feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

linuxkm: fix line lengths throughout; in linuxkm/lkcapi_glue.c: fix/harmonize error catching, reporting, and error codes; further address peer review feedback.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-01-29 17:48:31 -06:00
parent 856c9a9a7f
commit 6261108d49
7 changed files with 494 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
linuxkm/linuxkm_wc_port.h
View File

@@ -65,8 +65,8 @@
(int)_xatoi_res; \ (int)_xatoi_res; \
}) })
/* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack objects, /* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack
* but gives adequate alignment with "32". * objects, but gives adequate alignment with "32".
*/ */
#if defined(CONFIG_X86) && !defined(ALIGN16) #if defined(CONFIG_X86) && !defined(ALIGN16)
#define ALIGN16 __attribute__ ( (aligned (32))) #define ALIGN16 __attribute__ ( (aligned (32)))
@@ -157,7 +157,9 @@
(sizeof(s) - 1) : strlen(s)) (sizeof(s) - 1) : strlen(s))
static inline void *my_memcpy(void *dest, const void *src, size_t n) { static inline void *my_memcpy(void *dest, const void *src, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) { if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
& (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t *src_longs = (uintptr_t *)src, uintptr_t *src_longs = (uintptr_t *)src,
*dest_longs = (uintptr_t *)dest, *dest_longs = (uintptr_t *)dest,
*endp = (uintptr_t *)((u8 *)src + n); *endp = (uintptr_t *)((u8 *)src + n);
@@ -176,13 +178,16 @@
#define memcpy my_memcpy #define memcpy my_memcpy
static inline void *my_memset(void *dest, int c, size_t n) { static inline void *my_memset(void *dest, int c, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) { if (! (((uintptr_t)dest | (uintptr_t)n)
& (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t c_long = __builtin_choose_expr( uintptr_t c_long = __builtin_choose_expr(
sizeof(uintptr_t) == 8, sizeof(uintptr_t) == 8,
(uintptr_t)(u8)c * 0x0101010101010101UL, (uintptr_t)(u8)c * 0x0101010101010101UL,
(uintptr_t)(u8)c * 0x01010101U (uintptr_t)(u8)c * 0x01010101U
); );
uintptr_t *dest_longs = (uintptr_t *)dest, *endp = (uintptr_t *)((u8 *)dest_longs + n); uintptr_t *dest_longs = (uintptr_t *)dest,
*endp = (uintptr_t *)((u8 *)dest_longs + n);
while (dest_longs < endp) while (dest_longs < endp)
*dest_longs++ = c_long; *dest_longs++ = c_long;
} else { } else {
@@ -196,8 +201,11 @@
#define memset my_memset #define memset my_memset
static inline void *my_memmove(void *dest, const void *src, size_t n) { static inline void *my_memmove(void *dest, const void *src, size_t n) {
if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n) & (uintptr_t)(sizeof(uintptr_t) - 1))) { if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
uintptr_t *src_longs = (uintptr_t *)src, *dest_longs = (uintptr_t *)dest; & (uintptr_t)(sizeof(uintptr_t) - 1)))
{
uintptr_t *src_longs = (uintptr_t *)src,
*dest_longs = (uintptr_t *)dest;
n >>= __builtin_choose_expr( n >>= __builtin_choose_expr(
sizeof(uintptr_t) == 8, sizeof(uintptr_t) == 8,
3U, 3U,
@@ -270,12 +278,26 @@
#include <crypto/internal/aead.h> #include <crypto/internal/aead.h>
#include <crypto/internal/skcipher.h> #include <crypto/internal/skcipher.h>
/* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
* loaded simultaneously, and the Linux in-tree implementations have two
* AES key structs in each context, one for each direction. in
* linuxkm/lkcapi_glue.c (used for CBC, CFB, and GCM), we do the same
* thing with "struct km_AesCtx". however, wolfCrypt struct AesXts
* already has two AES expanded keys, the main and tweak, and the tweak
* is always used in the encrypt direction regardless of the main
* direction. to avoid allocating and computing a duplicate second
* tweak encrypt key, we set
* WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
* Aes slot to wolfCrypt's struct AesXts, and activates support for
* AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
*/
#ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
#endif #endif
#endif #endif
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM) #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86 #ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set. #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif #endif
@@ -301,21 +323,35 @@
#endif #endif
#endif #endif
/* benchmarks.c uses floating point math, so needs a working SAVE_VECTOR_REGISTERS(). */ /* benchmarks.c uses floating point math, so needs a working
#if defined(WOLFSSL_LINUXKM_BENCHMARKS) && !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) * SAVE_VECTOR_REGISTERS().
*/
#if defined(WOLFSSL_LINUXKM_BENCHMARKS) && \
!defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif #endif
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
defined(CONFIG_X86)
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#include <asm/i387.h> #include <asm/i387.h>
#else #else
#include <asm/simd.h> #include <asm/simd.h>
#endif #endif
#ifndef SAVE_VECTOR_REGISTERS #ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } } #define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = save_vector_registers_x86(); \
if (_svr_ret != 0) { \
fail_clause \
} \
}
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#define SAVE_VECTOR_REGISTERS2() ({ int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); (_fuzzer_ret == 0) ? save_vector_registers_x86() : _fuzzer_ret; }) #define SAVE_VECTOR_REGISTERS2() ({ \
int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
(_fuzzer_ret == 0) ? \
save_vector_registers_x86() : \
_fuzzer_ret; \
})
#else #else
#define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86() #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
#endif #endif

641
linuxkm/lkcapi_glue.c
View File

File diff suppressed because it is too large Load Diff

13
linuxkm/module_hooks.c
View File

@@ -245,7 +245,8 @@ static int wolfssl_init(void)
return -ECANCELED; return -ECANCELED;
} }
pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup self-test succeeded.\n", pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup "
"self-test succeeded.\n",
#ifdef HAVE_FIPS_VERSION_MAJOR #ifdef HAVE_FIPS_VERSION_MAJOR
HAVE_FIPS_VERSION_MAJOR, HAVE_FIPS_VERSION_MAJOR,
#else #else
@@ -306,7 +307,8 @@ static int wolfssl_init(void)
} }
pr_info("wolfCrypt self-test passed.\n"); pr_info("wolfCrypt self-test passed.\n");
#else #else
pr_info("skipping full wolfcrypt_test() (configure with --enable-crypttests to enable).\n"); pr_info("skipping full wolfcrypt_test() "
"(configure with --enable-crypttests to enable).\n");
#endif #endif
#ifdef LINUXKM_LKCAPI_REGISTER #ifdef LINUXKM_LKCAPI_REGISTER
@@ -559,12 +561,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
/* runtime assert that the table has no null slots after initialization. */ /* runtime assert that the table has no null slots after initialization. */
{ {
unsigned long *i; unsigned long *i;
static_assert(sizeof(unsigned long) == sizeof(void *),
"unexpected pointer size");
for (i = (unsigned long *)&wolfssl_linuxkm_pie_redirect_table; for (i = (unsigned long *)&wolfssl_linuxkm_pie_redirect_table;
i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot; i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
++i) ++i)
if (*i == 0) { if (*i == 0) {
pr_err("wolfCrypt container redirect table initialization was incomplete [%lu].\n", pr_err("wolfCrypt container redirect table initialization was "
i - (unsigned long *)&wolfssl_linuxkm_pie_redirect_table); "incomplete [%lu].\n",
i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
return -EFAULT; return -EFAULT;
} }
} }

22
wolfcrypt/src/aes.c
View File

@@ -12321,18 +12321,25 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
return WC_KEY_SIZE_E; return WC_KEY_SIZE_E;
} }
#ifdef HAVE_FIPS_VERSION #ifdef HAVE_FIPS
if (XMEMCMP(key, key + keySz, keySz) == 0) { if (XMEMCMP(key, key + keySz, keySz) == 0) {
WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ"); WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#endif #endif
if ((dir == AES_ENCRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)) if ((dir == AES_ENCRYPTION)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)
#endif
)
{
ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_ENCRYPTION); ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_ENCRYPTION);
}
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
if ((ret == 0) && ((dir == AES_DECRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION))) if ((ret == 0) && ((dir == AES_DECRYPTION)
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)))
ret = wc_AesSetKey(&aes->aes_decrypt, key, keySz, NULL, AES_DECRYPTION); ret = wc_AesSetKey(&aes->aes_decrypt, key, keySz, NULL, AES_DECRYPTION);
#else #else
if (dir == AES_DECRYPTION) if (dir == AES_DECRYPTION)
@@ -12349,11 +12356,16 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
* conflicting _aesni status, but the AES-XTS asm implementations need * conflicting _aesni status, but the AES-XTS asm implementations need
* them to all be AESNI. If any aren't, disable AESNI on all. * them to all be AESNI. If any aren't, disable AESNI on all.
*/ */
if ((((dir == AES_ENCRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)) && if ((((dir == AES_ENCRYPTION)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)
#endif
) &&
(aes->aes.use_aesni != aes->tweak.use_aesni)) (aes->aes.use_aesni != aes->tweak.use_aesni))
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
|| ||
(((dir == AES_DECRYPTION) || (dir == AES_ENCRYPTION_AND_DECRYPTION)) && (((dir == AES_DECRYPTION)
|| (dir == AES_ENCRYPTION_AND_DECRYPTION)) &&
(aes->aes_decrypt.use_aesni != aes->tweak.use_aesni)) (aes->aes_decrypt.use_aesni != aes->tweak.use_aesni))
#endif #endif
) )

19
wolfcrypt/src/memory.c
View File

@@ -1560,25 +1560,18 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
*/ */
/* barrel-roll using the bottom 6 bits. */ /* barrel-roll using the bottom 6 bits. */
if (new_prn & 0x3f) if (new_prn & 0x3f)
new_prn = (new_prn << (new_prn & 0x3f)) | (new_prn >> (0x40 - (new_prn & 0x3f))); new_prn = (new_prn << (new_prn & 0x3f)) |
(new_prn >> (0x40 - (new_prn & 0x3f)));
prn = new_prn; prn = new_prn;
balance_bit = !balance_bit; balance_bit = !balance_bit;
if (balance_bit) { return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
if (prn & 1)
return IO_FAILED_E;
else
return 0;
} else {
if (prn & 1)
return 0;
else
return IO_FAILED_E;
}
} }
#endif /* DEBUG_VECTOR_REGISTER_ACCESS || DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */ #endif /* DEBUG_VECTOR_REGISTER_ACCESS ||
* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
*/
#ifdef WOLFSSL_LINUXKM #ifdef WOLFSSL_LINUXKM
#include "../../linuxkm/linuxkm_memory.c" #include "../../linuxkm/linuxkm_memory.c"

3
wolfcrypt/test/test.c
View File

@@ -9740,7 +9740,8 @@ static wc_test_ret_t aes_xts_128_test(void)
sizeof(i1)); sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
WC_ASYNC_FLAG_NONE);
#else #else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif #endif

2
wolfssl/wolfcrypt/aes.h
View File

@@ -179,7 +179,9 @@ enum {
AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */ AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */
AES_ENCRYPTION = 0, AES_ENCRYPTION = 0,
AES_DECRYPTION = 1, AES_DECRYPTION = 1,
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
AES_ENCRYPTION_AND_DECRYPTION = 2, AES_ENCRYPTION_AND_DECRYPTION = 2,
#endif
AES_BLOCK_SIZE = 16, AES_BLOCK_SIZE = 16,