From 6728a18d7c6dc97c0872f4393c538a6ee7b9c5c2 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 8 Apr 2015 10:14:45 +0900 Subject: [PATCH 1/2] cpuflag ADX for Intel MULX in asm.c, BMI2 in sha256/512.c --- wolfcrypt/src/asm.c | 7 +++++-- wolfcrypt/src/sha256.c | 5 ++++- wolfcrypt/src/sha512.c | 7 +++++-- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index 08dc21d16..9f8458588 100755 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -65,11 +65,13 @@ #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 -#define CPUID_BMI2 0x10 +#define CPUID_BMI2 0x10 /* MULX, RORX */ +#define CPUID_ADX 0x20 /* ADCX, ADOX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) #define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) +#define IS_INTEL_ADX (cpuid_flags&CPUID_ADX) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) #define SET_FLAGS @@ -98,6 +100,7 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { INLINE static int set_cpuid_flags(void) { if(cpuid_check == 0) { if(cpuid_flag(7, 0, EBX, 8)){ cpuid_flags |= CPUID_BMI2 ; } + if(cpuid_flag(7, 0, EBX,19)){ cpuid_flags |= CPUID_ADX ; } cpuid_check = 1 ; return 0 ; } @@ -107,7 +110,7 @@ INLINE static int set_cpuid_flags(void) { #define RETURN return #define IF_HAVE_INTEL_MULX(func, ret) \ if(cpuid_check==0)set_cpuid_flags() ; \ - if(IS_INTEL_BMI2){ func; ret ; } + if(IS_INTEL_BMI2 && IS_INTEL_ADX){ func; ret ; } #else #define IF_HAVE_INTEL_MULX(func, ret) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 9993dcc88..6ab516347 100755 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -176,9 +176,11 @@ int InitSha256(Sha256* sha256) { #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 +#define CPUID_BMI2 0x10 /* MULX, RORX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) +#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) @@ -207,6 +209,7 @@ static int set_cpuid_flags(void) { if(cpuid_check==0) { if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;} if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; } + if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; } if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; } cpuid_check = 1 ; @@ -235,7 +238,7 @@ static void set_Transform(void) { if(set_cpuid_flags())return ; #if defined(HAVE_INTEL_AVX2) - if(IS_INTEL_AVX2){ + if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ Transform_p = Transform_AVX1_RORX; return ; Transform_p = Transform_AVX2 ; /* for avoiding warning,"not used" */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index f77c8a2cf..62457f891 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -208,9 +208,11 @@ int InitSha512(Sha512* sha512) { #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 +#define CPUID_BMI2 0x10 /* MULX, RORX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) +#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) @@ -242,6 +244,7 @@ static int set_cpuid_flags(int sha) { if((cpuid_check & sha) ==0) { if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;} if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; } + if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; } if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; } cpuid_check |= sha ; @@ -276,7 +279,7 @@ static void set_Transform(void) { if(set_cpuid_flags(CHECK_SHA512)) return ; #if defined(HAVE_INTEL_AVX2) - if(IS_INTEL_AVX2){ + if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ Transform_p = Transform_AVX1_RORX; return ; Transform_p = Transform_AVX2 ; /* for avoiding warning,"not used" */ @@ -1352,7 +1355,7 @@ static void set_Transform384(void) { Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ; #elif defined(HAVE_INTEL_AVX2) #if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_RORX) - if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX1_RORX ; return ; } + if(IS_INTEL_AVX2 && IS_INTEL_BMI2) { Transform384_p = Transform384_AVX1_RORX ; return ; } #endif if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX2 ; return ; } #if defined(HAVE_INTEL_AVX1) From 079c9908a39797dc5e484d651dbe7beff5ae2ecf Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 8 Apr 2015 11:09:57 +0900 Subject: [PATCH 2/2] Merged with 3.4.8 --- .../wolfssl-FIPS.xcodeproj/project.pbxproj | 12 +- src/internal.c | 194 +++++++++++++----- wolfcrypt/src/asn.c | 5 +- 3 files changed, 153 insertions(+), 58 deletions(-) diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj index 1f14345f9..06011aecd 100644 --- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj @@ -865,7 +865,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 6.1; + IPHONEOS_DEPLOYMENT_TARGET = 8.1; ONLY_ACTIVE_ARCH = YES; SDKROOT = iphoneos; USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include"; @@ -888,7 +888,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 6.1; + IPHONEOS_DEPLOYMENT_TARGET = 8.1; SDKROOT = iphoneos; USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include"; VALIDATE_PRODUCT = NO; @@ -911,6 +911,10 @@ HAVE_AESGCM, WOLFSSL_SHA512, WOLFSSL_SHA384, + NO_MD4, + NO_HC128, + NO_RABBIT, + NO_DSA, NO_PWDBASED, ); HEADER_SEARCH_PATHS = ( @@ -942,6 +946,10 @@ HAVE_AESGCM, WOLFSSL_SHA512, WOLFSSL_SHA384, + NO_MD4, + NO_HC128, + NO_RABBIT, + NO_DSA, NO_PWDBASED, ); HEADER_SEARCH_PATHS = ( diff --git a/src/internal.c b/src/internal.c index 39e3beb90..ab13a56a5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9977,6 +9977,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl, byte sigAlgo = ssl->specs.sig_algo; word16 verifySz = (word16) (*inOutIdx - begin); +#ifndef NO_OLD_TLS + byte doMd5 = 0; + byte doSha = 0; +#endif +#ifndef NO_SHA256 + byte doSha256 = 0; +#endif +#ifdef WOLFSSL_SHA384 + byte doSha384 = 0; +#endif +#ifdef WOLFSSL_SHA512 + byte doSha512 = 0; +#endif + (void)hash; (void)sigAlgo; (void)hashAlgo; @@ -9995,11 +10009,60 @@ static void PickHashSigAlgo(WOLFSSL* ssl, XMEMCPY(messageVerify, input + begin, verifySz); if (IsAtLeastTLSv1_2(ssl)) { + byte setHash = 0; if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) ERROR_OUT(BUFFER_ERROR, done); hashAlgo = input[(*inOutIdx)++]; sigAlgo = input[(*inOutIdx)++]; + + switch (hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + doSha512 = 1; + setHash = 1; + #endif + break; + + case sha384_mac: + #ifdef WOLFSSL_SHA384 + doSha384 = 1; + setHash = 1; + #endif + break; + + case sha256_mac: + #ifndef NO_SHA256 + doSha256 = 1; + setHash = 1; + #endif + break; + + case sha_mac: + #ifndef NO_OLD_TLS + doSha = 1; + setHash = 1; + #endif + break; + + default: + ERROR_OUT(ALGO_ID_E, done); + } + + if (setHash == 0) { + ERROR_OUT(ALGO_ID_E, done); + } + + } else { + /* only using sha and md5 for rsa */ + #ifndef NO_OLD_TLS + doSha = 1; + if (sigAlgo == rsa_sa_algo) { + doMd5 = 1; + } + #else + ERROR_OUT(ALGO_ID_E, done); + #endif } /* signature */ @@ -10024,83 +10087,104 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifndef NO_OLD_TLS /* md5 */ #ifdef WOLFSSL_SMALL_STACK - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) - ERROR_OUT(MEMORY_E, done); + if (doMd5) { + md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (md5 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - wc_InitMd5(md5); - wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); - wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); - wc_Md5Update(md5, messageVerify, verifySz); - wc_Md5Final(md5, hash); - + if (doMd5) { + wc_InitMd5(md5); + wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); + wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); + wc_Md5Update(md5, messageVerify, verifySz); + wc_Md5Final(md5, hash); + } /* sha */ #ifdef WOLFSSL_SMALL_STACK - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) - ERROR_OUT(MEMORY_E, done); + if (doSha) { + sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - ret = wc_InitSha(sha); - if (ret != 0) - goto done; - wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); - wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); - wc_ShaUpdate(sha, messageVerify, verifySz); - wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE); + if (doSha) { + ret = wc_InitSha(sha); + if (ret != 0) goto done; + wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); + wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); + wc_ShaUpdate(sha, messageVerify, verifySz); + wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE); + } #endif #ifndef NO_SHA256 #ifdef WOLFSSL_SMALL_STACK - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, + if (doSha256) { + sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, + hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha256 == NULL || hash256 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha256(sha256)) - && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) - ret = wc_Sha256Final(sha256, hash256); - if (ret != 0) - goto done; + if (doSha256) { + if (!(ret = wc_InitSha256(sha256)) + && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) + ret = wc_Sha256Final(sha256, hash256); + if (ret != 0) goto done; + } #endif #ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SMALL_STACK - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, + if (doSha384) { + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, + hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha384 == NULL || hash384 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha384(sha384)) - && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) - ret = wc_Sha384Final(sha384, hash384); - if (ret != 0) - goto done; + if (doSha384) { + if (!(ret = wc_InitSha384(sha384)) + && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) + ret = wc_Sha384Final(sha384, hash384); + if (ret != 0) goto done; + } #endif #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SMALL_STACK - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, + if (doSha512) { + sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, + hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha512 == NULL || hash512 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha512(sha512)) - && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) - ret = wc_Sha512Final(sha512, hash512); - if (ret != 0) - goto done; + if (doSha512) { + if (!(ret = wc_InitSha512(sha512)) + && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) + ret = wc_Sha512Final(sha512, hash512); + if (ret != 0) goto done; + } #endif #ifndef NO_RSA @@ -10186,8 +10270,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ERROR_OUT(MEMORY_E, done); #endif - encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH); - + if (digest == NULL) + ERROR_OUT(ALGO_ID_E, done); + encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, + typeH); if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig, min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) ret = VERIFY_SIGN_ERROR; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 399753ab3..634623bee 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2931,12 +2931,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) } -word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) +word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, + int hashOID) { byte digArray[MAX_ENCODED_DIG_SZ]; byte algoArray[MAX_ALGO_SZ]; byte seqArray[MAX_SEQ_SZ]; - word32 encDigSz, algoSz, seqSz; + word32 encDigSz, algoSz, seqSz; encDigSz = SetDigest(digest, digSz, digArray); algoSz = SetAlgoID(hashOID, algoArray, hashType, 0);