From e452b744700ef1f962a3d253f81750d0e11d3251 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 18 Dec 2020 10:20:33 +1000 Subject: [PATCH 1/2] SP math all: enable 4096-bit support by default for x64 --- wolfssl/wolfcrypt/settings.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b0625757a..d7ae766de 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1219,6 +1219,8 @@ extern void uITRON4_free(void *p) ; #define USE_CERT_BUFFERS_4096 #undef FP_MAX_BITS #define FP_MAX_BITS (8192) + #undef SP_INT_BITS + #define SP_INT_BITS (4096) #undef NO_DH #define NO_DH @@ -1970,6 +1972,11 @@ extern void uITRON4_free(void *p) ; #error "FFDHE parameters are too large for FP_MAX_BIT as set" #endif #endif +#if defined(HAVE_FFDHE) && defined(SP_INT_BITS) + #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2 + #error "FFDHE parameters are too large for SP_INT_BIT as set" + #endif +#endif /* if desktop type system and fastmath increase default max bits */ #ifdef WOLFSSL_X86_64_BUILD @@ -1980,6 +1987,13 @@ extern void uITRON4_free(void *p) ; #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS #endif #endif + #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS) + #if MIN_FFDHE_FP_MAX_BITS <= 8192 + #define SP_INT_BITS 4096 + #else + #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2 + #endif + #endif #endif /* If using the max strength build, ensure OLD TLS is disabled. */ From 7f5a85ae85bd71977cd5fa948ad1bf36a905df15 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 18 Dec 2020 12:28:01 +1000 Subject: [PATCH 2/2] Reduce stack usage --- wolfcrypt/src/ecc.c | 115 ++++++++++++++++++++++++++++-------------- wolfcrypt/src/pkcs7.c | 48 +++++++++--------- wolfcrypt/test/test.c | 12 ++--- 3 files changed, 108 insertions(+), 67 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 90ed9b70a..0f6c7754c 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -9322,16 +9322,31 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, #ifdef WOLFSSL_SMALL_STACK unsigned char* kb = NULL; + mp_int* tk = NULL; + mp_int* order = NULL; #else unsigned char kb[KB_SIZE]; + mp_int tk[1]; + mp_int order[1]; #endif int x, err; unsigned y, z = 0, bitlen, bitpos, lut_gap; int first; - mp_int tk, order; - if (mp_init_multi(&tk, &order, NULL, NULL, NULL, NULL) != MP_OKAY) - return MP_INIT_E; +#ifdef WOLFSSL_SMALL_STACK + tk = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); + if (tk == NULL) { + err = MEMORY_E; goto done; + } + order = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); + if (order == NULL) { + err = MEMORY_E; goto done; + } +#endif + + if (mp_init_multi(tk, order, NULL, NULL, NULL, NULL) != MP_OKAY) { + err = MP_INIT_E; goto done; + } /* if it's smaller than modulus we fine */ if (mp_unsigned_bin_size(k) > mp_unsigned_bin_size(modulus)) { @@ -9344,23 +9359,23 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, + if ((err = mp_read_radix(order, ecc_sets[x].order, MP_RADIX_HEX)) != MP_OKAY) { goto done; } /* k must be less than modulus */ - if (mp_cmp(k, &order) != MP_LT) { - if ((err = mp_mod(k, &order, &tk)) != MP_OKAY) { + if (mp_cmp(k, order) != MP_LT) { + if ((err = mp_mod(k, order, tk)) != MP_OKAY) { goto done; } } else { - if ((err = mp_copy(k, &tk)) != MP_OKAY) { + if ((err = mp_copy(k, tk)) != MP_OKAY) { goto done; } } } else { - if ((err = mp_copy(k, &tk)) != MP_OKAY) { + if ((err = mp_copy(k, tk)) != MP_OKAY) { goto done; } } @@ -9374,7 +9389,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, lut_gap = bitlen / FP_LUT; /* get the k value */ - if (mp_unsigned_bin_size(&tk) > (int)(KB_SIZE - 2)) { + if (mp_unsigned_bin_size(tk) > (int)(KB_SIZE - 2)) { err = BUFFER_E; goto done; } @@ -9387,10 +9402,10 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, #endif XMEMSET(kb, 0, KB_SIZE); - if ((err = mp_to_unsigned_bin(&tk, kb)) == MP_OKAY) { + if ((err = mp_to_unsigned_bin(tk, kb)) == MP_OKAY) { /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(&tk); + y = mp_unsigned_bin_size(tk); if (y > 0) { y -= 1; } @@ -9452,11 +9467,13 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, done: /* cleanup */ - mp_clear(&order); - mp_clear(&tk); + mp_clear(order); + mp_clear(tk); #ifdef WOLFSSL_SMALL_STACK XFREE(kb, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(order, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(tk, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #undef KB_SIZE @@ -9477,16 +9494,37 @@ static int accel_fp_mul2add(int idx1, int idx2, #ifdef WOLFSSL_SMALL_STACK unsigned char* kb[2] = {NULL, NULL}; + mp_int* tka = NULL; + mp_int* tkb = NULL; + mp_int* order = NULL; #else unsigned char kb[2][KB_SIZE]; + mp_int tka[1]; + mp_int tkb[1]; + mp_int order[1]; #endif int x, err; unsigned y, z, bitlen, bitpos, lut_gap, zA, zB; int first; - mp_int tka, tkb, order; - if (mp_init_multi(&tka, &tkb, &order, NULL, NULL, NULL) != MP_OKAY) - return MP_INIT_E; +#ifdef WOLFSSL_SMALL_STACK + tka = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); + if (tka == NULL) { + err = MEMORY_E; goto done; + } + tkb = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); + if (tkb == NULL) { + err = MEMORY_E; goto done; + } + order = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); + if (order == NULL) { + err = MEMORY_E; goto done; + } +#endif + + if (mp_init_multi(tka, tkb, order, NULL, NULL, NULL) != MP_OKAY) { + err = MP_INIT_E; goto done; + } /* if it's smaller than modulus we fine */ if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) { @@ -9499,23 +9537,23 @@ static int accel_fp_mul2add(int idx1, int idx2, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, + if ((err = mp_read_radix(order, ecc_sets[x].order, MP_RADIX_HEX)) != MP_OKAY) { goto done; } /* kA must be less than modulus */ - if (mp_cmp(kA, &order) != MP_LT) { - if ((err = mp_mod(kA, &order, &tka)) != MP_OKAY) { + if (mp_cmp(kA, order) != MP_LT) { + if ((err = mp_mod(kA, order, tka)) != MP_OKAY) { goto done; } } else { - if ((err = mp_copy(kA, &tka)) != MP_OKAY) { + if ((err = mp_copy(kA, tka)) != MP_OKAY) { goto done; } } } else { - if ((err = mp_copy(kA, &tka)) != MP_OKAY) { + if ((err = mp_copy(kA, tka)) != MP_OKAY) { goto done; } } @@ -9531,23 +9569,23 @@ static int accel_fp_mul2add(int idx1, int idx2, /* back off if we are on the 521 bit curve */ if (y == 66) --x; - if ((err = mp_read_radix(&order, ecc_sets[x].order, + if ((err = mp_read_radix(order, ecc_sets[x].order, MP_RADIX_HEX)) != MP_OKAY) { goto done; } /* kB must be less than modulus */ - if (mp_cmp(kB, &order) != MP_LT) { - if ((err = mp_mod(kB, &order, &tkb)) != MP_OKAY) { + if (mp_cmp(kB, order) != MP_LT) { + if ((err = mp_mod(kB, order, tkb)) != MP_OKAY) { goto done; } } else { - if ((err = mp_copy(kB, &tkb)) != MP_OKAY) { + if ((err = mp_copy(kB, tkb)) != MP_OKAY) { goto done; } } } else { - if ((err = mp_copy(kB, &tkb)) != MP_OKAY) { + if ((err = mp_copy(kB, tkb)) != MP_OKAY) { goto done; } } @@ -9561,8 +9599,8 @@ static int accel_fp_mul2add(int idx1, int idx2, lut_gap = bitlen / FP_LUT; /* get the k value */ - if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) || - (mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2)) ) { + if ((mp_unsigned_bin_size(tka) > (int)(KB_SIZE - 2)) || + (mp_unsigned_bin_size(tkb) > (int)(KB_SIZE - 2)) ) { err = BUFFER_E; goto done; } @@ -9575,17 +9613,17 @@ static int accel_fp_mul2add(int idx1, int idx2, #endif XMEMSET(kb[0], 0, KB_SIZE); - if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) { + if ((err = mp_to_unsigned_bin(tka, kb[0])) != MP_OKAY) { goto done; } /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(&tka); + y = mp_unsigned_bin_size(tka); if (y > 0) { y -= 1; } - mp_clear(&tka); + mp_clear(tka); while ((unsigned)x < y) { z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = (byte)z; ++x; --y; @@ -9600,9 +9638,9 @@ static int accel_fp_mul2add(int idx1, int idx2, #endif XMEMSET(kb[1], 0, KB_SIZE); - if ((err = mp_to_unsigned_bin(&tkb, kb[1])) == MP_OKAY) { + if ((err = mp_to_unsigned_bin(tkb, kb[1])) == MP_OKAY) { x = 0; - y = mp_unsigned_bin_size(&tkb); + y = mp_unsigned_bin_size(tkb); if (y > 0) { y -= 1; } @@ -9681,9 +9719,9 @@ static int accel_fp_mul2add(int idx1, int idx2, done: /* cleanup */ - mp_clear(&tkb); - mp_clear(&tka); - mp_clear(&order); + mp_clear(tkb); + mp_clear(tka); + mp_clear(order); #ifdef WOLFSSL_SMALL_STACK if (kb[0]) @@ -9695,8 +9733,11 @@ done: ForceZero(kb[1], KB_SIZE); #ifdef WOLFSSL_SMALL_STACK - XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER); XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(order, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(tkb, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(tka, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #undef KB_SIZE diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7dbd4aace..83c2731a9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -509,38 +509,38 @@ static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState) static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) { /* PKCS#7 content types, RFC 2315, section 14 */ - const byte pkcs7[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07 }; - const byte data[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x01 }; - const byte signedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x02}; - const byte envelopedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x03 }; - const byte authEnvelopedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x10, 0x01, 0x17}; - const byte signedAndEnveloped[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x04 }; - const byte digestedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x05 }; + static const byte pkcs7[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07 }; + static const byte data[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; + static const byte signedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02}; + static const byte envelopedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 }; + static const byte authEnvelopedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x01, 0x17}; + static const byte signedAndEnveloped[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 }; + static const byte digestedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 }; #ifndef NO_PKCS7_ENCRYPTED_DATA - const byte encryptedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x07, 0x06 }; + static const byte encryptedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 }; #endif /* FirmwarePkgData (1.2.840.113549.1.9.16.1.16), RFC 4108 */ - const byte firmwarePkgData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x01, 0x10 }; + static const byte firmwarePkgData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x01, 0x10 }; #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) /* id-ct-compressedData (1.2.840.113549.1.9.16.1.9), RFC 3274 */ - const byte compressedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x01, 0x09 }; + static const byte compressedData[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x01, 0x09 }; #endif #if !defined(NO_PWDBASED) && !defined(NO_SHA) - const byte pwriKek[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x03, 0x09 }; - const byte pbkdf2[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x05, 0x0C }; + static const byte pwriKek[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x03, 0x09 }; + static const byte pbkdf2[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C }; #endif int idSz, idx = 0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bf73dd3a7..eae11bbcd 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -26637,7 +26637,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, /* looking for KEY ID * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37 */ - const unsigned char OID[] = { + static const unsigned char OID[] = { /* 0x06, 0x0B do not pass in tag and length */ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x10, 0x02, 0x25 @@ -28830,7 +28830,7 @@ static int pkcs7signed_run_vectors( static byte messageType[] = { 0x13, 2, '1', '9' }; static byte senderNonce[PKCS7_NONCE_SZ + 2]; - PKCS7Attrib attribs[] = + static PKCS7Attrib attribs[] = { { transIdOid, sizeof(transIdOid), transId, sizeof(transId) - 1 }, /* take off the null */ @@ -28841,9 +28841,9 @@ static int pkcs7signed_run_vectors( }; /* for testing custom contentType, FirmwarePkgData */ - byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x01, 0x10 }; + static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x01, 0x10 }; const pkcs7SignedVector testVectors[] = { @@ -29317,7 +29317,7 @@ static int pkcs7signed_run_SingleShotVectors( }; #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - byte aes256Key[] = { + static byte aes256Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,