted, x509); - result = (result > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FATAL_ERROR; + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } } #endif } else { if (store->certs != NULL) { result = wolfSSL_sk_X509_push(store->certs, x509); - result = (result > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FATAL_ERROR; + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } } else { /* If store->certs is NULL, this is an X509_STORE managed by an @@ -1327,7 +1342,7 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, byte *buf, word32 bufLen, int type) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_X509 *x509 = NULL; if (str == NULL || buf == NULL) { @@ -1654,6 +1669,10 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( { WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; +#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \ + (defined(HAVE_CRL))) + WOLFSSL_X509_OBJECT* obj = NULL; +#endif #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) WOLFSSL_X509* x509 = NULL; int i = 0; @@ -1698,7 +1717,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( * simplify cleanup logic handling cert merging above */ for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { x509 = wolfSSL_sk_value(cert_stack, i); - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; @@ -1720,7 +1739,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #ifdef HAVE_CRL if (store->cm->crl != NULL) { - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; From 1ddb2ce435eb0bd85c606305e476248415c328d6 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 21 Oct 2024 16:06:20 -0700 Subject: [PATCH 211/325] Properly implement set flags for X509_V_FLAG_PARTIAL_CHAIN --- src/x509_str.c | 12 ++++++++---- tests/api.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++ wolfssl/ssl.h | 1 + 3 files changed, 60 insertions(+), 4 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 49cd7deb6..897deaf84 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -384,7 +384,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) * a trusted CA in the CM */ ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { - if ((ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN) && + if (((ctx->flags & X509_V_FLAG_PARTIAL_CHAIN) || + (ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) && (added == 1)) { wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); ret = WOLFSSL_SUCCESS; @@ -550,9 +551,9 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags) { - (void)ctx; - (void)flags; - WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)"); + if ((ctx != NULL) && (flags & X509_V_FLAG_PARTIAL_CHAIN)){ + ctx->flags |= X509_V_FLAG_PARTIAL_CHAIN; + } } #endif /* !NO_WOLFSSL_STUB */ @@ -1329,6 +1330,9 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerDisableCRL(store->cm); } #endif + if (flag & X509_V_FLAG_PARTIAL_CHAIN) { + store->param->flags |= X509_V_FLAG_PARTIAL_CHAIN; + } return ret; } diff --git a/tests/api.c b/tests/api.c index 806410cb3..965aca6b1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -225,6 +225,7 @@ #include #include #include + #include #ifdef OPENSSL_ALL #include #include @@ -60207,6 +60208,54 @@ static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) sk_X509_free(trusted); return EXPECT_RESULT(); } + +static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 10, ensure partial chain flag works */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 11, test partial chain flag on ctx itself */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} #endif static int test_wolfSSL_X509_STORE_CTX_ex(void) @@ -60244,6 +60293,8 @@ static int test_wolfSSL_X509_STORE_CTX_ex(void) ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); if(testData.x509Ca) { X509_free(testData.x509Ca); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 411d4f82b..7b28fa228 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -701,6 +701,7 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ void* heap; + int flags; WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified * on store ctx init */ WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override From 3fc3a84a6b9b6d6d11145ea3b020efe8c3856ea7 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 21 Oct 2024 16:15:42 -0700 Subject: [PATCH 212/325] Move X509_STORE_CTX_set_flags under OPENSSL_EXTRA --- src/x509_str.c | 12 ++++++------ wolfssl/openssl/x509_vfy.h | 3 +++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 897deaf84..006eae165 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -547,6 +547,12 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)"); return 0; } +#endif /* !NO_WOLFSSL_STUB */ + +#endif /* WOLFSSL_QT || OPENSSL_ALL */ +#endif /* OPENSSL_EXTRA */ + +#ifdef OPENSSL_EXTRA void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags) @@ -555,12 +561,6 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, ctx->flags |= X509_V_FLAG_PARTIAL_CHAIN; } } -#endif /* !NO_WOLFSSL_STUB */ - -#endif /* WOLFSSL_QT || OPENSSL_ALL */ -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS * on success, WOLFSSL_FAILURE on error. */ diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h index 8666a53fe..977e0c00f 100644 --- a/wolfssl/openssl/x509_vfy.h +++ b/wolfssl/openssl/x509_vfy.h @@ -33,10 +33,13 @@ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); +#endif +#ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags); #endif + #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose #define X509_STORE_CTX_set_flags wolfSSL_X509_STORE_CTX_set_flags From 4c63668295d3899c26451ee8bb17f6c9e32f731e Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 22 Oct 2024 10:59:35 -0700 Subject: [PATCH 213/325] Small changes per review comments --- src/x509_str.c | 9 +++++---- tests/api.c | 2 ++ wolfssl/ssl.h | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 006eae165..f85d023b1 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -43,6 +43,7 @@ static int X509StoreAddCa(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, int type); #endif +/* Based on OpenSSL default max depth */ #ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH #define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 #endif @@ -264,9 +265,9 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or - ASN_BEFORE_DATE_E if there are no additional errors found in the - cert. Therefore, check if the cert is expired or not yet valid - in order to return the correct expected error. */ + * ASN_BEFORE_DATE_E if there are no additional errors found in the + * cert. Therefore, check if the cert is expired or not yet valid + * in order to return the correct expected error. */ byte *afterDate = ctx->current_cert->notAfter.data; byte *beforeDate = ctx->current_cert->notBefore.data; @@ -333,7 +334,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) ret = wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_value(ctx->ctxIntermediates, i)); if (ret <= 0) { - return WOLFSSL_FAILURE; + goto exit; } numInterAdd++; diff --git a/tests/api.c b/tests/api.c index 965aca6b1..4123fa640 100644 --- a/tests/api.c +++ b/tests/api.c @@ -60424,6 +60424,8 @@ static int test_X509_STORE_untrusted(void) /* Root CA in untrusted chain is OK */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), TEST_SUCCESS); + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 0), + TEST_SUCCESS); /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), TEST_SUCCESS); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7b28fa228..94cafa940 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3324,7 +3324,8 @@ enum { WOLFSSL_USER_CA = 1, /* user added as trusted */ WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ - WOLFSSL_INTER_CA = 3 /* Intermediate CA */ + WOLFSSL_INTER_CA = 3 /* Intermediate CA, only for use by + * X509_STORE */ }; WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); From 96138e70f80960fe571a17fa57a86420255f323c Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 22 Oct 2024 15:10:18 -0700 Subject: [PATCH 214/325] Restore proper error code handling for self signed CA in non-trusted intermediates --- src/x509_str.c | 20 ++++++++++++++++++++ tests/api.c | 8 ++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index f85d023b1..44e104ba6 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -305,6 +305,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) int depth = 0; WOLFSSL_X509 *issuer = NULL; WOLFSSL_X509 *orig = NULL; + WOLFSSL_X509 *tmp = NULL; WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); @@ -355,6 +356,25 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* Try to find an untrusted issuer first */ ret = X509StoreGetIssuerEx(&issuer, certs, ctx->current_cert); + if (issuer != NULL && + wolfSSL_X509_NAME_cmp(&issuer->issuer, &issuer->subject) == 0) { + ret = WOLFSSL_FAILURE; + /* Self signed allowed if in set trusted stack, otherwise + * ignore it and fall back to see if its in CM */ + if ((certs == ctx->setTrustedSk) && + (wolfSSL_sk_X509_num(certs) > numInterAdd)) { + for (i = wolfSSL_sk_X509_num(certs) - 1; + i > (numInterAdd > 0 ? numInterAdd - 1 : 0); + i++) { + tmp = wolfSSL_sk_X509_value(certs, i); + if (wolfSSL_X509_NAME_cmp( + &issuer->subject, &tmp->subject) == 0) { + ret = WOLFSSL_SUCCESS; + break; + } + } + } + } if (ret == WOLFSSL_SUCCESS) { if (ctx->current_cert == issuer) { wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); diff --git a/tests/api.c b/tests/api.c index 4123fa640..c15e431b1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -60421,10 +60421,14 @@ static int test_X509_STORE_untrusted(void) /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), TEST_SUCCESS); - /* Root CA in untrusted chain is OK */ + /* Root CA in untrusted chain is OK so long as CA has been loaded + * properly */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), TEST_SUCCESS); - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 0), + /* Still needs properly loaded CA, while including it in untrusted + * list is not an error, it also doesnt count for verify */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS); /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), From 95f8d7420218470b918555841d1359139fde3ca2 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 22 Oct 2024 15:59:49 -0700 Subject: [PATCH 215/325] Fix loop to decrement --- src/x509_str.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 44e104ba6..012f41d74 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -365,13 +365,14 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) (wolfSSL_sk_X509_num(certs) > numInterAdd)) { for (i = wolfSSL_sk_X509_num(certs) - 1; i > (numInterAdd > 0 ? numInterAdd - 1 : 0); - i++) { + i--) { tmp = wolfSSL_sk_X509_value(certs, i); - if (wolfSSL_X509_NAME_cmp( + if (tmp != NULL && wolfSSL_X509_NAME_cmp( &issuer->subject, &tmp->subject) == 0) { ret = WOLFSSL_SUCCESS; break; } + tmp = NULL; } } } From ee4e1b6262f338e6c83a042543c3a8c20a7bc7c8 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 22 Oct 2024 19:54:55 -0700 Subject: [PATCH 216/325] Properly omit self signed CA from untrusted intermediates, handle memory leak for SSL case with proper flow --- src/x509_str.c | 92 +++++++++++++++++++++++++++++--------------------- wolfssl/ssl.h | 1 + 2 files changed, 54 insertions(+), 39 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 012f41d74..061e85e1b 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -65,7 +65,12 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX)); ctx->heap = heap; #ifdef OPENSSL_EXTRA - if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != + if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) { + XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); + ctx = NULL; + } + if (ctx != NULL && + wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != WOLFSSL_SUCCESS) { XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); ctx = NULL; @@ -94,6 +99,9 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) if (ctx->chain != NULL) { wolfSSL_sk_X509_free(ctx->chain); } + if (ctx->owned != NULL) { + wolfSSL_sk_X509_pop_free(ctx->owned, NULL); + } if (ctx->current_issuer != NULL) { wolfSSL_X509_free(ctx->current_issuer); @@ -292,6 +300,32 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) return ret; } +static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to, + WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded) +{ + int ret = WOLFSSL_SUCCESS; + int i = 0; + int cnt = 0; + WOLFSSL_X509 *x = NULL; + + for (i = 0; i < wolfSSL_sk_X509_num(from); i++) { + x = wolfSSL_sk_X509_value(from, i); + if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) { + if (wolfSSL_sk_X509_push(to, x) <= 0) { + ret = WOLFSSL_FAILURE; + goto exit; + } + cnt++; + } + } + +exit: + if (numAdded != NULL) { + *numAdded = cnt; + } + return ret; +} + /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX * returns 0 on success or < 0 on failure. */ @@ -305,8 +339,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) int depth = 0; WOLFSSL_X509 *issuer = NULL; WOLFSSL_X509 *orig = NULL; - WOLFSSL_X509 *tmp = NULL; WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL; WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL @@ -315,32 +349,28 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } certs = ctx->store->certs; - if (ctx->chain != NULL) { - wolfSSL_sk_X509_free(ctx->chain); - } - ctx->chain = wolfSSL_sk_X509_new_null(); - if (ctx->setTrustedSk != NULL) { certs = ctx->setTrustedSk; } if (certs == NULL && wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) { - certs = ctx->ctxIntermediates; + certsToUse = wolfSSL_sk_X509_new_null(); + ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL); } else { /* Add the intermediates provided on init to the list of untrusted * intermediates to be used */ - for (i = 0; i < wolfSSL_sk_X509_num(ctx->ctxIntermediates); i++) { - ret = wolfSSL_sk_X509_push(certs, - wolfSSL_sk_X509_value(ctx->ctxIntermediates, i)); - if (ret <= 0) { - goto exit; - } - - numInterAdd++; - } + ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd); } + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + ctx->chain = wolfSSL_sk_X509_new_null(); if (ctx->depth > 0) { depth = ctx->depth + 1; @@ -356,26 +386,6 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* Try to find an untrusted issuer first */ ret = X509StoreGetIssuerEx(&issuer, certs, ctx->current_cert); - if (issuer != NULL && - wolfSSL_X509_NAME_cmp(&issuer->issuer, &issuer->subject) == 0) { - ret = WOLFSSL_FAILURE; - /* Self signed allowed if in set trusted stack, otherwise - * ignore it and fall back to see if its in CM */ - if ((certs == ctx->setTrustedSk) && - (wolfSSL_sk_X509_num(certs) > numInterAdd)) { - for (i = wolfSSL_sk_X509_num(certs) - 1; - i > (numInterAdd > 0 ? numInterAdd - 1 : 0); - i--) { - tmp = wolfSSL_sk_X509_value(certs, i); - if (tmp != NULL && wolfSSL_X509_NAME_cmp( - &issuer->subject, &tmp->subject) == 0) { - ret = WOLFSSL_SUCCESS; - break; - } - tmp = NULL; - } - } - } if (ret == WOLFSSL_SUCCESS) { if (ctx->current_cert == issuer) { wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); @@ -417,10 +427,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* Cert verified, finish building the chain */ wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + issuer = NULL; #ifdef WOLFSSL_SIGNER_DER_CERT x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert); - if (issuer != NULL && ctx->store->owned != NULL) { - wolfSSL_sk_X509_push(ctx->store->owned, issuer); + if (issuer != NULL && ctx->owned != NULL) { + wolfSSL_sk_X509_push(ctx->owned, issuer); } #else if (ctx->setTrustedSk == NULL) { @@ -463,6 +474,9 @@ exit: ctx->current_cert = orig; } } + if (certsToUse != NULL) { + wolfSSL_sk_X509_free(certsToUse); + } return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 94cafa940..b45a4eb18 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -702,6 +702,7 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ void* heap; int flags; + WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */ WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified * on store ctx init */ WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override From 6f0bcac7374fbf8c60316661b93e943deb3fc50a Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Wed, 23 Oct 2024 09:34:28 -0700 Subject: [PATCH 217/325] Address review comments, rename WOLFSSL_INTER_CA, use up_ref for get issuer --- src/ssl.c | 4 ++-- src/ssl_certman.c | 2 +- src/x509_str.c | 13 +++++-------- wolfssl/ssl.h | 2 +- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index defa11190..fe8119348 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5536,13 +5536,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && - type != WOLFSSL_INTER_CA) { + type != WOLFSSL_TEMP_CA) { WOLFSSL_MSG("\tCan't add as CA if not actually one"); ret = NOT_CA_ERROR; } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - type != WOLFSSL_INTER_CA && !cert->selfSigned && + type != WOLFSSL_TEMP_CA && !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ diff --git a/src/ssl_certman.c b/src/ssl_certman.c index e5ecbea75..346904eef 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -487,7 +487,7 @@ static int wolfSSL_CertManagerUnloadTempIntermediateCerts( WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); - return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_INTER_CA); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA); } #endif diff --git a/src/x509_str.c b/src/x509_str.c index 061e85e1b..072e16e16 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -72,7 +72,7 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) if (ctx != NULL && wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != WOLFSSL_SUCCESS) { - XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); + wolfSSL_X509_STORE_CTX_free(ctx); ctx = NULL; } #endif @@ -105,7 +105,6 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) if (ctx->current_issuer != NULL) { wolfSSL_X509_free(ctx->current_issuer); - ctx->current_issuer = NULL; } #endif @@ -395,7 +394,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* We found our issuer in the non-trusted cert list, add it * to the CM and verify the current cert against it */ ret = X509StoreAddCa(ctx->store, issuer, - WOLFSSL_INTER_CA); + WOLFSSL_TEMP_CA); if (ret != WOLFSSL_SUCCESS) { goto exit; } @@ -920,8 +919,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x); if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { - *issuer = wolfSSL_X509_dup(*issuer); - return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + return wolfSSL_X509_up_ref(*issuer); } #ifdef WOLFSSL_SIGNER_DER_CERT @@ -929,8 +927,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, #else ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x); if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { - *issuer = wolfSSL_X509_dup(*issuer); - return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + return wolfSSL_X509_up_ref(*issuer); } #endif @@ -1065,7 +1062,7 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, obj = wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { obj->type = 0; - obj->data.x509 = NULL; + obj->data.ptr = NULL; } cnt--; i--; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b45a4eb18..15e0e9cde 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3325,7 +3325,7 @@ enum { WOLFSSL_USER_CA = 1, /* user added as trusted */ WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ - WOLFSSL_INTER_CA = 3 /* Intermediate CA, only for use by + WOLFSSL_TEMP_CA = 3 /* Temp intermediate CA, only for use by * X509_STORE */ }; From cab20fbdd2a0042fcdc5059477dabe9a8dce1926 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Oct 2024 16:57:58 -0500 Subject: [PATCH 218/325] add and use WOLFSSL_PARTIAL_CHAIN as native bitmask macro for compat layer X509_V_FLAG_PARTIAL_CHAIN; in src/x509_str.c, fix several C++ "invalid conversion" errors in X509StoreFreeObjList() and wolfSSL_X509_STORE_get0_objects(). --- src/x509_str.c | 18 +++++++++--------- wolfssl/openssl/ssl.h | 4 ++-- wolfssl/ssl.h | 1 + 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 072e16e16..a659a73d4 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -415,8 +415,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) * a trusted CA in the CM */ ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { - if (((ctx->flags & X509_V_FLAG_PARTIAL_CHAIN) || - (ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) && + if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) || + (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) && (added == 1)) { wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); ret = WOLFSSL_SUCCESS; @@ -592,8 +592,8 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags) { - if ((ctx != NULL) && (flags & X509_V_FLAG_PARTIAL_CHAIN)){ - ctx->flags |= X509_V_FLAG_PARTIAL_CHAIN; + if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){ + ctx->flags |= WOLFSSL_PARTIAL_CHAIN; } } @@ -1059,9 +1059,9 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; while (cnt > 0 && i > 0) { /* The inner X509 is owned by somebody else, NULL out the reference */ - obj = wolfSSL_sk_X509_OBJECT_value(objs, i); + obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { - obj->type = 0; + obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0; obj->data.ptr = NULL; } cnt--; @@ -1363,8 +1363,8 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerDisableCRL(store->cm); } #endif - if (flag & X509_V_FLAG_PARTIAL_CHAIN) { - store->param->flags |= X509_V_FLAG_PARTIAL_CHAIN; + if (flag & WOLFSSL_PARTIAL_CHAIN) { + store->param->flags |= WOLFSSL_PARTIAL_CHAIN; } return ret; } @@ -1753,7 +1753,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( /* Do not modify stack until after we guarantee success to * simplify cleanup logic handling cert merging above */ for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { - x509 = wolfSSL_sk_value(cert_stack, i); + x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i); obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1f7b640eb..f6d29f0b7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -643,8 +643,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 -#define X509_V_FLAG_TRUSTED_FIRST 0 +#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN +#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */ #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 15e0e9cde..4bbdf6565 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -616,6 +616,7 @@ struct WOLFSSL_X509_STORE { #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_PARTIAL_CHAIN 0x80000 #define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_VPARAM_DEFAULT 0x1 From 25e32c2539b480d2b7595b06afed1e75d9f69ca2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 Oct 2024 14:53:00 -0700 Subject: [PATCH 219/325] Fix for TLS v1.2 session resumption with tickets where the server decides to do a full handshake. The wrong sessionIDSz was being checked and should be the arrays one since it get set from the server_hello. --- src/internal.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 8bc4bc5a4..a152022bb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17471,6 +17471,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case certificate_request: case server_hello_done: if (ssl->options.resuming) { + /* Client requested resumption, but server is doing a + * full handshake */ + + /* The server's decision to resume isn't known until after the + * "server_hello". If subsequent handshake messages like + * "certificate" or "server_key_exchange" are recevied then we + * are doing a full handshake */ + + /* If the server included a session id then we + * treat this as a fatal error, since the server said it was + * doing resumption, but did not. */ + /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4 * Alternatively, the client MAY include an empty Session ID * in the ClientHello. In this case, the client ignores the @@ -17479,7 +17491,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, * messages. */ #ifndef WOLFSSL_WPAS - if (ssl->session->sessionIDSz != 0) { + if (ssl->arrays->sessionIDSz != 0) { /* Fatal error. Only try to send an alert. RFC 5246 does not * allow for reverting back to a full handshake after the * server has indicated the intention to do a resumption. */ From 077b070132f2abcd7f70c9e0805206bb77c5bbb8 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 23 Oct 2024 17:57:14 -0600 Subject: [PATCH 220/325] CID 426427 remove duplicate null checks --- src/x509_str.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index a659a73d4..e31097828 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -264,7 +264,7 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) WOLFSSL_FILETYPE_ASN1); SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store && ctx->store->verify_cb) + if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret; #endif @@ -288,7 +288,7 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) } SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store && ctx->store->verify_cb) + if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1; #endif From 52ba700eb360d7b8a145d89cd8f816bc2ee218b7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 23 Oct 2024 18:05:12 -0600 Subject: [PATCH 221/325] CID 426426 code maintainability warning, stored NULL value overwritten before used --- src/x509_str.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index e31097828..c3d33b85f 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1754,7 +1754,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( * simplify cleanup logic handling cert merging above */ for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i); - obj = wolfSSL_X509_OBJECT_new(); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; @@ -1766,10 +1766,9 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( } obj->type = WOLFSSL_X509_LU_X509; obj->data.x509 = x509; - x509 = NULL; } - while(wolfSSL_sk_X509_num(cert_stack) > 0) { + while (wolfSSL_sk_X509_num(cert_stack) > 0) { wolfSSL_sk_X509_pop(cert_stack); } #endif @@ -1799,7 +1798,7 @@ err_cleanup: if (ret != NULL) X509StoreFreeObjList(store, ret); if (cert_stack != NULL) { - while(store->numAdded > 0) { + while (store->numAdded > 0) { wolfSSL_sk_X509_pop(cert_stack); store->numAdded--; } From a14d7db58cab27d5e54fcbc9470416039ec938b8 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 24 Oct 2024 09:31:00 +0900 Subject: [PATCH 222/325] move trailing space --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 10d46f74a..eaf7fcf9f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5576,7 +5576,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) if ( ret == 0 && signer != NULL ) { signer->cm_idx = row; if (type == WOLFSSL_USER_CA) { - if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, cert->sigCtx.CertAtt.pubkey_n_start, cert->sigCtx.CertAtt.pubkey_n_len - 1, From ce31b156088647e2dd03c62ccc69306d949ddfe8 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 23 Oct 2024 20:11:51 -0500 Subject: [PATCH 223/325] infer: fix uninit values in pkcs8_encode. --- src/pk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pk.c b/src/pk.c index 42468bfed..a78ec130c 100644 --- a/src/pk.c +++ b/src/pk.c @@ -16478,9 +16478,9 @@ int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; - int algId; + int algId = 0; const byte* curveOid; - word32 oidSz; + word32 oidSz = 0; /* Get the details of the private key. */ #ifdef HAVE_ECC From 8604024b9526e004adcd4bc7cdca069c4e85af0d Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 24 Oct 2024 11:32:33 -0600 Subject: [PATCH 224/325] prepare for release 5.7.4 --- CMakeLists.txt | 4 +- ChangeLog.md | 193 ++++++++++++++++++++++++++++ IDE/WIN10/wolfssl-fips.rc | 8 +- README | 263 +++++++++++++++++++++++++------------- README.md | 263 +++++++++++++++++++++++++------------- configure.ac | 4 +- wolfssl/version.h | 4 +- 7 files changed, 551 insertions(+), 188 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a581df814..72e6550b5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.7.2 LANGUAGES C ASM) +project(wolfssl VERSION 5.7.4 LANGUAGES C ASM) # Set WOLFSSL_ROOT if not already defined if ("${WOLFSSL_ROOT}" STREQUAL "") @@ -53,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42) # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -set(WOLFSSL_LIBRARY_VERSION_SECOND 2) +set(WOLFSSL_LIBRARY_VERSION_SECOND 3) # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or diff --git a/ChangeLog.md b/ChangeLog.md index bee6e614e..b749848d8 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,196 @@ +# wolfSSL Release 5.7.4 (Oct 24, 2024) + +Release 5.7.4 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) + + +## New Feature Additions +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new†and “delete†style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) + + +## Enhancements and Optimizations +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + + +## Fixes +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) + + # wolfSSL Release 5.7.2 (July 08, 2024) Release 5.7.2 has been developed according to wolfSSL's development and QA diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc index aa46cb8a9..86fe62d97 100644 --- a/IDE/WIN10/wolfssl-fips.rc +++ b/IDE/WIN10/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,2,0 - PRODUCTVERSION 5,7,2,0 + FILEVERSION 5,7,4,0 + PRODUCTVERSION 5,7,4,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.2.0" + VALUE "FileVersion", "5.7.4.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2024" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.2.0" + VALUE "ProductVersion", "5.7.4.0" END END BLOCK "VarFileInfo" diff --git a/README b/README index 261eb200d..4f56445de 100644 --- a/README +++ b/README @@ -70,112 +70,197 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + ## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - - -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 - -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 - -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new†and “delete†style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no†boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) diff --git a/README.md b/README.md index 28aac2669..291c5fc4f 100644 --- a/README.md +++ b/README.md @@ -75,112 +75,197 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + ## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - - -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 - -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 - -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new†and “delete†style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no†boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/configure.ac b/configure.ac index 3fdfab0d4..67298c4cd 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.]) AC_PREREQ([2.69]) -AC_INIT([wolfssl],[5.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) +AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS to empty if unset on command line. We do not @@ -51,7 +51,7 @@ WOLFSSL_LIBRARY_VERSION_FIRST=42 # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -WOLFSSL_LIBRARY_VERSION_SECOND=2 +WOLFSSL_LIBRARY_VERSION_SECOND=3 # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or diff --git a/wolfssl/version.h b/wolfssl/version.h index 01fd1b683..b4942384f 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.2" -#define LIBWOLFSSL_VERSION_HEX 0x05007002 +#define LIBWOLFSSL_VERSION_STRING "5.7.4" +#define LIBWOLFSSL_VERSION_HEX 0x05007004 #ifdef __cplusplus } From 8c5e188dd4c0bf8db3fc2af7e0743e3f8eb11292 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 24 Oct 2024 13:04:00 -0600 Subject: [PATCH 225/325] remove trailing white space in README --- ChangeLog.md | 2 +- README | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index b749848d8..a0585b3c2 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -66,7 +66,7 @@ PR stands for Pull Request, and PR references a GitHub pull request support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing (PR 3166) * Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Update AES SIV to handle multiple associated data inputs (PR 7911) * Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) * Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) * Set RSA_MIN_SIZE default to 2048 bits (PR 7923) diff --git a/README b/README index 4f56445de..2b462bc51 100644 --- a/README +++ b/README @@ -138,7 +138,7 @@ PR stands for Pull Request, and PR references a GitHub pull request support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing (PR 3166) * Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Update AES SIV to handle multiple associated data inputs (PR 7911) * Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) * Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) * Set RSA_MIN_SIZE default to 2048 bits (PR 7923) diff --git a/README.md b/README.md index 291c5fc4f..11f82fb35 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ PR stands for Pull Request, and PR references a GitHub pull request support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing (PR 3166) * Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Update AES SIV to handle multiple associated data inputs (PR 7911) * Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) * Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) * Set RSA_MIN_SIZE default to 2048 bits (PR 7923) From dd2b191c3654d708a2d0a51b76a3ef97b26aa324 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 24 Oct 2024 14:19:17 -0600 Subject: [PATCH 226/325] update version listed in wolfssl-fips.rc and Ada wrapper --- IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc | 8 ++++---- wrapper/Ada/alire.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc index 956269fb6..b85f44bb9 100644 --- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,0,0 - PRODUCTVERSION 5,7,0,0 + FILEVERSION 5,7,4,0 + PRODUCTVERSION 5,7,4,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.0.0" + VALUE "FileVersion", "5.7.4.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.0.0" + VALUE "ProductVersion", "5.7.4.0" END END BLOCK "VarFileInfo" diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml index 53b0e9464..b08ccb7e8 100644 --- a/wrapper/Ada/alire.toml +++ b/wrapper/Ada/alire.toml @@ -1,6 +1,6 @@ name = "wolfssl" description = "WolfSSL encryption library and its Ada bindings" -version = "5.7.2" +version = "5.7.4" authors = ["WolfSSL Team "] maintainers = ["Fernando Oleo Blanco "] From 9d8c5a293f9b52806c86c8e11f8ef7547828d683 Mon Sep 17 00:00:00 2001 From: jordan Date: Fri, 25 Oct 2024 13:29:06 -0500 Subject: [PATCH 227/325] dilithium: expose wc_MlDsaKey_GetX functions as API. --- wolfssl/wolfcrypt/dilithium.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index 6e9cfb67e..804e51d58 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -854,9 +854,9 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) -int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); -int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); -int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); #ifdef __cplusplus } /* extern "C" */ From 6f87f57d7ab53221ff5d5e0e6a87fca0986a6511 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 25 Oct 2024 23:52:32 -0500 Subject: [PATCH 228/325] fixes for gating and ARM32 alignment defects: wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key(); src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect(); wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32(); wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32(). --- src/dtls13.c | 3 +- src/ssl_crypto.c | 3 +- wolfcrypt/src/misc.c | 57 +++++++++++++++++++++++++++--- wolfcrypt/src/port/arm/armv8-aes.c | 21 ++++++++++- wolfcrypt/src/siphash.c | 8 ++--- wolfssl/wolfcrypt/misc.h | 9 +++++ 6 files changed, 89 insertions(+), 12 deletions(-) diff --git a/src/dtls13.c b/src/dtls13.c index 6f2f01489..5011f7d85 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -260,7 +260,8 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, if (c->aes == NULL) return BAD_STATE_E; #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) return wc_AesEncryptDirect(c->aes, mask, ciphertext); #else wc_AesEncryptDirect(c->aes, mask, ciphertext); diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index 0730c4521..58fca4499 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -3002,7 +3002,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, } else #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) /* Encrypt a block with wolfCrypt AES. */ if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesEncryptDirect failed"); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index e4b53d91f..4de791dbf 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -209,6 +209,53 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, #endif } +WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + return *(word32 *)in; + else { + word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); + return out; + } +} + +WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + *(word32 *)out = in; + else { + XMEMCPY(out, &in, sizeof(in)); + } + return in; +} + +WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in, + size_t count) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + const word32 *in_word32 = (const word32 *)in; + while (count-- > 0) + *out++ = *in_word32++; + } + else { + XMEMCPY(out, in, count * sizeof(*out)); + } +} + +WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in, + size_t count) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + word32 *out_word32 = (word32 *)out; + while (count-- > 0) + *out_word32++ = *in++; + } + else { + XMEMCPY(out, in, count * sizeof(*in)); + } +} + #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) @@ -216,8 +263,8 @@ WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) return *(word64 *)in; else { - word64 out; - XMEMCPY(&out, in, sizeof(word64)); + word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); return out; } } @@ -227,7 +274,7 @@ WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in) if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) *(word64 *)out = in; else { - XMEMCPY(out, &in, sizeof(word64)); + XMEMCPY(out, &in, sizeof(in)); } return in; } @@ -241,7 +288,7 @@ WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in, *out++ = *in_word64++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*out)); } } @@ -254,7 +301,7 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in, *out_word64++ = *in++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*in)); } } diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 0baa39b5c..9e2f3cb6b 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -16561,6 +16561,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, { #if defined(AES_MAX_KEY_SIZE) const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); + word32 userKey_aligned[AES_MAX_KEY_SIZE / WOLFSSL_BIT_SIZE / sizeof(word32)]; #endif if (((keylen != 16) && (keylen != 24) && (keylen != 32)) || @@ -16574,6 +16575,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } #endif + +#if !defined(AES_MAX_KEY_SIZE) + /* Check alignment */ + if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) { + return BAD_FUNC_ARG; + } +#endif + #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) { if (keylen > sizeof(aes->devKey)) { @@ -16590,7 +16599,17 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, aes->keylen = keylen; aes->rounds = keylen/4 + 6; - AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); +#if defined(AES_MAX_KEY_SIZE) + if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) { + XMEMCPY(userKey_aligned, userKey, keylen); + AES_set_encrypt_key((byte *)userKey_aligned, keylen * 8, (byte*)aes->key); + } + else +#endif + { + AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); + } + #ifdef HAVE_AES_DECRYPT if (dir == AES_DECRYPTION) { AES_invert_key((byte*)aes->key, aes->rounds); diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c index 54c02f6a5..d455c663e 100644 --- a/wolfcrypt/src/siphash.c +++ b/wolfcrypt/src/siphash.c @@ -69,14 +69,14 @@ * @param [in] a Little-endian byte array. * @return 64-bit number. */ -#define GET_U64(a) (*(word64*)(a)) +#define GET_U64(a) readUnalignedWord64(a) /** * Decode little-endian byte array to 32-bit number. * * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (*(word32*)(a)) +#define GET_U32(a) readUnalignedWord32(a) /** * Decode little-endian byte array to 16-bit number. * @@ -90,7 +90,7 @@ * @param [out] a Byte array to write into. * @param [in] n Number to encode. */ -#define SET_U64(a, n) ((*(word64*)(a)) = (n)) +#define SET_U64(a, n) writeUnalignedWord64(a, n) #else /** * Decode little-endian byte array to 64-bit number. @@ -112,7 +112,7 @@ * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (((word64)((a)[3]) << 24) | \ +#define GET_U32(a) (((word32)((a)[3]) << 24) | \ ((word32)((a)[2]) << 16) | \ ((word32)((a)[1]) << 8) | \ ((word32)((a)[0]) )) diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 9acc31b12..09d5bc902 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -74,6 +74,15 @@ void ForceZero(void* mem, word32 len); WOLFSSL_LOCAL int ConstantCompare(const byte* a, const byte* b, int length); +WOLFSSL_LOCAL +word32 readUnalignedWord32(const byte *in); +WOLFSSL_LOCAL +word32 writeUnalignedWord32(void *out, word32 in); +WOLFSSL_LOCAL +void readUnalignedWords32(word32 *out, const byte *in, size_t count); +WOLFSSL_LOCAL +void writeUnalignedWords32(byte *out, const word32 *in, size_t count); + #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL word64 readUnalignedWord64(const byte *in); From 79a9e0a709a7b52ac102bb8206741c157491874c Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 23 Oct 2024 16:41:01 +0900 Subject: [PATCH 229/325] intermediate cert check when using tls1.3 for client side --- src/internal.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index a152022bb..550a124d8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15232,7 +15232,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + ssl->options.side == WOLFSSL_CLIENT_END && + ssl->status_request) { + /* We check CSR in Certificate message sent from + * Server. Server side will check client + * certificates by traditional OCSP if enabled + */ ret = TLSX_CSR_InitRequest_ex(ssl->extensions, args->dCert, ssl->heap, args->certIdx); } From cac11e3d094a117e4acc992dde852ff9eb1f8952 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:22:10 -0600 Subject: [PATCH 230/325] add non-feature-specific macro to disable ECC sign/verify of all-zero digest --- wolfcrypt/test/test.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4c3c9d771..bb6e7cf45 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -30873,7 +30873,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif /* WC_BIGINT doesn't have 0 len well on hardware */ /* Cryptocell has issues with all 0 digest */ #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \ - !defined(WOLFSSL_CRYPTOCELL) + !defined(WOLFSSL_CRYPTOCELL) && \ + !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST) /* test DSA sign hash with zeros */ for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { digest[i] = 0; @@ -30910,7 +30911,9 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif TEST_SLEEP(); } #endif /* HAVE_ECC_VERIFY */ -#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */ +#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL + * && !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST + */ /* test DSA sign hash with sequence (0,1,2,3,4,...) */ for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { From ea35b98005d8d90427b9ad17f654adcadd778c1e Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 28 Oct 2024 11:30:05 -0700 Subject: [PATCH 231/325] Fixed SHA3 issue with possible uninitialized devId when building with async. Fixed HMAC set key issue with devId/heap getting lost. --- wolfcrypt/src/hmac.c | 7 +++++++ wolfcrypt/src/sha3.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 47f8f1382..e63aad856 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -266,6 +266,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, return BAD_FUNC_ARG; } + heap = hmac->heap; #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) /* if set key has already been run then make sure and free existing */ /* This is for async and PIC32MZ situations, and just normally OK, @@ -273,7 +274,13 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, available in FIPS builds. In current FIPS builds, the hashes are not allocating resources. */ if (hmac->macType != WC_HASH_TYPE_NONE) { + #ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; + #endif wc_HmacFree(hmac); + #ifdef WOLF_CRYPTO_CB + hmac->devId = devId; + #endif } #endif diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 1a3596a61..c40afbd90 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -820,10 +820,10 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) ret = wolfAsync_DevCtxInit(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId); -#elif defined(WOLF_CRYPTO_CB) +#endif +#if defined(WOLF_CRYPTO_CB) sha3->devId = devId; -#endif /* WOLFSSL_ASYNC_CRYPT */ - +#endif (void)devId; return ret; From 84b5d6613d8ab8dbbebc51091325b3e523f34035 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 29 Oct 2024 11:50:24 -0700 Subject: [PATCH 232/325] More fixes for building x86 in Visual Studio for non-windows OS (Watcom C compiler). Followup to PR #7884. Fixes ZD 18465 * Consolidate the USE_WINDOWS_API to a single place. * Expand the `WOLFSSL_NOT_WINDOWS_API` improvement for intrinsics and word sizes. * Fix for macro variadic `...` when no variables are used (some compilers like Watcom C have issue with this). * Fix for Watcom C compiler "long long" -> "__int64". * Fix a couple of minor cast warnings reported from VS. --- src/ocsp.c | 6 ++++-- src/ssl_asn1.c | 4 ++-- src/tls.c | 10 +++++----- src/x509.c | 4 ++-- wolfcrypt/src/wc_port.c | 3 ++- wolfssl/wolfcrypt/logging.h | 2 +- wolfssl/wolfcrypt/settings.h | 7 +++++-- wolfssl/wolfcrypt/sp_int.h | 21 +++++++++++++++++---- wolfssl/wolfcrypt/types.h | 23 ++++++++++------------- wolfssl/wolfcrypt/wc_port.h | 7 ++++--- 10 files changed, 52 insertions(+), 35 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index 493d8268f..8b93c1748 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1634,7 +1634,8 @@ int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx) case ORIOS_WRITE: { const unsigned char *req; - int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req); + int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, + (unsigned char*)&req); if (reqLen <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error"); return WOLFSSL_FAILURE; @@ -1710,7 +1711,8 @@ int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx) if (ret != WOLFSSL_SUCCESS) return ret; - len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp); + len = wolfSSL_BIO_get_mem_data(ctx->reqResp, + (unsigned char*)&resp); if (len <= 0) return WOLFSSL_FAILURE; return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 95f9cca15..2c21726e4 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -456,7 +456,7 @@ static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, mem->free_func(ret); /* never a stack so we can call this directly */ return NULL; } - *len -= (tmp - *src); + *len -= (long)(tmp - *src); *src = tmp; return ret; } @@ -586,7 +586,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem, WOLFSSL_MSG("ptr not advanced enough"); goto error; } - *len -= tmp - *src; + *len -= (long)(tmp - *src); *src = tmp; return ret; error: diff --git a/src/tls.c b/src/tls.c index 8441acf52..a85ce1922 100644 --- a/src/tls.c +++ b/src/tls.c @@ -7174,9 +7174,9 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input, #else -#define CAN_GET_SIZE(...) 0 -#define CAN_WRITE(...) 0 -#define CAN_PARSE(...) 0 +#define CAN_GET_SIZE() 0 +#define CAN_WRITE() 0 +#define CAN_PARSE() 0 #endif @@ -14764,7 +14764,7 @@ static word16 TLSX_GetMinSize_Client(word16* type) } #define TLSX_GET_MIN_SIZE_CLIENT TLSX_GetMinSize_Client #else - #define TLSX_GET_MIN_SIZE_CLIENT(...) 0 + #define TLSX_GET_MIN_SIZE_CLIENT() 0 #endif @@ -14833,7 +14833,7 @@ static word16 TLSX_GetMinSize_Server(const word16 *type) } #define TLSX_GET_MIN_SIZE_SERVER TLSX_GetMinSize_Server #else - #define TLSX_GET_MIN_SIZE_SERVER(...) 0 + #define TLSX_GET_MIN_SIZE_SERVER() 0 #endif diff --git a/src/x509.c b/src/x509.c index 18feff022..c74ccd128 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5926,8 +5926,8 @@ static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry) /* Copy it in, decrement available space. */ XSTRNCPY(dst, pfx, bytes_left); dst += XSTRLEN(pfx); - total_len += XSTRLEN(pfx); - bytes_left -= XSTRLEN(pfx); + total_len += (int)XSTRLEN(pfx); + bytes_left -= (int)XSTRLEN(pfx); if (fld_len > bytes_left) { /* Not enough space left. */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 7fe2d35ab..b8b6221a0 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -3604,7 +3604,8 @@ time_t stm32_hal_time(time_t *t1) #endif /* !NO_ASN_TIME */ -#if !defined(WOLFSSL_LEANPSK) && !defined(STRING_USER) +#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ + defined(USE_WOLF_STRNSTR) char* mystrnstr(const char* s1, const char* s2, unsigned int n) { unsigned int s2_len = (unsigned int)XSTRLEN(s2); diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 7d349fece..3d3e923bd 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -178,7 +178,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); #define HAVE_WOLFSSL_MSG_EX #else - #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING + #define WOLFSSL_MSG_EX() WC_DO_NOTHING #endif WOLFSSL_API void WOLFSSL_MSG(const char* msg); #ifdef WOLFSSL_DEBUG_CODEPOINTS diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e02870c13..00670120f 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1358,10 +1358,13 @@ #define NO_SESSION_CACHE #endif -/* Micrium will use Visual Studio for compilation but not the Win32 API */ +/* For platforms where the target OS is not Windows, but compilation is + * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API. + * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \ - !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) + !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \ + !defined(WOLFSSL_NOT_WINDOWS_API) #define USE_WINDOWS_API #endif diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 2a9a88014..061bacb82 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -30,8 +30,9 @@ This library provides single precision (SP) integer math functions. #ifndef WOLFSSL_LINUXKM #include #endif -#include -#include +#include +#include +#include #ifdef __cplusplus extern "C" { @@ -100,6 +101,15 @@ extern "C" { #error "Size of unsigned int not detected" #endif +#if defined(__WATCOMC__) && defined(__WATCOM_INT64__) + /* For older Watcom C compiler force types */ + #define SP_ULLONG_BITS 64 + typedef unsigned __int64 sp_uint64; + typedef __int64 sp_int64; + +#else + +/* 32-bit type */ #if defined(WOLF_C89) && !defined(NO_64BIT) && \ ULONG_MAX == 18446744073709551615UL #define SP_ULONG_BITS 64 @@ -108,8 +118,8 @@ extern "C" { typedef long sp_int64; #elif !defined(WOLF_C89) && !defined(NO_64BIT) && \ ULONG_MAX == 18446744073709551615ULL && \ - 4294967295UL != 18446744073709551615ULL /* verify pre-processor supports - * 64-bit ULL types */ + /* sanity check pre-processor supports 64-bit ULL types */ \ + 4294967295UL != 18446744073709551615ULL #define SP_ULONG_BITS 64 typedef unsigned long sp_uint64; @@ -132,6 +142,7 @@ extern "C" { #error "Size of unsigned long not detected" #endif +/* 64-bit type */ #ifdef ULLONG_MAX #if defined(WOLF_C89) && ULLONG_MAX == 18446744073709551615UL #define SP_ULLONG_BITS 64 @@ -165,6 +176,7 @@ extern "C" { #error "Size of unsigned long long not detected" #endif #elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT) + #define SP_ULLONG_BITS 64 /* Speculatively use long long as the 64-bit type as we don't have one * otherwise. */ typedef unsigned long long sp_uint64; @@ -173,6 +185,7 @@ extern "C" { #define SP_ULLONG_BITS 0 #endif +#endif /* __WATCOMC__ */ #ifdef WOLFSSL_SP_DIV_32 #define WOLFSSL_SP_DIV_WORD_HALF diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 1b437c100..5720869de 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -182,7 +182,10 @@ decouple library dependencies with standard string, memory and so on. #endif #endif - #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) + #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__) || \ + (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) + /* windows types */ #define WORD64_AVAILABLE #define W64LIT(x) x##ui64 #define SW64LIT(x) x##i64 @@ -379,8 +382,8 @@ typedef struct w64wrapper { #endif /* set up rotate style */ - #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \ - !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) + #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) #define INTEL_INTRINSICS #define FAST_ROTATE #elif defined(__MWERKS__) && TARGET_CPU_PPC @@ -428,16 +431,6 @@ typedef struct w64wrapper { #define FALL_THROUGH #endif - /* For platforms where the target OS is not Windows, but compilation is - * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API. - * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */ - #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ - !defined(FREERTOS_TCP) && !defined(EBSNET) && \ - !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \ - !defined(WOLFSSL_NOT_WINDOWS_API) - #define USE_WINDOWS_API - #endif - #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */ #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x))) @@ -1757,7 +1750,11 @@ typedef struct w64wrapper { #endif #ifndef SAVE_VECTOR_REGISTERS + #ifdef __WATCOMC__ + #define SAVE_VECTOR_REGISTERS() WC_DO_NOTHING + #else #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #endif #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 6dc7d2c92..eec259ecb 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -75,7 +75,7 @@ #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif - #ifndef WOLFSSL_SGX + #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API) #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) /* On WinCE winsock2.h must be included before windows.h */ #include @@ -346,7 +346,7 @@ #define WOLFSSL_ATOMIC_OPS #endif /* WOLFSSL_HAVE_ATOMIC_H */ #endif -#elif defined(_MSC_VER) +#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API) /* Use MSVC compiler intrinsics for atomic ops */ #ifdef _WIN32_WCE #include @@ -1273,7 +1273,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* !NO_ASN_TIME */ -#ifndef WOLFSSL_LEANPSK +#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ + defined(USE_WOLF_STRNSTR) char* mystrnstr(const char* s1, const char* s2, unsigned int n); #endif From 2cdecd85a232d6918b6200282467a443804cd329 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 29 Oct 2024 16:52:54 -0400 Subject: [PATCH 233/325] If we have a capture on device 'any', then we need to handle the offset Detect reading of packet errors --enable-all and --enable-sniffer exposed this issue Don't need variable Rework argument parsing Need a way to allow arguments to be supplied more granularly. Partucilarly, I needed a "-tracefile" argument without requiring the use of a PCAP file Fix error prints to STDERR Fix setting of port filtering Fix 80 char limit Not actually a bad packet when there are no more packets Fix strcat size Allow the sniffer to print the trace to STDOUT Fix indexing Take out superfluous error which is handled later Set default port to 11111 Single return point Combine chain to one contiguous memory block Fix return Add in error handling for XMALLOC Add in debugging output when --enable-debug It makes no sense to allocate a ton of small buffers to process chains Ultimately, the code is slower because of the several small memcpy instead of a single large contiguous memcpy Pass in a device name Fix unused variable Fix cast Addressing PR comments Add new flags to --help --- src/sniffer.c | 164 +++++----- sslSniffer/README.md | 2 +- sslSniffer/sslSnifferTest/snifftest.c | 424 ++++++++++++++------------ wolfssl/wolfcrypt/types.h | 19 +- 4 files changed, 312 insertions(+), 297 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 758e7be74..eed321680 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -4292,8 +4292,8 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, char* error) { int ret; - Sha256 sha; - byte digest[SHA256_DIGEST_SIZE]; + wc_Sha256 sha; + byte digest[WC_SHA256_DIGEST_SIZE]; if (WatchCb == NULL) { SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); @@ -6023,8 +6023,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo, /* returns 0 on success (continue), -1 on error, 1 on success (end) */ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte** sslFrame, SnifferSession** pSession, - int* sslBytes, const byte** end, - void* vChain, word32 chainSz, char* error) + int* sslBytes, const byte** end, char* error) { word32 length; SnifferSession* session = *pSession; @@ -6094,53 +6093,12 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, return WOLFSSL_FATAL_ERROR; } } - if (vChain == NULL) { - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - *sslFrame, *sslBytes); - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - } - else { - #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT - struct iovec* chain = (struct iovec*)vChain; - word32 i, offset, headerSz, qty, remainder; - - Trace(CHAIN_INPUT_STR); - headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base); - remainder = *sslBytes; - - if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { - if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { - SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return WOLFSSL_FATAL_ERROR; - } - } - - qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz); - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - (byte*)chain[0].iov_base + headerSz, qty); - offset = length; - for (i = 1; i < chainSz; i++) { - offset += qty; - remainder -= qty; - - if (chain[i].iov_len > remainder) - qty = remainder; - else - qty = (word32)chain[i].iov_len; - XMEMCPY(ssl->buffers.inputBuffer.buffer + offset, - chain[i].iov_base, qty); - } - - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - #endif - (void)chainSz; - } + XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], + *sslFrame, *sslBytes); + *sslBytes += length; + ssl->buffers.inputBuffer.length = *sslBytes; + *sslFrame = ssl->buffers.inputBuffer.buffer; + *end = *sslFrame + *sslBytes; } if (session->flags.clientHello == 0 && **sslFrame != handshake) { @@ -6616,27 +6574,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, { TcpInfo tcpInfo; IpInfo ipInfo; + byte* tmpPacket = NULL; /* Assemble the chain */ const byte* sslFrame; const byte* end; int sslBytes; /* ssl bytes unconsumed */ int ret; SnifferSession* session = NULL; - void* vChain = NULL; - word32 chainSz = 0; if (isChain) { #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT struct iovec* chain; word32 i; - vChain = (void*)packet; - chainSz = (word32)length; + word32 chainSz = (word32)length; - chain = (struct iovec*)vChain; + chain = (struct iovec*)packet; length = 0; - for (i = 0; i < chainSz; i++) + for (i = 0; i < chainSz; i++) length += chain[i].iov_len; + + tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + if (tmpPacket == NULL) return MEMORY_E; + + length = 0; + for (i = 0; i < chainSz; i++) { + XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len); length += chain[i].iov_len; - packet = (const byte*)chain[0].iov_base; + } + packet = (const byte*)tmpPacket; #else SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_SNIFFER_ERROR; @@ -6645,18 +6609,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, error, 1, 1) != 0) { - return WOLFSSL_SNIFFER_ERROR; + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; } end = sslFrame + sslBytes; ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } #ifdef WOLFSSL_ASYNC_CRYPT - else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E; + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = WC_PENDING_E; + goto exit_decode; + } #endif - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS if (sslBytes > 0) { @@ -6669,7 +6642,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, INC_STAT(SnifferStats.sslDecryptedPackets); } #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6677,30 +6651,41 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, #endif ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } else if (ret != 0) { - /* return specific error case */ - return ret; + goto exit_decode; /* return specific error case */ } ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, - &end, vChain, chainSz, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + &end, error); + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6708,7 +6693,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (asyncOkay && session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) && !session->flags.wasPolled) { - return WC_PENDING_E; + ret = WC_PENDING_E; + goto exit_decode; } #endif @@ -6745,7 +6731,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW); } else { - return ret; /* return to caller */ + goto exit_decode; /* return to caller */ } } else { @@ -6756,12 +6742,18 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, (void)asyncOkay; #endif - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) { CopySessionInfo(session, sslInfo); } +exit_decode: + if (isChain) { + XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + } return ret; } @@ -6868,11 +6860,15 @@ int ssl_Trace(const char* traceFile, char* error) if (traceFile) { /* Don't try to reopen the file */ if (TraceFile == NULL) { - TraceFile = XFOPEN(traceFile, "a"); - if (!TraceFile) { - SetError(BAD_TRACE_FILE_STR, error, NULL, 0); - return WOLFSSL_FATAL_ERROR; - } + if (XSTRCMP(traceFile, "-") == 0) { + TraceFile = stdout; + } else { + TraceFile = XFOPEN(traceFile, "a"); + if (!TraceFile) { + SetError(BAD_TRACE_FILE_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + } TraceOn = 1; } } diff --git a/sslSniffer/README.md b/sslSniffer/README.md index 27a6f5278..dbf68955e 100644 --- a/sslSniffer/README.md +++ b/sslSniffer/README.md @@ -197,7 +197,7 @@ Frees all resources consumed by the wolfSSL sniffer and should be called when us int ssl_Trace(const char* traceFile, char* error); ``` -Enables Tracing when a file is passed in. Disables Tracing if previously on and a NULL value is passed in for the file. +Enables Tracing when a file is passed in. When `traceFile` is "-", then the trace will be printed to STDOUT. Disables Tracing if previously on and a NULL value is passed in for the file. Returns Values: diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 0cfb38859..de586f959 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -145,7 +145,7 @@ enum { #endif #define DEFAULT_SERVER_IP "127.0.0.1" -#define DEFAULT_SERVER_PORT (443) +#define DEFAULT_SERVER_PORT (11111) #ifdef WOLFSSL_SNIFFER_WATCH static const byte rsaHash[] = { @@ -166,6 +166,7 @@ static const byte eccHash[] = { static pcap_t* pcap = NULL; static pcap_if_t* alldevs = NULL; static struct bpf_program pcap_fp; +static const char *traceFile = "./tracefile.txt"; static void FreeAll(void) { @@ -377,7 +378,6 @@ static int load_key(const char* name, const char* server, int port, if (loadCount == 0) { printf("Failed loading private key %s: ret %d\n", keyFile, ret); - printf("Please run directly from wolfSSL root dir\n"); ret = -1; } else { @@ -843,7 +843,7 @@ static void* snifferWorker(void* arg) char err[PCAP_ERRBUF_SIZE]; ssl_InitSniffer_ex2(worker->id); - ssl_Trace("./tracefile.txt", err); + ssl_Trace(traceFile, err); ssl_EnableRecovery(1, -1, err); #ifdef WOLFSSL_SNIFFER_WATCH ssl_SetWatchKeyCallback(myWatchCb, err); @@ -951,39 +951,90 @@ int main(int argc, char** argv) int i = 0, defDev = 0; int packetNumber = 0; int frame = ETHER_IF_FRAME_LEN; + char cmdLineArg[128]; + char *pcapFile = NULL; + char *deviceName = NULL; char err[PCAP_ERRBUF_SIZE]; - char filter[32]; + char filter[128]; const char *keyFilesSrc = NULL; #ifdef WOLFSSL_SNIFFER_KEYLOGFILE const char *sslKeyLogFile = NULL; #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ char keyFilesBuf[MAX_FILENAME_SZ]; char keyFilesUser[MAX_FILENAME_SZ]; - const char *server = DEFAULT_SERVER_IP; - int port = DEFAULT_SERVER_PORT; + const char *server = NULL; + int port = -1; const char *sniName = NULL; const char *passwd = NULL; pcap_if_t *d; pcap_addr_t *a; #ifdef THREADED_SNIFFTEST int workerThreadCount; -#ifdef HAVE_SESSION_TICKET - /* Multiple threads on resume not yet supported */ - workerThreadCount = 1; -#else - workerThreadCount = 5; #endif + +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); #endif show_appinfo(); signal(SIGINT, sig_handler); + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) { + pcapFile = argv[++i]; + } + else if (strcmp(argv[i], "-deviceName") == 0 && i + 1 < argc) { + deviceName = argv[++i]; + } + else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) { + keyFilesSrc = argv[++i]; + } + else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) { + server = argv[++i]; + } + else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) { + port = XATOI(argv[++i]); + } + else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) { + passwd = argv[++i]; + } + else if (strcmp(argv[i], "-tracefile") == 0 && i + 1 < argc) { + traceFile = argv[++i]; + } +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) { + sslKeyLogFile = argv[++i]; + } +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +#if defined(THREADED_SNIFFTEST) + else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) { + workerThreadCount = XATOI(argv[++i]); + } +#endif /* THREADED_SNIFFTEST */ + else { + fprintf(stderr, "Error parsing: %s\n", argv[i]); + fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg" + " [-deviceName deviceName_arg]" + " [-password password_arg] [-server server_arg]" + " [-port port_arg]" + " [-tracefile tracefile_arg]" +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + " [-keylogfile keylogfile_arg]" +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +#if defined(THREADED_SNIFFTEST) + " [-threads threads_arg]" +#endif /* THREADED_SNIFFTEST */ + "\n", argv[0]); + exit(EXIT_FAILURE); + } + } + #ifndef THREADED_SNIFFTEST #ifndef _WIN32 ssl_InitSniffer(); /* dll load on Windows */ #endif - ssl_Trace("./tracefile.txt", err); + ssl_Trace(traceFile, err); ssl_EnableRecovery(1, -1, err); #ifdef WOLFSSL_SNIFFER_WATCH ssl_SetWatchKeyCallback(myWatchCb, err); @@ -991,101 +1042,175 @@ int main(int argc, char** argv) #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB ssl_SetStoreDataCallback(myStoreDataCb); #endif +#else +#ifdef HAVE_SESSION_TICKET + /* Multiple threads on resume not yet supported */ + workerThreadCount = 1; +#else + workerThreadCount = 5; #endif +#endif + SNPRINTF(filter, sizeof(filter), "(ip6 or ip) and tcp"); - if (argc == 1) { - char cmdLineArg[128]; + + if (pcapFile == NULL) { /* normal case, user chooses device and port */ if (pcap_findalldevs(&alldevs, err) == -1) err_sys("Error in pcap_findalldevs"); - for (d = alldevs; d; d=d->next) { - printf("%d. %s", ++i, d->name); - if (strcmp(d->name, "lo0") == 0) { - defDev = i; + if (deviceName == NULL) { + for (d = alldevs, i = 0; d; d=d->next) { + printf("%d. %s", ++i, d->name); + if (strcmp(d->name, "lo0") == 0) { + defDev = i; + } + if (d->description) + printf(" (%s)\n", d->description); + else + printf(" (No description available)\n"); + } + + if (i == 0) + err_sys("No interfaces found! Make sure pcap or WinPcap is" + " installed correctly and you have sufficient permissions"); + + printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev); + XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); + if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) + inum = XATOI(cmdLineArg); + if (inum == 0) + inum = defDev; + else if (inum < 1 || inum > i) + err_sys("Interface number out of range"); + + /* Jump to the selected adapter */ + for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); + } else { + int deviceNameSz = (int)XSTRLEN(deviceName); + for (d = alldevs; d; d = d->next) { + if (XSTRNCMP(d->name,deviceName,deviceNameSz) == 0) { + fprintf(stderr, "%s == %s\n", d->name, deviceName); + break; + } + } + if (d == NULL) { + err_sys("Can't find the device you're looking for"); } - if (d->description) - printf(" (%s)\n", d->description); - else - printf(" (No description available)\n"); } - if (i == 0) - err_sys("No interfaces found! Make sure pcap or WinPcap is" - " installed correctly and you have sufficient permissions"); - - printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev); - XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); - if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) - inum = XATOI(cmdLineArg); - if (inum == 0) - inum = defDev; - else if (inum < 1 || inum > i) - err_sys("Interface number out of range"); - - /* Jump to the selected adapter */ - for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); - + printf("Selected %s\n", d->name); pcap = pcap_create(d->name, err); + if (pcap == NULL) fprintf(stderr, "pcap_create failed %s\n", err); - if (pcap == NULL) printf("pcap_create failed %s\n", err); - - /* print out addresses for selected interface */ - for (a = d->addresses; a; a = a->next) { - if (a->addr->sa_family == AF_INET) { - server = - iptos(&((struct sockaddr_in *)a->addr)->sin_addr); - printf("server = %s\n", server); - } - else if (a->addr->sa_family == AF_INET6) { - server = - ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); - printf("server = %s\n", server); + if (server == NULL) { + /* print out addresses for selected interface */ + for (a = d->addresses; a; a = a->next) { + if (a->addr->sa_family == AF_INET) { + server = + iptos(&((struct sockaddr_in *)a->addr)->sin_addr); + printf("server = %s\n", server); + } + else if (a->addr->sa_family == AF_INET6) { + server = + ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); + printf("server = %s\n", server); + } } } - if (server == NULL) - err_sys("Unable to get device IPv4 or IPv6 address"); ret = pcap_set_snaplen(pcap, 65536); - if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_set_snaplen failed %s\n", pcap_geterr(pcap)); ret = pcap_set_timeout(pcap, 1000); - if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_set_timeout failed %s\n", pcap_geterr(pcap)); ret = pcap_set_buffer_size(pcap, 1000000); if (ret != 0) - printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap)); + fprintf(stderr, "pcap_set_buffer_size failed %s\n", + pcap_geterr(pcap)); ret = pcap_set_promisc(pcap, 1); - if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr,"pcap_set_promisc failed %s\n", pcap_geterr(pcap)); ret = pcap_activate(pcap); - if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_activate failed %s\n", pcap_geterr(pcap)); - printf("Enter the port to scan [default: 11111]: "); + } + else { + saveFile = 1; + pcap = pcap_open_offline(pcapFile , err); + if (pcap == NULL) { + fprintf(stderr, "pcap_open_offline failed %s\n", err); + err_sys(err); + } + } + + if (server == NULL) { + server = DEFAULT_SERVER_IP; + } + + if (port < 0) { + printf("Enter the port to scan [default: %d, '0' for all]: ", + DEFAULT_SERVER_PORT); XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) { port = XATOI(cmdLineArg); } - if (port <= 0) - port = 11111; + if ((port < 0) || (cmdLineArg[0] == '\n')) + port = DEFAULT_SERVER_PORT; - SNPRINTF(filter, sizeof(filter), "tcp and port %d", port); + } + if (port > 0) { + SNPRINTF(cmdLineArg, sizeof(filter), " and port %d", port); + XSTRLCAT(filter, cmdLineArg, sizeof(filter)); + } - ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0); - if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap)); +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + /* If we offer keylog support, then user must provide EITHER a pubkey + * OR a keylog file but NOT both */ + if (keyFilesSrc && sslKeyLogFile) { + fprintf(stderr, + "Error: either -key OR -keylogfile option but NOT both.\n"); + exit(EXIT_FAILURE); + } - ret = pcap_setfilter(pcap, &pcap_fp); - if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap)); + if (sslKeyLogFile != NULL) { + ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err); + if (ret != 0) { + fprintf(stderr, + "ERROR=%d, unable to load secrets from keylog file\n",ret); + err_sys(err); + } + ret = ssl_CreateKeyLogSnifferServer(server, port, err); + if (ret != 0) { + fprintf(stderr, + "ERROR=%d, unable to create keylog sniffer server\n",ret); + err_sys(err); + } + } + else +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ + if (keyFilesSrc) { + ret = load_key(NULL, server, port, keyFilesSrc, passwd, err); + if (ret != 0) { + fprintf(stderr, "Failed to load key\n"); + err_sys(err); + } + } + else { /* optionally enter the private key to use */ - #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY) +#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY) keyFilesSrc = DEFAULT_SERVER_EPH_KEY; - #else +#else keyFilesSrc = DEFAULT_SERVER_KEY; - #endif +#endif printf("Enter the server key [default: %s]: ", keyFilesSrc); XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf)); XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser)); @@ -1109,137 +1234,24 @@ int main(int argc, char** argv) } #endif /* !WOLFSSL_SNIFFER_WATCH && HAVE_SNI */ - /* get IPv4 or IPv6 addresses for selected interface */ - for (a = d->addresses; a; a = a->next) { - server = NULL; - if (a->addr->sa_family == AF_INET) { - server = - iptos(&((struct sockaddr_in *)a->addr)->sin_addr); - } - else if (a->addr->sa_family == AF_INET6) { - server = - ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); - } - - if (server) { - XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf)); - ret = load_key(sniName, server, port, keyFilesBuf, NULL, err); - if (ret != 0) { - exit(EXIT_FAILURE); - } - } + ret = load_key(sniName, server, port, keyFilesBuf, NULL, err); + if (ret != 0) { + exit(EXIT_FAILURE); } } - else { - char *pcapFile = NULL; - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) { - pcapFile = argv[++i]; - } - else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) { - keyFilesSrc = argv[++i]; - } - else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) { - server = argv[++i]; - } - else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) { - port = XATOI(argv[++i]); - } - else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) { - passwd = argv[++i]; - } -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) { - sslKeyLogFile = argv[++i]; - } -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ -#if defined(THREADED_SNIFFTEST) - else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) { - workerThreadCount = XATOI(argv[++i]); - } -#endif /* THREADED_SNIFFTEST */ - else { - fprintf(stderr, "Invalid option or missing argument: %s\n", argv[i]); - fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg" - " [-password password_arg] [-server server_arg] [-port port_arg]" -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - " [-keylogfile keylogfile_arg]" -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ -#if defined(THREADED_SNIFFTEST) - " [-threads threads_arg]" -#endif /* THREADED_SNIFFTEST */ - "\n", argv[0]); - exit(EXIT_FAILURE); - } - } + /* Only let through TCP/IP packets */ + printf("Using packet filter: %s\n", filter); + ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0); + if (ret != 0) { + fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap)); + exit(EXIT_FAILURE); + } - if (!pcapFile) { - fprintf(stderr, "Error: -pcap option is required.\n"); - exit(EXIT_FAILURE); - } - -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - /* If we offer keylog support, then user must provide EITHER a pubkey - * OR a keylog file but NOT both */ - if ((!keyFilesSrc && !sslKeyLogFile) || (keyFilesSrc && sslKeyLogFile)) { - fprintf(stderr, "Error: either -key OR -keylogfile option required but NOT both.\n"); - exit(EXIT_FAILURE); - } -#else - if (!keyFilesSrc) { - fprintf(stderr, "Error: -key option is required.\n"); - exit(EXIT_FAILURE); - } -#endif - - saveFile = 1; - pcap = pcap_open_offline(pcapFile , err); - if (pcap == NULL) { - fprintf(stderr, "pcap_open_offline failed %s\n", err); - err_sys(err); - } - else { -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - if (sslKeyLogFile != NULL) { - ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err); - if (ret != 0) { - fprintf(stderr, "ERROR=%d, unable to load secrets from keylog file\n",ret); - err_sys(err); - } - - ret = ssl_CreateKeyLogSnifferServer(server, port, err); - if (ret != 0) { - fprintf(stderr, "ERROR=%d, unable to create keylog sniffer server\n",ret); - err_sys(err); - } - } - else -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ - { - ret = load_key(NULL, server, port, keyFilesSrc, passwd, err); - if (ret != 0) { - fprintf(stderr, "Failed to load key\n"); - err_sys(err); - } - } - - - /* Only let through TCP/IP packets */ - ret = pcap_compile(pcap, &pcap_fp, "(ip6 or ip) and tcp", 0, 0); - if (ret != 0) { - fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - - ret = pcap_setfilter(pcap, &pcap_fp); - if (ret != 0) { - fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - - - } + ret = pcap_setfilter(pcap, &pcap_fp); + if (ret != 0) { + fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap)); + exit(EXIT_FAILURE); } if (ret != 0) @@ -1263,7 +1275,7 @@ int main(int argc, char** argv) #endif while (1) { - struct pcap_pkthdr header; + struct pcap_pkthdr *header; const unsigned char* packet = NULL; byte* data = NULL; /* pointer to decrypted data */ #ifdef THREADED_SNIFFTEST @@ -1290,22 +1302,28 @@ int main(int argc, char** argv) if (data == NULL) { /* grab next pcap packet */ packetNumber++; - packet = pcap_next(pcap, &header); + if(pcap_next_ex(pcap, &header, &packet) < 0) { + break; + } } if (packet) { - if (header.caplen > 40) { /* min ip(20) + min tcp(20) */ + if (header->caplen > 40) { /* min ip(20) + min tcp(20) */ packet += frame; - header.caplen -= frame; + header->caplen -= frame; } else { /* packet doesn't contain minimum ip/tcp header */ continue; } + if (pcap_datalink(pcap) == DLT_LINUX_SLL) { + packet += 2; + header->caplen -= 2; + } #ifdef THREADED_SNIFFTEST XMEMSET(&info, 0, sizeof(SnifferStreamInfo)); - ret = ssl_DecodePacket_GetStream(&info, packet, header.caplen, err); + ret = ssl_DecodePacket_GetStream(&info, packet, header->caplen, err); /* calculate SnifferStreamInfo checksum */ infoSum = 0; @@ -1328,7 +1346,7 @@ int main(int argc, char** argv) /* add the packet to the worker's linked list */ if (SnifferWorkerPacketAdd(&workers[threadNum], ret, (byte*)packet, - header.caplen, packetNumber)) { + header->caplen, packetNumber)) { printf("Unable to add packet %d to worker", packetNumber); break; } @@ -1337,7 +1355,7 @@ int main(int argc, char** argv) #else /* Decode Packet, ret value will indicate whether a * bad packet was encountered */ - hadBadPacket = DecodePacket((byte*)packet, header.caplen, + hadBadPacket = DecodePacket((byte*)packet, header->caplen, packetNumber,err); #endif } diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 1b437c100..41ea648a5 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1114,15 +1114,16 @@ typedef struct w64wrapper { DYNAMIC_TYPE_LMS = 101, DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_X509_ACERT = 103, - DYNAMIC_TYPE_SNIFFER_SERVER = 1000, - DYNAMIC_TYPE_SNIFFER_SESSION = 1001, - DYNAMIC_TYPE_SNIFFER_PB = 1002, - DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, - DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, - DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, - DYNAMIC_TYPE_SNIFFER_KEY = 1006, - DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_AES_EAX = 1008 + DYNAMIC_TYPE_SNIFFER_SERVER = 1000, + DYNAMIC_TYPE_SNIFFER_SESSION = 1001, + DYNAMIC_TYPE_SNIFFER_PB = 1002, + DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, + DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, + DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + DYNAMIC_TYPE_SNIFFER_KEY = 1006, + DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, + DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008, + DYNAMIC_TYPE_AES_EAX = 1009, }; /* max error buffer string size */ From c557c6f2bd7cc4d8f3870dc09153bf16ba68ebc2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 29 Oct 2024 16:56:50 -0700 Subject: [PATCH 234/325] Fix issue with error: conflicting types for 'BlockSha3'. ``` [CC-AARCH64] lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.o lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:212:6: error: conflicting types for 'BlockSha3'; have 'void(long unsigned int *)' 212 | void BlockSha3(unsigned long* state) | ^~~~~~~~~ In file included from lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:35: lib/wolfssl/wolfssl/wolfcrypt/sha3.h:224:20: note: previous declaration of 'BlockSha3' with type 'void(word64 *)' {aka 'void(long long unsigned int *)'} 224 | WOLFSSL_LOCAL void BlockSha3(word64 *s); | ^~~~~~~~~ ``` --- wolfcrypt/src/port/arm/armv8-sha3-asm_c.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c index e52d02de1..71ac40a22 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c @@ -63,7 +63,7 @@ static const uint64_t L_SHA3_transform_crypto_r[] = { 0x8000000080008008UL, }; -void BlockSha3(unsigned long* state) +void BlockSha3(word64* state) { __asm__ __volatile__ ( #ifdef __APPLE__ @@ -209,7 +209,7 @@ static const uint64_t L_SHA3_transform_base_r[] = { 0x8000000080008008UL, }; -void BlockSha3(unsigned long* state) +void BlockSha3(word64* state) { __asm__ __volatile__ ( "stp x29, x30, [sp, #-64]!\n\t" From 97a370ed08a9218858e1298c2f2e709347d34ec1 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Tue, 29 Oct 2024 15:53:06 -0600 Subject: [PATCH 235/325] added generic curve25519 encode/decode functions that can handle combined keypairs --- wolfcrypt/src/asn.c | 106 +++++++++++++++++++++++++++++++++ wolfcrypt/test/test.c | 56 +++++++++++++++++ wolfssl/wolfcrypt/asn_public.h | 4 ++ 3 files changed, 166 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0c520027b..737f8bd41 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -35661,6 +35661,55 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx, } return ret; } + +/* Decode Curve25519 key from DER format - can handle private only, + * public only, or private+public key pairs. + * return 0 on success, negative on error */ +int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz) +{ + int ret; + byte privKey[CURVE25519_KEYSIZE]; + byte pubKey[CURVE25519_KEYSIZE]; + word32 privKeyLen = CURVE25519_KEYSIZE; + word32 pubKeyLen = CURVE25519_KEYSIZE; + + /* sanity check */ + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) { + return BAD_FUNC_ARG; + } + + /* Try to decode as private key first (may include public) */ + ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen, + pubKey, &pubKeyLen, X25519k); + + if (ret == 0) { + /* Successfully decoded private key */ + if (pubKeyLen > 0) { + /* Have both private and public */ + ret = wc_curve25519_import_private_raw(privKey, privKeyLen, + pubKey, pubKeyLen, key); + } + else { + /* Private only */ + ret = wc_curve25519_import_private(privKey, privKeyLen, key); + } + } + else { + /* Try decoding as public key */ + *inOutIdx = 0; /* Reset index */ + pubKeyLen = CURVE25519_KEYSIZE; + ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, + pubKey, &pubKeyLen, X25519k); + if (ret == 0) { + /* Successfully decoded public key */ + ret = wc_curve25519_import_public(pubKey, pubKeyLen, key); + } + } + + return ret; +} + #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */ @@ -35868,6 +35917,63 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, } return ret; } + +/* Export Curve25519 key to DER format - handles private only, public only, + * or private+public key pairs based on what's set in the key structure. + * Returns length written on success, negative on error */ +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg) +{ + int ret; + byte privKey[CURVE25519_KEYSIZE]; + byte pubKey[CURVE25519_KEYSIZE]; + word32 privKeyLen = CURVE25519_KEYSIZE; + word32 pubKeyLen = CURVE25519_KEYSIZE; + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + /* Check what we have in the key structure */ + if (key->privSet) { + /* Export private key to buffer */ + ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen); + if (ret != 0) { + return ret; + } + + if (key->pubSet) { + /* Export public key if available */ + ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen); + if (ret != 0) { + return ret; + } + /* Export both private and public */ + ret = SetAsymKeyDer(privKey, privKeyLen, + pubKey, pubKeyLen, + output, inLen, X25519k); + } + else { + /* Export private only */ + ret = SetAsymKeyDer(privKey, privKeyLen, + NULL, 0, + output, inLen, X25519k); + } + } + else if (key->pubSet) { + /* Export public key only */ + ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen); + if (ret == 0) { + ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, + output, inLen, X25519k, withAlg); + } + } + else { + /* Neither public nor private key is set */ + ret = BAD_FUNC_ARG; + } + + return ret; +} #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5b15367f8..aa1b4be5a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35042,6 +35042,62 @@ static wc_test_ret_t curve255519_der_test(void) ret = WC_TEST_RET_ENC_NC; } + + /* Test decode/encode of Curve25519 private key (only) using generic API */ + if (ret == 0) { + /* clear key, since generic API will try to decode all fields */ + XMEMSET(&key, 0, sizeof(key)); + + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) || + XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + + /* Test decode/encode of Curve25519 public key (only) using generic API */ + if (ret == 0) { + /* clear key, since generic API will try to decode all fields */ + XMEMSET(&key, 0, sizeof(key)); + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key, + (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) || + XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + wc_curve25519_free(&key); return ret; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index b8bbce40f..1196c6a5f 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -841,12 +841,16 @@ WOLFSSL_API int wc_Curve25519PrivateKeyDecode( const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); WOLFSSL_API int wc_Curve25519PublicKeyDecode( const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); +WOLFSSL_API int wc_Curve25519KeyDecode(const byte *input, word32 *inOutIdx, + curve25519_key *key, word32 inSz); #endif #ifdef HAVE_CURVE25519_KEY_EXPORT WOLFSSL_API int wc_Curve25519PrivateKeyToDer( curve25519_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_Curve25519PublicKeyToDer( curve25519_key* key, byte* output, word32 inLen, int withAlg); +WOLFSSL_API int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, + word32 inLen, int withAlg); #endif #endif /* HAVE_CURVE25519 */ From 90648b1e79bcd6610feafc2c74727b2294830036 Mon Sep 17 00:00:00 2001 From: jordan Date: Wed, 30 Oct 2024 11:06:54 -0500 Subject: [PATCH 236/325] tests api: fix inconsistent do_acert_verify_test guards. --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index c15e431b1..b18aaeb84 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13739,7 +13739,7 @@ static int test_wolfSSL_X509_verify(void) } #if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) /* Given acert file and its pubkey file, read them and then * attempt to verify signed acert. * From 0669ba82c4e74ca679ac3e19efe52e9db63fba54 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 Oct 2024 10:28:45 -0700 Subject: [PATCH 237/325] Avoid stdint types. --- wolfcrypt/src/fe_448.c | 19 ++-- wolfcrypt/src/ge_448.c | 32 +++---- wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c | 88 +++++++++---------- .../src/port/arm/armv8-32-chacha-asm_c.c | 6 +- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 30 +++---- .../src/port/arm/armv8-32-poly1305-asm_c.c | 6 +- .../src/port/arm/armv8-32-sha256-asm_c.c | 12 +-- wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 11 ++- .../src/port/arm/armv8-32-sha512-asm_c.c | 12 +-- wolfcrypt/src/port/arm/thumb2-aes-asm_c.c | 66 +++++++------- wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c | 4 +- wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c | 18 ++-- .../src/port/arm/thumb2-poly1305-asm_c.c | 4 +- wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c | 4 +- wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c | 4 +- wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c | 4 +- wolfcrypt/src/sp_arm32.c | 36 ++++---- wolfcrypt/src/sp_arm64.c | 18 ++-- wolfcrypt/src/sp_armthumb.c | 18 ++-- wolfcrypt/src/sp_c32.c | 18 ++-- wolfcrypt/src/sp_c64.c | 18 ++-- wolfcrypt/src/sp_cortexm.c | 18 ++-- wolfcrypt/src/sp_x86_64.c | 20 ++--- 23 files changed, 232 insertions(+), 234 deletions(-) diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c index ede162a5e..bbf31f6a7 100644 --- a/wolfcrypt/src/fe_448.c +++ b/wolfcrypt/src/fe_448.c @@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a) b[ 0] = (byte)(in0 >> 0); b[ 1] = (byte)(in0 >> 8); b[ 2] = (byte)(in0 >> 16); - b[ 3] = (byte)((in0 >> 24) + ((in1 >> 0) << 4)); + b[ 3] = (byte)(in0 >> 24) + (byte)((in1 >> 0) << 4); b[ 4] = (byte)(in1 >> 4); b[ 5] = (byte)(in1 >> 12); b[ 6] = (byte)(in1 >> 20); b[ 7] = (byte)(in2 >> 0); b[ 8] = (byte)(in2 >> 8); b[ 9] = (byte)(in2 >> 16); - b[10] = (byte)((in2 >> 24) + ((in3 >> 0) << 4)); + b[10] = (byte)(in2 >> 24) + (byte)((in3 >> 0) << 4); b[11] = (byte)(in3 >> 4); b[12] = (byte)(in3 >> 12); b[13] = (byte)(in3 >> 20); b[14] = (byte)(in4 >> 0); b[15] = (byte)(in4 >> 8); b[16] = (byte)(in4 >> 16); - b[17] = (byte)((in4 >> 24) + ((in5 >> 0) << 4)); + b[17] = (byte)(in4 >> 24) + (byte)((in5 >> 0) << 4); b[18] = (byte)(in5 >> 4); b[19] = (byte)(in5 >> 12); b[20] = (byte)(in5 >> 20); b[21] = (byte)(in6 >> 0); b[22] = (byte)(in6 >> 8); b[23] = (byte)(in6 >> 16); - b[24] = (byte)((in6 >> 24) + ((in7 >> 0) << 4)); + b[24] = (byte)(in6 >> 24) + (byte)((in7 >> 0) << 4); b[25] = (byte)(in7 >> 4); b[26] = (byte)(in7 >> 12); b[27] = (byte)(in7 >> 20); b[28] = (byte)(in8 >> 0); b[29] = (byte)(in8 >> 8); b[30] = (byte)(in8 >> 16); - b[31] = (byte)((in8 >> 24) + ((in9 >> 0) << 4)); + b[31] = (byte)(in8 >> 24) + (byte)((in9 >> 0) << 4); b[32] = (byte)(in9 >> 4); b[33] = (byte)(in9 >> 12); b[34] = (byte)(in9 >> 20); b[35] = (byte)(in10 >> 0); b[36] = (byte)(in10 >> 8); b[37] = (byte)(in10 >> 16); - b[38] = (byte)((in10 >> 24) + ((in11 >> 0) << 4)); + b[38] = (byte)(in10 >> 24) + (byte)((in11 >> 0) << 4); b[39] = (byte)(in11 >> 4); b[40] = (byte)(in11 >> 12); b[41] = (byte)(in11 >> 20); b[42] = (byte)(in12 >> 0); b[43] = (byte)(in12 >> 8); b[44] = (byte)(in12 >> 16); - b[45] = (byte)((in12 >> 24) + ((in13 >> 0) << 4)); + b[45] = (byte)(in12 >> 24) + (byte)((in13 >> 0) << 4); b[46] = (byte)(in13 >> 4); b[47] = (byte)(in13 >> 12); b[48] = (byte)(in13 >> 20); b[49] = (byte)(in14 >> 0); b[50] = (byte)(in14 >> 8); b[51] = (byte)(in14 >> 16); - b[52] = (byte)((in14 >> 24) + ((in15 >> 0) << 4)); + b[52] = (byte)(in14 >> 24) + (byte)((in15 >> 0) << 4); b[53] = (byte)(in15 >> 4); b[54] = (byte)(in15 >> 12); b[55] = (byte)(in15 >> 20); @@ -1770,6 +1770,8 @@ void fe448_mul39081(sword32* r, const sword32* a) static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b) { sword64 t; + sword64 o; + sword64 t15; sword64 t0 = (sword64)a[ 0] * b[ 0]; sword64 t1 = (sword64)a[ 0] * b[ 1]; sword64 t101 = (sword64)a[ 1] * b[ 0]; @@ -1834,7 +1836,6 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b sword64 t13 = (sword64)a[ 6] * b[ 7]; sword64 t113 = (sword64)a[ 7] * b[ 6]; sword64 t14 = (sword64)a[ 7] * b[ 7]; - sword64 o, t15; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c index 415928f97..13d5ffccb 100644 --- a/wolfcrypt/src/ge_448.c +++ b/wolfcrypt/src/ge_448.c @@ -5453,56 +5453,56 @@ void sc448_reduce(byte* b) b[ 0] = (byte)(d[0 ] >> 0); b[ 1] = (byte)(d[0 ] >> 8); b[ 2] = (byte)(d[0 ] >> 16); - b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >> 0) << 4)); + b[ 3] = (byte)(d[0 ] >> 24) + ((d[1 ] >> 0) << 4); b[ 4] = (byte)(d[1 ] >> 4); b[ 5] = (byte)(d[1 ] >> 12); b[ 6] = (byte)(d[1 ] >> 20); b[ 7] = (byte)(d[2 ] >> 0); b[ 8] = (byte)(d[2 ] >> 8); b[ 9] = (byte)(d[2 ] >> 16); - b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >> 0) << 4)); + b[10] = (byte)(d[2 ] >> 24) + ((d[3 ] >> 0) << 4); b[11] = (byte)(d[3 ] >> 4); b[12] = (byte)(d[3 ] >> 12); b[13] = (byte)(d[3 ] >> 20); b[14] = (byte)(d[4 ] >> 0); b[15] = (byte)(d[4 ] >> 8); b[16] = (byte)(d[4 ] >> 16); - b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >> 0) << 4)); + b[17] = (byte)(d[4 ] >> 24) + ((d[5 ] >> 0) << 4); b[18] = (byte)(d[5 ] >> 4); b[19] = (byte)(d[5 ] >> 12); b[20] = (byte)(d[5 ] >> 20); b[21] = (byte)(d[6 ] >> 0); b[22] = (byte)(d[6 ] >> 8); b[23] = (byte)(d[6 ] >> 16); - b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >> 0) << 4)); + b[24] = (byte)(d[6 ] >> 24) + ((d[7 ] >> 0) << 4); b[25] = (byte)(d[7 ] >> 4); b[26] = (byte)(d[7 ] >> 12); b[27] = (byte)(d[7 ] >> 20); b[28] = (byte)(d[8 ] >> 0); b[29] = (byte)(d[8 ] >> 8); b[30] = (byte)(d[8 ] >> 16); - b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >> 0) << 4)); + b[31] = (byte)(d[8 ] >> 24) + ((d[9 ] >> 0) << 4); b[32] = (byte)(d[9 ] >> 4); b[33] = (byte)(d[9 ] >> 12); b[34] = (byte)(d[9 ] >> 20); b[35] = (byte)(d[10] >> 0); b[36] = (byte)(d[10] >> 8); b[37] = (byte)(d[10] >> 16); - b[38] = (byte)((d[10] >> 24) + ((d[11] >> 0) << 4)); + b[38] = (byte)(d[10] >> 24) + ((d[11] >> 0) << 4); b[39] = (byte)(d[11] >> 4); b[40] = (byte)(d[11] >> 12); b[41] = (byte)(d[11] >> 20); b[42] = (byte)(d[12] >> 0); b[43] = (byte)(d[12] >> 8); b[44] = (byte)(d[12] >> 16); - b[45] = (byte)((d[12] >> 24) + ((d[13] >> 0) << 4)); + b[45] = (byte)(d[12] >> 24) + ((d[13] >> 0) << 4); b[46] = (byte)(d[13] >> 4); b[47] = (byte)(d[13] >> 12); b[48] = (byte)(d[13] >> 20); b[49] = (byte)(d[14] >> 0); b[50] = (byte)(d[14] >> 8); b[51] = (byte)(d[14] >> 16); - b[52] = (byte)((d[14] >> 24) + ((d[15] >> 0) << 4)); + b[52] = (byte)(d[14] >> 24) + ((d[15] >> 0) << 4); b[53] = (byte)(d[15] >> 4); b[54] = (byte)(d[15] >> 12); b[55] = (byte)(d[15] >> 20); @@ -6206,56 +6206,56 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) r[ 0] = (byte)(rd[0 ] >> 0); r[ 1] = (byte)(rd[0 ] >> 8); r[ 2] = (byte)(rd[0 ] >> 16); - r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4)); + r[ 3] = (byte)(rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4); r[ 4] = (byte)(rd[1 ] >> 4); r[ 5] = (byte)(rd[1 ] >> 12); r[ 6] = (byte)(rd[1 ] >> 20); r[ 7] = (byte)(rd[2 ] >> 0); r[ 8] = (byte)(rd[2 ] >> 8); r[ 9] = (byte)(rd[2 ] >> 16); - r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4)); + r[10] = (byte)(rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4); r[11] = (byte)(rd[3 ] >> 4); r[12] = (byte)(rd[3 ] >> 12); r[13] = (byte)(rd[3 ] >> 20); r[14] = (byte)(rd[4 ] >> 0); r[15] = (byte)(rd[4 ] >> 8); r[16] = (byte)(rd[4 ] >> 16); - r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4)); + r[17] = (byte)(rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4); r[18] = (byte)(rd[5 ] >> 4); r[19] = (byte)(rd[5 ] >> 12); r[20] = (byte)(rd[5 ] >> 20); r[21] = (byte)(rd[6 ] >> 0); r[22] = (byte)(rd[6 ] >> 8); r[23] = (byte)(rd[6 ] >> 16); - r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4)); + r[24] = (byte)(rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4); r[25] = (byte)(rd[7 ] >> 4); r[26] = (byte)(rd[7 ] >> 12); r[27] = (byte)(rd[7 ] >> 20); r[28] = (byte)(rd[8 ] >> 0); r[29] = (byte)(rd[8 ] >> 8); r[30] = (byte)(rd[8 ] >> 16); - r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4)); + r[31] = (byte)(rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4); r[32] = (byte)(rd[9 ] >> 4); r[33] = (byte)(rd[9 ] >> 12); r[34] = (byte)(rd[9 ] >> 20); r[35] = (byte)(rd[10] >> 0); r[36] = (byte)(rd[10] >> 8); r[37] = (byte)(rd[10] >> 16); - r[38] = (byte)((rd[10] >> 24) + ((rd[11] >> 0) << 4)); + r[38] = (byte)(rd[10] >> 24) + ((rd[11] >> 0) << 4); r[39] = (byte)(rd[11] >> 4); r[40] = (byte)(rd[11] >> 12); r[41] = (byte)(rd[11] >> 20); r[42] = (byte)(rd[12] >> 0); r[43] = (byte)(rd[12] >> 8); r[44] = (byte)(rd[12] >> 16); - r[45] = (byte)((rd[12] >> 24) + ((rd[13] >> 0) << 4)); + r[45] = (byte)(rd[12] >> 24) + ((rd[13] >> 0) << 4); r[46] = (byte)(rd[13] >> 4); r[47] = (byte)(rd[13] >> 12); r[48] = (byte)(rd[13] >> 20); r[49] = (byte)(rd[14] >> 0); r[50] = (byte)(rd[14] >> 8); r[51] = (byte)(rd[14] >> 16); - r[52] = (byte)((rd[14] >> 24) + ((rd[15] >> 0) << 4)); + r[52] = (byte)(rd[14] >> 24) + ((rd[15] >> 0) << 4); r[53] = (byte)(rd[15] >> 4); r[54] = (byte)(rd[15] >> 12); r[55] = (byte)(rd[15] >> 20); diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index 7447a7a3e..1f0569a62 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -53,7 +53,7 @@ #include #ifdef HAVE_AES_DECRYPT -static const uint32_t L_AES_ARM32_td_data[] = { +static const word32 L_AES_ARM32_td_data[] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, @@ -124,7 +124,7 @@ static const uint32_t L_AES_ARM32_td_data[] = { #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t L_AES_ARM32_te_data[] = { +static const word32 L_AES_ARM32_te_data[] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, @@ -194,12 +194,12 @@ static const uint32_t L_AES_ARM32_te_data[] = { #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data; +static const word32* L_AES_ARM32_td = L_AES_ARM32_td_data; #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te = L_AES_ARM32_te_data; #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT @@ -208,8 +208,8 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) { register unsigned char* ks asm ("r0") = (unsigned char*)ks_p; register word32 rounds asm ("r1") = (word32)rounds_p; - register uint32_t* L_AES_ARM32_te_c asm ("r2") = (uint32_t*)L_AES_ARM32_te; - register uint32_t* L_AES_ARM32_td_c asm ("r3") = (uint32_t*)L_AES_ARM32_td; + register word32* L_AES_ARM32_te_c asm ("r2") = (word32*)L_AES_ARM32_te; + register word32* L_AES_ARM32_td_c asm ("r3") = (word32*)L_AES_ARM32_td; __asm__ __volatile__ ( "mov r12, %[L_AES_ARM32_te]\n\t" @@ -415,7 +415,7 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) } #endif /* HAVE_AES_DECRYPT */ -static const uint32_t L_AES_ARM32_rcon[] = { +static const word32 L_AES_ARM32_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 @@ -429,9 +429,9 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, register const unsigned char* key asm ("r0") = (const unsigned char*)key_p; register word32 len asm ("r1") = (word32)len_p; register unsigned char* ks asm ("r2") = (unsigned char*)ks_p; - register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te; - register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = - (uint32_t*)&L_AES_ARM32_rcon; + register word32* L_AES_ARM32_te_c asm ("r3") = (word32*)L_AES_ARM32_te; + register word32* L_AES_ARM32_rcon_c asm ("r4") = + (word32*)&L_AES_ARM32_rcon; __asm__ __volatile__ ( "mov r8, %[L_AES_ARM32_te]\n\t" @@ -940,15 +940,15 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, ); } -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, - const uint32_t* ks_p); -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, - const uint32_t* ks_p) +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, + const word32* ks_p); +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, + const word32* ks_p) { - register const uint32_t* te asm ("r0") = (const uint32_t*)te_p; + register const word32* te asm ("r0") = (const word32*)te_p; register int nr asm ("r1") = (int)nr_p; register int len asm ("r2") = (int)len_p; - register const uint32_t* ks asm ("r3") = (const uint32_t*)ks_p; + register const word32* ks asm ("r3") = (const word32*)ks_p; __asm__ __volatile__ ( "\n" @@ -1595,7 +1595,7 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data; void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p); void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, @@ -1606,8 +1606,8 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = - (uint32_t*)L_AES_ARM32_te_ecb; + register word32* L_AES_ARM32_te_ecb_c asm ("r5") = + (word32*)L_AES_ARM32_te_ecb; __asm__ __volatile__ ( "mov lr, %[in]\n\t" @@ -1850,7 +1850,7 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || * WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_CBC -static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data; void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p); @@ -1864,8 +1864,8 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_cbc; + register word32* L_AES_ARM32_te_cbc_c asm ("r6") = + (word32*)L_AES_ARM32_te_cbc; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -2123,7 +2123,7 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER -static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data; void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p); @@ -2137,8 +2137,8 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_ctr; + register word32* L_AES_ARM32_te_ctr_c asm ("r6") = + (word32*)L_AES_ARM32_te_ctr; __asm__ __volatile__ ( "mov r12, r4\n\t" @@ -2400,12 +2400,12 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_CBC) -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p); -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p); +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p) { - register const uint32_t* td asm ("r0") = (const uint32_t*)td_p; + register const word32* td asm ("r0") = (const word32*)td_p; register int nr asm ("r1") = (int)nr_p; - register const uint8_t* td4 asm ("r2") = (const uint8_t*)td4_p; + register const byte* td4 asm ("r2") = (const byte*)td4_p; __asm__ __volatile__ ( "\n" @@ -3050,8 +3050,8 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) ); } -static const uint32_t* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data; -static const unsigned char L_AES_ARM32_td4[] = { +static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data; +static const byte L_AES_ARM32_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, @@ -3097,10 +3097,9 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = - (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r6") = - (unsigned char*)&L_AES_ARM32_td4; + register word32* L_AES_ARM32_td_ecb_c asm ("r5") = + (word32*)L_AES_ARM32_td_ecb; + register byte* L_AES_ARM32_td4_c asm ("r6") = (byte*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3353,10 +3352,9 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = - (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r7") = - (unsigned char*)&L_AES_ARM32_td4; + register word32* L_AES_ARM32_td_ecb_c asm ("r6") = + (word32*)L_AES_ARM32_td_ecb; + register byte* L_AES_ARM32_td4_c asm ("r7") = (byte*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3983,7 +3981,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */ #endif /* HAVE_AES_DECRYPT */ #ifdef HAVE_AESGCM -static const uint32_t L_GCM_gmult_len_r[] = { +static const word32 L_GCM_gmult_len_r[] = { 0x00000000, 0x1c200000, 0x38400000, 0x24600000, 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, @@ -4000,8 +3998,8 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, register const unsigned char* data asm ("r2") = (const unsigned char*)data_p; register unsigned long len asm ("r3") = (unsigned long)len_p; - register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = - (uint32_t*)&L_GCM_gmult_len_r; + register word32* L_GCM_gmult_len_r_c asm ("r4") = + (word32*)&L_GCM_gmult_len_r; __asm__ __volatile__ ( "mov lr, %[L_GCM_gmult_len_r]\n\t" @@ -4583,7 +4581,7 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, ); } -static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data; void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p); @@ -4597,8 +4595,8 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_gcm; + register word32* L_AES_ARM32_te_gcm_c asm ("r6") = + (word32*)L_AES_ARM32_te_gcm; __asm__ __volatile__ ( "mov r12, r4\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index b0f069bee..d05d06b4a 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -76,7 +76,7 @@ void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p) ); } -static const uint32_t L_chacha_arm32_constants[] = { +static const word32 L_chacha_arm32_constants[] = { 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574, 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, }; @@ -86,8 +86,8 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) register word32* x asm ("r0") = (word32*)x_p; register const byte* key asm ("r1") = (const byte*)key_p; register word32 keySz asm ("r2") = (word32)keySz_p; - register uint32_t* L_chacha_arm32_constants_c asm ("r3") = - (uint32_t*)&L_chacha_arm32_constants; + register word32* L_chacha_arm32_constants_c asm ("r3") = + (word32*)&L_chacha_arm32_constants; __asm__ __volatile__ ( "subs %[keySz], %[keySz], #16\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index 24b68c330..1866f3c41 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -52,7 +52,7 @@ #include #ifdef WOLFSSL_WC_KYBER -static const uint16_t L_kyber_arm32_ntt_zetas[] = { +static const word16 L_kyber_arm32_ntt_zetas[] = { 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, 0x0c56, 0x026e, 0x0629, 0x00b6, @@ -90,8 +90,8 @@ static const uint16_t L_kyber_arm32_ntt_zetas[] = { void kyber_arm32_ntt(sword16* r_p) { register sword16* r asm ("r0") = (sword16*)r_p; - register uint16_t* L_kyber_arm32_ntt_zetas_c asm ("r1") = - (uint16_t*)&L_kyber_arm32_ntt_zetas; + register word16* L_kyber_arm32_ntt_zetas_c asm ("r1") = + (word16*)&L_kyber_arm32_ntt_zetas; __asm__ __volatile__ ( "sub sp, sp, #8\n\t" @@ -3318,7 +3318,7 @@ void kyber_arm32_ntt(sword16* r_p) ); } -static const uint16_t L_kyber_arm32_invntt_zetas_inv[] = { +static const word16 L_kyber_arm32_invntt_zetas_inv[] = { 0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c, 0x0b23, 0x0366, 0x0356, 0x05e6, @@ -3356,8 +3356,8 @@ static const uint16_t L_kyber_arm32_invntt_zetas_inv[] = { void kyber_arm32_invntt(sword16* r_p) { register sword16* r asm ("r0") = (sword16*)r_p; - register uint16_t* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") = - (uint16_t*)&L_kyber_arm32_invntt_zetas_inv; + register word16* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") = + (word16*)&L_kyber_arm32_invntt_zetas_inv; __asm__ __volatile__ ( "sub sp, sp, #8\n\t" @@ -8082,7 +8082,7 @@ void kyber_arm32_invntt(sword16* r_p) ); } -static const uint16_t L_kyber_arm32_basemul_mont_zetas[] = { +static const word16 L_kyber_arm32_basemul_mont_zetas[] = { 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, 0x0c56, 0x026e, 0x0629, 0x00b6, @@ -8123,8 +8123,8 @@ void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p, register sword16* r asm ("r0") = (sword16*)r_p; register const sword16* a asm ("r1") = (const sword16*)a_p; register const sword16* b asm ("r2") = (const sword16*)b_p; - register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = - (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; __asm__ __volatile__ ( "add r3, r3, #0x80\n\t" @@ -8418,8 +8418,8 @@ void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p, register sword16* r asm ("r0") = (sword16*)r_p; register const sword16* a asm ("r1") = (const sword16*)a_p; register const sword16* b asm ("r2") = (const sword16*)b_p; - register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = - (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; __asm__ __volatile__ ( "add r3, r3, #0x80\n\t" @@ -8748,8 +8748,8 @@ void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p, void kyber_arm32_csubq(sword16* p_p) { register sword16* p asm ("r0") = (sword16*)p_p; - register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") = - (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; __asm__ __volatile__ ( #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) @@ -8961,8 +8961,8 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, register unsigned int len asm ("r1") = (unsigned int)len_p; register const byte* r asm ("r2") = (const byte*)r_p; register unsigned int rLen asm ("r3") = (unsigned int)rLen_p; - register uint16_t* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") = - (uint16_t*)&L_kyber_arm32_basemul_mont_zetas; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; __asm__ __volatile__ ( #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index d0eb5bc08..d12e4c19b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -277,7 +277,7 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, ); } -static const uint32_t L_poly1305_arm32_clamp[] = { +static const word32 L_poly1305_arm32_clamp[] = { 0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc, }; @@ -285,8 +285,8 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) { register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; register const byte* key asm ("r1") = (const byte*)key_p; - register uint32_t* L_poly1305_arm32_clamp_c asm ("r2") = - (uint32_t*)&L_poly1305_arm32_clamp; + register word32* L_poly1305_arm32_clamp_c asm ("r2") = + (word32*)&L_poly1305_arm32_clamp; __asm__ __volatile__ ( /* Load mask. */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 027f31362..01de10634 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -53,7 +53,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint32_t L_SHA256_transform_len_k[] = { +static const word32 L_SHA256_transform_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -78,8 +78,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = - (uint32_t*)&L_SHA256_transform_len_k; + register word32* L_SHA256_transform_len_k_c asm ("r3") = + (word32*)&L_SHA256_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -1743,7 +1743,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #include #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint32_t L_SHA256_transform_neon_len_k[] = { +static const word32 L_SHA256_transform_neon_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -1768,8 +1768,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = - (uint32_t*)&L_SHA256_transform_neon_len_k; + register word32* L_SHA256_transform_neon_len_k_c asm ("r3") = + (word32*)&L_SHA256_transform_neon_len_k; __asm__ __volatile__ ( "sub sp, sp, #24\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index 759b1278b..9a21c4d8f 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -51,7 +51,7 @@ #endif /* __KEIL__ */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_sha3_arm2_neon_rt[] = { +static const word64 L_sha3_arm2_neon_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -71,8 +71,8 @@ static const uint64_t L_sha3_arm2_neon_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = - (uint64_t*)&L_sha3_arm2_neon_rt; + register word64* L_sha3_arm2_neon_rt_c asm ("r1") = + (word64*)&L_sha3_arm2_neon_rt; __asm__ __volatile__ ( "sub sp, sp, #16\n\t" @@ -344,7 +344,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_sha3_arm2_rt[] = { +static const word64 L_sha3_arm2_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -364,8 +364,7 @@ static const uint64_t L_sha3_arm2_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_rt_c asm ("r1") = - (uint64_t*)&L_sha3_arm2_rt; + register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt; __asm__ __volatile__ ( "sub sp, sp, #0xcc\n\t" diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index e116d184a..5e56de87b 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -53,7 +53,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_len_k[] = { +static const word64 L_SHA512_transform_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -102,8 +102,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = - (uint64_t*)&L_SHA512_transform_len_k; + register word64* L_SHA512_transform_len_k_c asm ("r3") = + (word64*)&L_SHA512_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -7612,7 +7612,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #include #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_neon_len_k[] = { +static const word64 L_SHA512_transform_neon_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -7661,8 +7661,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = - (uint64_t*)&L_SHA512_transform_neon_len_k; + register word64* L_SHA512_transform_neon_len_k_c asm ("r3") = + (word64*)&L_SHA512_transform_neon_len_k; __asm__ __volatile__ ( /* Load digest into working vars */ diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c index e590ad8a8..da16fdc10 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -47,7 +47,7 @@ #include #ifdef HAVE_AES_DECRYPT -XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_td_data[] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, @@ -116,7 +116,7 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = { #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_te_data[] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, @@ -185,10 +185,10 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = { #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -static const uint32_t* L_AES_Thumb2_td = L_AES_Thumb2_td_data; +static const word32* L_AES_Thumb2_td = L_AES_Thumb2_td_data; #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_Thumb2_te = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te = L_AES_Thumb2_te_data; #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT void AES_invert_key(unsigned char* ks, word32 rounds); @@ -201,8 +201,8 @@ void AES_invert_key(unsigned char* ks, word32 rounds) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register unsigned char* ks __asm__ ("r0") = (unsigned char*)ks_p; register word32 rounds __asm__ ("r1") = (word32)rounds_p; - register uint32_t* L_AES_Thumb2_te_c __asm__ ("r2") = (uint32_t*)L_AES_Thumb2_te; - register uint32_t* L_AES_Thumb2_td_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_td; + register word32* L_AES_Thumb2_te_c __asm__ ("r2") = (word32*)L_AES_Thumb2_te; + register word32* L_AES_Thumb2_td_c __asm__ ("r3") = (word32*)L_AES_Thumb2_td; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -325,7 +325,7 @@ void AES_invert_key(unsigned char* ks, word32 rounds) } #endif /* HAVE_AES_DECRYPT */ -XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 @@ -343,8 +343,8 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks register const unsigned char* key __asm__ ("r0") = (const unsigned char*)key_p; register word32 len __asm__ ("r1") = (word32)len_p; register unsigned char* ks __asm__ ("r2") = (unsigned char*)ks_p; - register uint32_t* L_AES_Thumb2_te_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_te; - register uint32_t* L_AES_Thumb2_rcon_c __asm__ ("r4") = (uint32_t*)&L_AES_Thumb2_rcon; + register word32* L_AES_Thumb2_te_c __asm__ ("r3") = (word32*)L_AES_Thumb2_te; + register word32* L_AES_Thumb2_rcon_c __asm__ ("r4") = (word32*)&L_AES_Thumb2_rcon; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -620,18 +620,18 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks ); } -void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks); +void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p) +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, const word32* ks_p) #else -void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) +void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register const uint32_t* te __asm__ ("r0") = (const uint32_t*)te_p; + register const word32* te __asm__ ("r0") = (const word32*)te_p; register int nr __asm__ ("r1") = (int)nr_p; register int len __asm__ ("r2") = (int)len_p; - register const uint32_t* ks __asm__ ("r3") = (const uint32_t*)ks_p; + register const word32* ks __asm__ ("r3") = (const word32*)ks_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -856,7 +856,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) } #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data; #endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, @@ -873,7 +873,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long register unsigned long len __asm__ ("r2") = (unsigned long)len_p; register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1096,7 +1096,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1341,7 +1341,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1593,17 +1593,17 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC) -void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4); +void AES_decrypt_block(const word32* td, int nr, const byte* td4); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p) #else -void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) +void AES_decrypt_block(const word32* td, int nr, const byte* td4) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register const uint32_t* td __asm__ ("r0") = (const uint32_t*)td_p; + register const word32* td __asm__ ("r0") = (const word32*)td_p; register int nr __asm__ ("r1") = (int)nr_p; - register const uint8_t* td4 __asm__ ("r2") = (const uint8_t*)td4_p; + register const byte* td4 __asm__ ("r2") = (const byte*)td4_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1827,8 +1827,8 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) ); } -static const uint32_t* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data; -static const unsigned char L_AES_Thumb2_td4[] = { +static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data; +static const byte L_AES_Thumb2_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, @@ -1878,8 +1878,8 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long register unsigned long len __asm__ ("r2") = (unsigned long)len_p; register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; - register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_td_ecb; - register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r6") = (unsigned char*)&L_AES_Thumb2_td4; + register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_td_ecb; + register byte* L_AES_Thumb2_td4_c __asm__ ("r6") = (byte*)&L_AES_Thumb2_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -2099,8 +2099,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_td_ecb; - register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r7") = (unsigned char*)&L_AES_Thumb2_td4; + register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_td_ecb; + register byte* L_AES_Thumb2_td4_c __asm__ ("r7") = (byte*)&L_AES_Thumb2_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -2494,7 +2494,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */ #endif /* HAVE_AES_DECRYPT */ #ifdef HAVE_AESGCM -XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = { +XALIGNED(16) static const word32 L_GCM_gmult_len_r[] = { 0x00000000, 0x1c200000, 0x38400000, 0x24600000, 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, @@ -2514,7 +2514,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha register const unsigned char** m __asm__ ("r1") = (const unsigned char**)m_p; register const unsigned char* data __asm__ ("r2") = (const unsigned char*)data_p; register unsigned long len __asm__ ("r3") = (unsigned long)len_p; - register uint32_t* L_GCM_gmult_len_r_c __asm__ ("r4") = (uint32_t*)&L_GCM_gmult_len_r; + register word32* L_GCM_gmult_len_r_c __asm__ ("r4") = (word32*)&L_GCM_gmult_len_r; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3089,7 +3089,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha ); } -static const uint32_t* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data; void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3105,7 +3105,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_gcm; + register word32* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_gcm; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c index 9ae0e23c0..7693748c8 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c @@ -76,7 +76,7 @@ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter) ); } -XALIGNED(16) static const uint32_t L_chacha_thumb2_constants[] = { +XALIGNED(16) static const word32 L_chacha_thumb2_constants[] = { 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574, 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, }; @@ -91,7 +91,7 @@ void wc_chacha_setkey(word32* x, const byte* key, word32 keySz) register word32* x __asm__ ("r0") = (word32*)x_p; register const byte* key __asm__ ("r1") = (const byte*)key_p; register word32 keySz __asm__ ("r2") = (word32)keySz_p; - register uint32_t* L_chacha_thumb2_constants_c __asm__ ("r3") = (uint32_t*)&L_chacha_thumb2_constants; + register word32* L_chacha_thumb2_constants_c __asm__ ("r3") = (word32*)&L_chacha_thumb2_constants; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c index 2c0147baf..e42741d62 100644 --- a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c @@ -46,7 +46,7 @@ #include #ifdef WOLFSSL_WC_KYBER -XALIGNED(16) static const uint16_t L_kyber_thumb2_ntt_zetas[] = { +XALIGNED(16) static const word16 L_kyber_thumb2_ntt_zetas[] = { 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, @@ -73,7 +73,7 @@ void kyber_thumb2_ntt(sword16* r) { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sword16* r __asm__ ("r0") = (sword16*)r_p; - register uint16_t* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_ntt_zetas; + register word16* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_ntt_zetas; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1368,7 +1368,7 @@ void kyber_thumb2_ntt(sword16* r) ); } -XALIGNED(16) static const uint16_t L_kyber_thumb2_invntt_zetas_inv[] = { +XALIGNED(16) static const word16 L_kyber_thumb2_invntt_zetas_inv[] = { 0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c, 0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1, 0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf, @@ -1395,7 +1395,7 @@ void kyber_thumb2_invntt(sword16* r) { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sword16* r __asm__ ("r0") = (sword16*)r_p; - register uint16_t* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_invntt_zetas_inv; + register word16* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_invntt_zetas_inv; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3057,7 +3057,7 @@ void kyber_thumb2_invntt(sword16* r) ); } -XALIGNED(16) static const uint16_t L_kyber_thumb2_basemul_mont_zetas[] = { +XALIGNED(16) static const word16 L_kyber_thumb2_basemul_mont_zetas[] = { 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, @@ -3086,7 +3086,7 @@ void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b) register sword16* r __asm__ ("r0") = (sword16*)r_p; register const sword16* a __asm__ ("r1") = (const sword16*)a_p; register const sword16* b __asm__ ("r2") = (const sword16*)b_p; - register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3234,7 +3234,7 @@ void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, const sword16* register sword16* r __asm__ ("r0") = (sword16*)r_p; register const sword16* a __asm__ ("r1") = (const sword16*)a_p; register const sword16* b __asm__ ("r2") = (const sword16*)b_p; - register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3392,7 +3392,7 @@ void kyber_thumb2_csubq(sword16* p) { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sword16* p __asm__ ("r0") = (sword16*)p_p; - register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3507,7 +3507,7 @@ unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* register unsigned int len __asm__ ("r1") = (unsigned int)len_p; register const byte* r __asm__ ("r2") = (const byte*)r_p; register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p; - register uint16_t* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (uint16_t*)&L_kyber_thumb2_basemul_mont_zetas; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c index 1862a8663..7cc94428f 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c @@ -294,7 +294,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not ); } -XALIGNED(16) static const uint32_t L_poly1305_thumb2_clamp[] = { +XALIGNED(16) static const word32 L_poly1305_thumb2_clamp[] = { 0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc, }; @@ -307,7 +307,7 @@ void poly1305_set_key(Poly1305* ctx, const byte* key) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p; register const byte* key __asm__ ("r1") = (const byte*)key_p; - register uint32_t* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (uint32_t*)&L_poly1305_thumb2_clamp; + register word32* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (word32*)&L_poly1305_thumb2_clamp; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c index cdf8b4cc1..0b7642ee6 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c @@ -47,7 +47,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -XALIGNED(16) static const uint32_t L_SHA256_transform_len_k[] = { +XALIGNED(16) static const word32 L_SHA256_transform_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -77,7 +77,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) register wc_Sha256* sha256 __asm__ ("r0") = (wc_Sha256*)sha256_p; register const byte* data __asm__ ("r1") = (const byte*)data_p; register word32 len __asm__ ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_len_k_c __asm__ ("r3") = (uint32_t*)&L_SHA256_transform_len_k; + register word32* L_SHA256_transform_len_k_c __asm__ ("r3") = (word32*)&L_SHA256_transform_len_k; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c index f9459f3f3..03b564fe7 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c @@ -44,7 +44,7 @@ #define __volatile__ volatile #endif /* __KEIL__ */ #ifdef WOLFSSL_SHA3 -static const uint64_t L_sha3_thumb2_rt[] = { +static const word64 L_sha3_thumb2_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -69,7 +69,7 @@ void BlockSha3(word64* state) { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register word64* state __asm__ ("r0") = (word64*)state_p; - register uint64_t* L_sha3_thumb2_rt_c __asm__ ("r1") = (uint64_t*)&L_sha3_thumb2_rt; + register word64* L_sha3_thumb2_rt_c __asm__ ("r1") = (word64*)&L_sha3_thumb2_rt; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c index 0fc857cc0..6a223b19a 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c @@ -47,7 +47,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_len_k[] = { +static const word64 L_SHA512_transform_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -101,7 +101,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) register wc_Sha512* sha512 __asm__ ("r0") = (wc_Sha512*)sha512_p; register const byte* data __asm__ ("r1") = (const byte*)data_p; register word32 len __asm__ ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_len_k_c __asm__ ("r3") = (uint64_t*)&L_SHA512_transform_len_k; + register word64* L_SHA512_transform_len_k_c __asm__ ("r3") = (word64*)&L_SHA512_transform_len_k; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 68449bebd..87e9c426a 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -71117,7 +71117,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -77540,7 +77540,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -78329,7 +78329,7 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_256_num_bits_8_table[] = { +static const byte L_sp_256_num_bits_8_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -78367,8 +78367,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = { static int sp_256_num_bits_8(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = - (unsigned char*)&L_sp_256_num_bits_8_table; + register byte* L_sp_256_num_bits_8_table_c asm ("r1") = + (byte*)&L_sp_256_num_bits_8_table; __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -89961,7 +89961,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -95463,13 +95463,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -96088,7 +96088,7 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_384_num_bits_12_table[] = { +static const byte L_sp_384_num_bits_12_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -96126,8 +96126,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = { static int sp_384_num_bits_12(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = - (unsigned char*)&L_sp_384_num_bits_12_table; + register byte* L_sp_384_num_bits_12_table_c asm ("r1") = + (byte*)&L_sp_384_num_bits_12_table; __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -116954,7 +116954,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -123861,14 +123861,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -124642,7 +124642,7 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_521_num_bits_17_table[] = { +static const byte L_sp_521_num_bits_17_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -124680,8 +124680,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = { static int sp_521_num_bits_17(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = - (unsigned char*)&L_sp_521_num_bits_17_table; + register byte* L_sp_521_num_bits_17_table_c asm ("r1") = + (byte*)&L_sp_521_num_bits_17_table; __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -126664,7 +126664,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 0a465f4f0..3da6744a1 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -22738,7 +22738,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -40519,7 +40519,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r, #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; @@ -43944,7 +43944,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -67122,13 +67122,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -72112,7 +72112,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -111996,14 +111996,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -113493,7 +113493,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 56c793114..78e0ea484 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -98858,7 +98858,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -105321,7 +105321,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -110286,7 +110286,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -116261,13 +116261,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -122551,7 +122551,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -132186,14 +132186,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -136163,7 +136163,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 9520f86df..b4489d216 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -20945,7 +20945,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -25416,7 +25416,7 @@ static void sp_256_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -28328,7 +28328,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -33499,13 +33499,13 @@ static void sp_384_mont_mul_order_15(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -35976,7 +35976,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -41609,14 +41609,14 @@ static void sp_521_mont_mul_order_21(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -43092,7 +43092,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index ab0ceda98..6046cb417 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -21914,7 +21914,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_5(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -26298,7 +26298,7 @@ static void sp_256_mont_mul_order_5(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; @@ -28793,7 +28793,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -33772,13 +33772,13 @@ static void sp_384_mont_mul_order_7(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -36306,7 +36306,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -41196,14 +41196,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -42672,7 +42672,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 25404a718..bd02cd468 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -34541,7 +34541,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -40247,7 +40247,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -45134,7 +45134,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -50341,13 +50341,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -57169,7 +57169,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -63601,14 +63601,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -65722,7 +65722,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 252943227..b1dcaf629 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -8438,7 +8438,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -25121,13 +25121,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; #else /* The low half of the order-2 of the P256 curve. */ -static const uint64_t p256_order_low[2] = { +static const word64 p256_order_low[2] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U }; #endif /* WOLFSSL_SP_SMALL */ @@ -27593,7 +27593,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -50156,13 +50156,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -52503,7 +52503,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -91277,14 +91277,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -93041,7 +93041,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 From 54dc8320d28a793aee48549892967c9abefad7a4 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 30 Oct 2024 14:53:21 -0400 Subject: [PATCH 238/325] added a missing %d --- wolfcrypt/src/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 278e2d72c..0eda13375 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1702,7 +1702,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, if (ret != 0) { #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("_InitRng failed. err = ", ret); + WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret); #endif } else { From 62d7e903523f91be5b675114401ad1560b186378 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 30 Oct 2024 11:03:59 -0600 Subject: [PATCH 239/325] added additional curve25519 generic test --- wolfcrypt/test/test.c | 92 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index aa1b4be5a..7eb1128ac 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35098,6 +35098,98 @@ static wc_test_ret_t curve255519_der_test(void) ret = WC_TEST_RET_ENC_NC; } + /* Test decode/encode of a key file containing both public and private + * fields */ + if (ret == 0) { + XMEMSET(&key, 0 , sizeof(key)); + + /* Decode public key */ + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key, + (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + /* Decode private key */ + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + /* Both public and private flags should be set */ + if ((ret == 0) && (!key.pubSet && !key.privSet)) { + ret = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + /* Export key to temporary DER */ + ret = wc_Curve25519KeyToDer(&key, output, sizeof(output), 1); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* Re-import temporary DER */ + idx = 0; + ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* Ensure public and private keys survived combined keypair + * export/import by re-exporting DER for private and public keys, + * individually, and re-checking output against known good vectors. + * This is slightly circuitous but does test the functionality + * without requiring the addition of new test keys */ + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, + &key, (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if ((ret == 0) && + (outputSz != (word32)sizeof(kCurve25519PrivDer) || + XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, + &key, (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if ((ret == 0) && + (outputSz != (word32)sizeof(kCurve25519PubDer) || + XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + } + + } + wc_curve25519_free(&key); return ret; From 589bcaa12ab75cc00eeb14281fd70bd9f14df430 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 30 Oct 2024 12:52:52 -0600 Subject: [PATCH 240/325] added doxygen for curve25519 DER functions --- doc/dox_comments/header_files/asn_public.h | 131 +++++++++++++++++++++ 1 file changed, 131 insertions(+) diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h index 30ea784b0..c3dfaa491 100644 --- a/doc/dox_comments/header_files/asn_public.h +++ b/doc/dox_comments/header_files/asn_public.h @@ -1557,6 +1557,137 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve, int comp); + +/*! + \ingroup ASN + + \brief This function decodes a Curve25519 private key (only) from a DER + encoded buffer + + \return 0 Success + \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null + \return ASN_PARSE_E Returns if there is an error parsing the DER encoded + data + \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or + the DER key contains other issues despite being properly formatted. + \return BUFFER_E Returns if the input buffer is too small to contain a + valid DER encoded key. + + \param input Pointer to buffer containing DER encoded private key + \param inOutIdx Index to start reading input buffer from. On output, + index is set to last position parsed of input buffer. + \param key Pointer to curve25519_key structure to store decoded key + \param inSz Size of input DER buffer +*/ +int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + +/*! + \ingroup ASN + + \brief This function decodes a Curve25519 public key (only) from a DER + encoded buffer. + + \return 0 Success + \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null + \return ASN_PARSE_E Returns if there is an error parsing the DER encoded + data + \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or + the DER key contains other issues despite being properly formatted. + \return BUFFER_E Returns if the input buffer is too small to contain a + valid DER encoded key. + + \param input Pointer to buffer containing DER encoded public key + \param inOutIdx Index to start reading input buffer from. On output, + index is set to last position parsed of input buffer. + \param key Pointer to curve25519_key structure to store decoded key + \param inSz Size of input DER buffer +*/ +int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + +/*! + \ingroup ASN + + \brief This function decodes a Curve25519 key from a DER encoded buffer. It + can decode either a private key, a public key, or both. + + \return 0 Success + \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null + \return ASN_PARSE_E Returns if there is an error parsing the DER encoded + data + \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or + the DER key contains other issues despite being properly formatted. + \return BUFFER_E Returns if the input buffer is too small to contain a + valid DER encoded key. + + \param input Pointer to buffer containing DER encoded key + \param inOutIdx Index to start reading input buffer from. On output, + index is set to last position parsed of input buffer. + \param key Pointer to curve25519_key structure to store decoded key + \param inSz Size of input DER buffer +*/ +int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + +/*! + \ingroup ASN + + \brief This function encodes a Curve25519 private key to DER format. If the + input key structure contains a public key, it will be ignored. + + \return >0 Success, length of DER encoding + \return BAD_FUNC_ARG Returns if key or output is null + \return MEMORY_E Returns if there is an allocation failure + \return BUFFER_E Returns if output buffer is too small + + \param key Pointer to curve25519_key structure containing private key to + encode + \param output Buffer to hold DER encoding + \param inLen Size of output buffer +*/ +int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, + word32 inLen); + +/*! + \ingroup ASN + + \brief This function encodes a Curve25519 public key to DER format. If the + input key structure contains a private key, it will be ignored. + + \return >0 Success, length of DER encoding + \return BAD_FUNC_ARG Returns if key or output is null + \return MEMORY_E Returns if there is an allocation failure + \return BUFFER_E Returns if output buffer is too small + + \param key Pointer to curve25519_key structure containing public key to + encode + \param output Buffer to hold DER encoding + \param inLen Size of output buffer + \param withAlg Whether to include algorithm identifier +*/ +int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg); + +/*! + \ingroup ASN + + \brief This function encodes a Curve25519 key to DER format. It can encode + either a private key, a public key, or both. + + \return >0 Success, length of DER encoding + \return BAD_FUNC_ARG Returns if key or output is null + \return MEMORY_E Returns if there is an allocation failure + \return BUFFER_E Returns if output buffer is too small + + \param key Pointer to curve25519_key structure containing key to encode + \param output Buffer to hold DER encoding + \param inLen Size of output buffer + \param withAlg Whether to include algorithm identifier +*/ +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg); + /*! \ingroup ASN From 20cf6b74c131f49e7441461beb024b4b6d84079a Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:02:38 -0600 Subject: [PATCH 241/325] fix curve25519 test sanitizer errors --- wolfcrypt/test/test.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7eb1128ac..234cbf235 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35110,12 +35110,14 @@ static wc_test_ret_t curve255519_der_test(void) if (ret < 0) { ret = WC_TEST_RET_ENC_EC(ret); } - /* Decode private key */ - idx = 0; - ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, - (word32)sizeof(kCurve25519PrivDer)); - if (ret < 0) { - ret = WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + /* Decode private key */ + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } } /* Both public and private flags should be set */ if ((ret == 0) && (!key.pubSet && !key.privSet)) { @@ -35123,16 +35125,23 @@ static wc_test_ret_t curve255519_der_test(void) } if (ret == 0) { /* Export key to temporary DER */ - ret = wc_Curve25519KeyToDer(&key, output, sizeof(output), 1); - if (ret < 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { ret = WC_TEST_RET_ENC_EC(ret); } /* Re-import temporary DER */ - idx = 0; - ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output)); - if (ret < 0) { - ret = WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + idx = 0; + ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } } /* Ensure public and private keys survived combined keypair From bc56129ed843be626b3e50b79f83396352d47494 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 14 Oct 2024 10:30:34 -0600 Subject: [PATCH 242/325] display heap pointer with debug enabled --- wolfcrypt/src/memory.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 75d03895e..cc16ea133 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1030,7 +1030,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #endif #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line); + fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap, + res, (word32)size, func, line); #endif #else WOLFSSL_MSG("No heap hint found to use and no malloc"); @@ -1097,8 +1098,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } #ifdef WOLFSSL_DEBUG_STATIC_MEMORY else { - fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size, - mem->sizeList[i]); + fprintf(stderr, "Size: %lu, Empty: %d\n", + (unsigned long) size, mem->sizeList[i]); } #endif } @@ -1114,7 +1115,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #ifdef WOLFSSL_DEBUG_MEMORY pt->szUsed = size; - fprintf(stderr, "Alloc: %p -> %lu at %s:%d\n", pt->buffer, size, func, line); + fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap, + pt->buffer, size, func, line); #endif #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK if (DebugCb) { @@ -1143,8 +1145,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) WOLFSSL_MSG("ERROR ran out of static memory"); res = NULL; #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func, - line); + fprintf(stderr, "Looking for %lu bytes at %s:%d\n", + (unsigned long) size, func, line); #endif #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK if (DebugCb) { @@ -1187,7 +1189,8 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #ifdef WOLFSSL_HEAP_TEST if (heap == (void*)WOLFSSL_HEAP_TEST) { #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Free: %p at %s:%d\n", pt, func, line); + fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func, + line); #endif return free(ptr); } @@ -1205,6 +1208,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type) } #endif #ifndef WOLFSSL_NO_MALLOC + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func, + line); + #endif #ifdef FREERTOS vPortFree(ptr); #elif defined(WOLFSSL_EMBOS) @@ -1212,9 +1219,6 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #else free(ptr); #endif - #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line); - #endif #else WOLFSSL_MSG("Error trying to call free when turned off"); #endif /* WOLFSSL_NO_MALLOC */ @@ -1286,8 +1290,8 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #endif #ifdef WOLFSSL_DEBUG_MEMORY - fprintf (stderr, "Free: %p -> %u at %s:%d\n", pt->buffer, - pt->szUsed, func, line); + fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap, + pt->buffer, pt->szUsed, func, line); #endif #ifndef WOLFSSL_STATIC_MEMORY_LEAN From 69f2529aa5a45a6bb807e6944883d040d9ff578f Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 30 Oct 2024 16:50:59 -0400 Subject: [PATCH 243/325] Consider downgrade to TLS 1.2 when parsing CKS. --- src/tls.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index 8441acf52..a42db1d51 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9957,6 +9957,16 @@ int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length, } } + /* This could be a situation where the client tried to start with TLS 1.3 + * when it sent ClientHello and the server down-graded to TLS 1.2. In that + * case, erroring out because it is TLS 1.2 is not a reasonable thing to do. + * In the case of TLS 1.2, the CKS values will be ignored. */ + if (!IsAtLeastTLSv1_3(ssl->version)) { + ssl->sigSpec = NULL; + ssl->sigSpecSz = 0; + return 0; + } + /* Extension data is valid, but if we are the server and we don't have an * alt private key, do not respond with CKS extension. */ if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) { @@ -15038,9 +15048,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #ifdef WOLFSSL_DUAL_ALG_CERTS case TLSX_CKS: WOLFSSL_MSG("CKS extension received"); - if (!IsAtLeastTLSv1_3(ssl->version) || - (msgType != client_hello && - msgType != encrypted_extensions)) { + if (msgType != client_hello && + msgType != encrypted_extensions) { WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } From 26312141d83a9954573a162ecd0b579dcde919c9 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 31 Oct 2024 10:14:00 +1000 Subject: [PATCH 244/325] ASM: generated code not using uint*_t types Don't use uint*_t types as they may not be available. --- .../src/port/arm/armv8-32-curve25519_c.c | 8 +- wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c | 2 +- wolfcrypt/src/port/arm/armv8-curve25519_c.c | 6 +- wolfcrypt/src/port/arm/armv8-kyber-asm_c.c | 36 +-- wolfcrypt/src/port/arm/armv8-sha3-asm_c.c | 4 +- wolfcrypt/src/port/arm/armv8-sha512-asm_c.c | 6 +- wolfcrypt/src/port/arm/thumb2-curve25519_c.c | 8 +- wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c | 2 +- wolfcrypt/src/sp_arm32.c | 300 +++++++++--------- wolfcrypt/src/sp_arm64.c | 130 ++++---- wolfcrypt/src/sp_armthumb.c | 246 +++++++------- wolfcrypt/src/sp_c32.c | 88 ++--- wolfcrypt/src/sp_c64.c | 88 ++--- wolfcrypt/src/sp_cortexm.c | 276 ++++++++-------- wolfcrypt/src/sp_dsp32.c | 10 +- wolfcrypt/src/sp_int.c | 2 +- wolfcrypt/src/sp_x86_64.c | 118 +++---- 17 files changed, 665 insertions(+), 665 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index 284b80686..e39eff641 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -648,7 +648,7 @@ int fe_isnonzero(const fe a_p) : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } int fe_isnegative(const fe a_p) @@ -674,7 +674,7 @@ int fe_isnegative(const fe a_p) : : "memory", "cc", "r1", "r2", "r3", "r4", "r5" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) @@ -4030,7 +4030,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -4344,7 +4344,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WC_NO_CACHE_RESISTANT */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c index 1866f3c41..e5ce1a383 100644 --- a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -9224,7 +9224,7 @@ unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)p; + return (word32)(size_t)p; } #endif /* WOLFSSL_WC_KYBER */ diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c index 6af75a632..a2dc78e58 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c @@ -234,7 +234,7 @@ int fe_isnonzero(const fe a) : : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } int fe_isnegative(const fe a) @@ -253,7 +253,7 @@ int fe_isnegative(const fe a) : : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } void fe_cmov_table(fe* r, fe* base, signed char b) @@ -3683,7 +3683,7 @@ int curve25519(byte* r, const byte* n, const byte* a) : : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #ifdef HAVE_ED25519 diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c index 09f123b4c..e82e245e6 100644 --- a/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c @@ -32,7 +32,7 @@ #ifdef WOLFSSL_ARMASM #ifdef __aarch64__ #ifdef WOLFSSL_ARMASM_INLINE -static const uint16_t L_kyber_aarch64_q[] = { +static const word16 L_kyber_aarch64_q[] = { 0xd01, 0xd01, 0xd01, @@ -43,7 +43,7 @@ static const uint16_t L_kyber_aarch64_q[] = { 0xd01, }; -static const uint16_t L_kyber_aarch64_consts[] = { +static const word16 L_kyber_aarch64_consts[] = { 0xd01, 0xf301, 0x4ebf, @@ -54,7 +54,7 @@ static const uint16_t L_kyber_aarch64_consts[] = { 0x0, }; -static const uint64_t L_sha3_aarch64_r[] = { +static const word64 L_sha3_aarch64_r[] = { 0x1UL, 0x8082UL, 0x800000000000808aUL, @@ -84,7 +84,7 @@ static const uint64_t L_sha3_aarch64_r[] = { #include #ifdef WOLFSSL_WC_KYBER -static const uint16_t L_kyber_aarch64_zetas[] = { +static const word16 L_kyber_aarch64_zetas[] = { 0x8ed, 0xa0b, 0xb9a, @@ -375,7 +375,7 @@ static const uint16_t L_kyber_aarch64_zetas[] = { 0x65c, }; -static const uint16_t L_kyber_aarch64_zetas_qinv[] = { +static const word16 L_kyber_aarch64_zetas_qinv[] = { 0xffed, 0x7b0b, 0x399a, @@ -2222,7 +2222,7 @@ void kyber_ntt(sword16* r) ); } -static const uint16_t L_kyber_aarch64_zetas_inv[] = { +static const word16 L_kyber_aarch64_zetas_inv[] = { 0x6a5, 0x6a5, 0x70f, @@ -2513,7 +2513,7 @@ static const uint16_t L_kyber_aarch64_zetas_inv[] = { 0x5a1, }; -static const uint16_t L_kyber_aarch64_zetas_inv_qinv[] = { +static const word16 L_kyber_aarch64_zetas_inv_qinv[] = { 0xa5a5, 0xa5a5, 0x440f, @@ -4596,7 +4596,7 @@ void kyber_invntt(sword16* r) ); } -static const uint16_t L_kyber_aarch64_zetas_mul[] = { +static const word16 L_kyber_aarch64_zetas_mul[] = { 0x8b2, 0xf74e, 0x1ae, @@ -7132,7 +7132,7 @@ void kyber_to_mont(sword16* p) ); } -static const uint16_t L_kyber_aarch64_to_msg_neon_low[] = { +static const word16 L_kyber_aarch64_to_msg_neon_low[] = { 0x373, 0x373, 0x373, @@ -7143,7 +7143,7 @@ static const uint16_t L_kyber_aarch64_to_msg_neon_low[] = { 0x373, }; -static const uint16_t L_kyber_aarch64_to_msg_neon_high[] = { +static const word16 L_kyber_aarch64_to_msg_neon_high[] = { 0x9c0, 0x9c0, 0x9c0, @@ -7154,7 +7154,7 @@ static const uint16_t L_kyber_aarch64_to_msg_neon_high[] = { 0x9c0, }; -static const uint16_t L_kyber_aarch64_to_msg_neon_bits[] = { +static const word16 L_kyber_aarch64_to_msg_neon_bits[] = { 0x1, 0x2, 0x4, @@ -7398,7 +7398,7 @@ void kyber_to_msg_neon(byte* msg, sword16* p) ); } -static const uint16_t L_kyber_aarch64_from_msg_neon_q1half[] = { +static const word16 L_kyber_aarch64_from_msg_neon_q1half[] = { 0x681, 0x681, 0x681, @@ -7409,7 +7409,7 @@ static const uint16_t L_kyber_aarch64_from_msg_neon_q1half[] = { 0x681, }; -static const uint8_t L_kyber_aarch64_from_msg_neon_bits[] = { +static const word8 L_kyber_aarch64_from_msg_neon_bits[] = { 0x1, 0x2, 0x4, @@ -7853,10 +7853,10 @@ int kyber_cmp_neon(const byte* a, const byte* b, int sz) : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits) : "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } -static const uint16_t L_kyber_aarch64_rej_uniform_neon_mask[] = { +static const word16 L_kyber_aarch64_rej_uniform_neon_mask[] = { 0xfff, 0xfff, 0xfff, @@ -7867,7 +7867,7 @@ static const uint16_t L_kyber_aarch64_rej_uniform_neon_mask[] = { 0xfff, }; -static const uint16_t L_kyber_aarch64_rej_uniform_neon_bits[] = { +static const word16 L_kyber_aarch64_rej_uniform_neon_bits[] = { 0x1, 0x2, 0x4, @@ -7878,7 +7878,7 @@ static const uint16_t L_kyber_aarch64_rej_uniform_neon_bits[] = { 0x80, }; -static const uint8_t L_kyber_aarch64_rej_uniform_neon_indeces[] = { +static const word8 L_kyber_aarch64_rej_uniform_neon_indeces[] = { 0xff, 0xff, 0xff, @@ -12154,7 +12154,7 @@ unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, const byte* r, : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indeces] "S" (L_kyber_aarch64_rej_uniform_neon_indeces) : "memory", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "cc" ); - return (uint32_t)(size_t)p; + return (word32)(size_t)p; } #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c index 71ac40a22..00a7ecb37 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c @@ -36,7 +36,7 @@ #ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 -static const uint64_t L_SHA3_transform_crypto_r[] = { +static const word64 L_SHA3_transform_crypto_r[] = { 0x1UL, 0x8082UL, 0x800000000000808aUL, @@ -182,7 +182,7 @@ void BlockSha3(word64* state) } #else -static const uint64_t L_SHA3_transform_base_r[] = { +static const word64 L_SHA3_transform_base_r[] = { 0x1UL, 0x8082UL, 0x800000000000808aUL, diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c index ba7dc82e0..7da3bd2b9 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c @@ -36,7 +36,7 @@ #ifdef WOLFSSL_SHA512 #ifndef WOLFSSL_ARMASM_CRYPTO_SHA512 -static const uint64_t L_SHA512_transform_neon_len_k[] = { +static const word64 L_SHA512_transform_neon_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, @@ -119,7 +119,7 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = { 0x6c44198c4a475817UL, }; -static const uint64_t L_SHA512_transform_neon_len_ror8[] = { +static const word64 L_SHA512_transform_neon_len_ror8[] = { 0x7060504030201UL, 0x80f0e0d0c0b0a09UL, }; @@ -1054,7 +1054,7 @@ void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len) } #else -static const uint64_t L_SHA512_transform_crypto_len_k[] = { +static const word64 L_SHA512_transform_crypto_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index df8273840..a5b407951 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -533,7 +533,7 @@ int fe_isnonzero(const fe a) : : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -565,7 +565,7 @@ int fe_isnegative(const fe a) : : "memory", "r1", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) @@ -3239,7 +3239,7 @@ int curve25519(byte* r, const byte* n, const byte* a) : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -3645,7 +3645,7 @@ int curve25519(byte* r, const byte* n, const byte* a) : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WC_NO_CACHE_RESISTANT */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c index e42741d62..57d7c1a58 100644 --- a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c @@ -3842,7 +3842,7 @@ unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc" #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ ); - return (uint32_t)(size_t)p; + return (word32)(size_t)p; } #endif /* WOLFSSL_WC_KYBER */ diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 87e9c426a..3102c2cc1 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -2756,7 +2756,7 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -2803,7 +2803,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -2853,7 +2853,7 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -2993,7 +2993,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -3071,7 +3071,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -3271,7 +3271,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -3405,7 +3405,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -5082,7 +5082,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5167,7 +5167,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5280,7 +5280,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5356,7 +5356,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -5393,7 +5393,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -5811,7 +5811,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -5848,7 +5848,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -8451,7 +8451,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -8590,7 +8590,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -11304,7 +11304,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -11442,7 +11442,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -11841,7 +11841,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -12277,7 +12277,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -12528,7 +12528,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -15425,7 +15425,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -15559,7 +15559,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -15619,7 +15619,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -15757,7 +15757,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -16612,7 +16612,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -17170,7 +17170,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -17309,7 +17309,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -23971,7 +23971,7 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -24032,7 +24032,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24096,7 +24096,7 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -24268,7 +24268,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24374,7 +24374,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -24630,7 +24630,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24820,7 +24820,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -27994,7 +27994,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28093,7 +28093,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28234,7 +28234,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28310,7 +28310,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -28347,7 +28347,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -28765,7 +28765,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -28802,7 +28802,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -32429,7 +32429,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -32624,7 +32624,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -36522,7 +36522,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -36660,7 +36660,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -37235,7 +37235,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -37671,7 +37671,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -38034,7 +38034,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -42275,7 +42275,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -42465,7 +42465,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -42525,7 +42525,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -42663,7 +42663,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -43876,7 +43876,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -44434,7 +44434,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -44629,7 +44629,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -46186,7 +46186,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -46433,7 +46433,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Multiply a and b into r. (r = a * b) @@ -46549,7 +46549,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -46586,7 +46586,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -51236,7 +51236,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -51711,7 +51711,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -57297,7 +57297,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -57544,7 +57544,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -57604,7 +57604,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -57742,7 +57742,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -59307,7 +59307,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -59865,7 +59865,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -60116,7 +60116,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -65953,7 +65953,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -65990,7 +65990,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -66229,7 +66229,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, "lr", "r10" ); (void)m_p; - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Convert an mp_int to an array of sp_digit. @@ -71323,7 +71323,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -71370,7 +71370,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -71425,7 +71425,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -74152,7 +74152,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -74180,7 +74180,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i>= 6; @@ -24253,12 +24253,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_4_6[y]; v[i].neg = recode_neg_4_6[y]; carry = (y >> 6) + v[i].neg; @@ -24905,7 +24905,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -24933,7 +24933,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i>= 7; @@ -27336,12 +27336,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_4_7[y]; v[i].neg = recode_neg_4_7[y]; carry = (y >> 7) + v[i].neg; @@ -45159,13 +45159,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_6_6[66] = { +static const word8 recode_index_6_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -45174,7 +45174,7 @@ static const uint8_t recode_index_6_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_6_6[66] = { +static const word8 recode_neg_6_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -45192,7 +45192,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -45201,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -45215,12 +45215,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_6_6[y]; v[i].neg = recode_neg_6_6[y]; carry = (y >> 6) + v[i].neg; @@ -45831,7 +45831,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -45859,7 +45859,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i>= 7; @@ -48262,12 +48262,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_6_7[y]; v[i].neg = recode_neg_6_7[y]; carry = (y >> 7) + v[i].neg; @@ -73516,13 +73516,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -73531,7 +73531,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -73549,7 +73549,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -73558,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -73572,12 +73572,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -74233,7 +74233,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -74261,7 +74261,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i>= 7; @@ -77318,12 +77318,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_7[y]; v[i].neg = recode_neg_9_7[y]; carry = (y >> 7) + v[i].neg; @@ -116078,7 +116078,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -117595,13 +117595,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_16_7[130] = { +static const word8 recode_index_16_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -117614,7 +117614,7 @@ static const uint8_t recode_index_16_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_16_7[130] = { +static const word8 recode_neg_16_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -117636,7 +117636,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -117645,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -117659,12 +117659,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 16) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_16_7[y]; v[i].neg = recode_neg_16_7[y]; carry = (y >> 7) + v[i].neg; @@ -118133,7 +118133,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -118161,7 +118161,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i> 1) @@ -126018,7 +126018,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -126046,7 +126046,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i> 1) @@ -210617,7 +210617,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -210645,7 +210645,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i>= 6; @@ -22441,12 +22441,12 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (29 - o)) & 0x3f); + y |= (word8)((n << (29 - o)) & 0x3f); o -= 23; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -23046,7 +23046,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -23074,7 +23074,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_256_tab32_9[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_256_tab32_9[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_256_num_bits_9(const sp_digit* a) @@ -29854,13 +29854,13 @@ static void sp_384_proj_point_add_sub_15(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_15_6[66] = { +static const word8 recode_index_15_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -29869,7 +29869,7 @@ static const uint8_t recode_index_15_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_15_6[66] = { +static const word8 recode_neg_15_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -29887,7 +29887,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -29896,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 26) { y &= 0x3f; n >>= 6; @@ -29910,12 +29910,12 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) } else if (++j < 15) { n = k[j]; - y |= (uint8_t)((n << (26 - o)) & 0x3f); + y |= (word8)((n << (26 - o)) & 0x3f); o -= 20; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_15_6[y]; v[i].neg = recode_neg_15_6[y]; carry = (y >> 6) + v[i].neg; @@ -30575,7 +30575,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30603,7 +30603,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_384_tab32_15[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_384_tab32_15[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_384_num_bits_15(const sp_digit* a) @@ -37373,13 +37373,13 @@ static void sp_521_proj_point_add_sub_21(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_21_6[66] = { +static const word8 recode_index_21_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -37388,7 +37388,7 @@ static const uint8_t recode_index_21_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_21_6[66] = { +static const word8 recode_neg_21_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -37406,7 +37406,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -37415,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 25) { y &= 0x3f; n >>= 6; @@ -37429,12 +37429,12 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) } else if (++j < 21) { n = k[j]; - y |= (uint8_t)((n << (25 - o)) & 0x3f); + y |= (word8)((n << (25 - o)) & 0x3f); o -= 19; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_21_6[y]; v[i].neg = recode_neg_21_6[y]; carry = (y >> 6) + v[i].neg; @@ -38154,7 +38154,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -38182,7 +38182,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_521_tab32_21[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_521_tab32_21[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_521_num_bits_21(const sp_digit* a) @@ -44810,7 +44810,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -46182,13 +46182,13 @@ static void sp_1024_proj_point_add_sub_42(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_42_7[130] = { +static const word8 recode_index_42_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -46201,7 +46201,7 @@ static const uint8_t recode_index_42_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_42_7[130] = { +static const word8 recode_neg_42_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -46223,7 +46223,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -46232,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 25) { y &= 0x7f; n >>= 7; @@ -46246,12 +46246,12 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 42) { n = k[j]; - y |= (uint8_t)((n << (25 - o)) & 0x7f); + y |= (word8)((n << (25 - o)) & 0x7f); o -= 18; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_42_7[y]; v[i].neg = recode_neg_42_7[y]; carry = (y >> 7) + v[i].neg; @@ -46714,7 +46714,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -46742,7 +46742,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i>= 6; @@ -23377,12 +23377,12 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v) } else if (++j < 5) { n = k[j]; - y |= (uint8_t)((n << (52 - o)) & 0x3f); + y |= (word8)((n << (52 - o)) & 0x3f); o -= 46; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_5_6[y]; v[i].neg = recode_neg_5_6[y]; carry = (y >> 6) + v[i].neg; @@ -23942,7 +23942,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -23970,7 +23970,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_256_tab64_5[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_256_tab64_5[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_256_num_bits_5(const sp_digit* a) @@ -30257,13 +30257,13 @@ static void sp_384_proj_point_add_sub_7(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_7_6[66] = { +static const word8 recode_index_7_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -30272,7 +30272,7 @@ static const uint8_t recode_index_7_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_7_6[66] = { +static const word8 recode_neg_7_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -30290,7 +30290,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -30299,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 55) { y &= 0x3f; n >>= 6; @@ -30313,12 +30313,12 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) } else if (++j < 7) { n = k[j]; - y |= (uint8_t)((n << (55 - o)) & 0x3f); + y |= (word8)((n << (55 - o)) & 0x3f); o -= 49; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_7_6[y]; v[i].neg = recode_neg_7_6[y]; carry = (y >> 6) + v[i].neg; @@ -30898,7 +30898,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30926,7 +30926,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_384_tab64_7[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_384_tab64_7[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_384_num_bits_7(const sp_digit* a) @@ -37654,13 +37654,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -37669,7 +37669,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -37687,7 +37687,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -37696,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 58) { y &= 0x3f; n >>= 6; @@ -37710,12 +37710,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (58 - o)) & 0x3f); + y |= (word8)((n << (58 - o)) & 0x3f); o -= 52; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -38315,7 +38315,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -38343,7 +38343,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_521_tab64_9[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_521_tab64_9[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_521_num_bits_9(const sp_digit* a) @@ -44236,7 +44236,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -45525,13 +45525,13 @@ static void sp_1024_proj_point_add_sub_18(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_18_7[130] = { +static const word8 recode_index_18_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -45544,7 +45544,7 @@ static const uint8_t recode_index_18_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_18_7[130] = { +static const word8 recode_neg_18_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -45566,7 +45566,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -45575,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 57) { y &= 0x7f; n >>= 7; @@ -45589,12 +45589,12 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 18) { n = k[j]; - y |= (uint8_t)((n << (57 - o)) & 0x7f); + y |= (word8)((n << (57 - o)) & 0x7f); o -= 50; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_18_7[y]; v[i].neg = recode_neg_18_7[y]; carry = (y >> 7) + v[i].neg; @@ -46057,7 +46057,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -46085,7 +46085,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i>= 6; @@ -9430,12 +9430,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_4_6[y]; v[i].neg = recode_neg_4_6[y]; carry = (y >> 6) + v[i].neg; @@ -10976,7 +10976,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -11004,7 +11004,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i>= 7; @@ -12105,12 +12105,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_4_7[y]; v[i].neg = recode_neg_4_7[y]; carry = (y >> 7) + v[i].neg; @@ -28535,13 +28535,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_6_6[66] = { +static const word8 recode_index_6_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -28550,7 +28550,7 @@ static const uint8_t recode_index_6_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_6_6[66] = { +static const word8 recode_neg_6_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -28568,7 +28568,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -28577,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -28591,12 +28591,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_6_6[y]; v[i].neg = recode_neg_6_6[y]; carry = (y >> 6) + v[i].neg; @@ -30193,7 +30193,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30221,7 +30221,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i>= 7; @@ -31325,12 +31325,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_6_7[y]; v[i].neg = recode_neg_6_7[y]; carry = (y >> 7) + v[i].neg; @@ -53465,13 +53465,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -53480,7 +53480,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -53498,7 +53498,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -53507,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -53521,12 +53521,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -55100,7 +55100,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -55128,7 +55128,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i>= 7; @@ -56358,12 +56358,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_9_7[y]; v[i].neg = recode_neg_9_7[y]; carry = (y >> 7) + v[i].neg; @@ -93842,7 +93842,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -94751,13 +94751,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_16_7[130] = { +static const word8 recode_index_16_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -94770,7 +94770,7 @@ static const uint8_t recode_index_16_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_16_7[130] = { +static const word8 recode_neg_16_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -94792,7 +94792,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -94801,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -94815,12 +94815,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 16) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y += (word8)carry; v[i].i = recode_index_16_7[y]; v[i].neg = recode_neg_16_7[y]; carry = (y >> 7) + v[i].neg; @@ -96329,7 +96329,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -96357,7 +96357,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i Date: Tue, 29 Oct 2024 10:45:09 +1000 Subject: [PATCH 245/325] ASN template documentation: adding basics for decoding First draft of ASN template documentation that helps with writing parsing code. --- wolfcrypt/src/ASN_TEMPLATE.md | 162 ++++++++++++++++++++++++++++++++++ wolfcrypt/src/include.am | 3 +- 2 files changed, 164 insertions(+), 1 deletion(-) create mode 100644 wolfcrypt/src/ASN_TEMPLATE.md diff --git a/wolfcrypt/src/ASN_TEMPLATE.md b/wolfcrypt/src/ASN_TEMPLATE.md new file mode 100644 index 000000000..cce2176df --- /dev/null +++ b/wolfcrypt/src/ASN_TEMPLATE.md @@ -0,0 +1,162 @@ +# Writing an ASN Template + +## Template + +A template that describes the ASN.1 items that are expected is required. + +Each ASN.1 item should have a named index to make it easier to choose the item +when assigning variables or getting data. + +The number of items in the template is needed too. Use a define using sizeof to +allow for modification. + +```c +/* ASN template for . + * + */ +static const ASNItem