From 16d55b0b862544dc0e03bab780707cf2c470d089 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 10 Mar 2021 16:33:17 -0700 Subject: [PATCH 1/3] _WIN32_WCE port of wolfCrypt - OE12 Add user_settings.h for OE12 Restrict LPCWSTR typecast to be WINCE specific --- IDE/WINCE/include.am | 5 + IDE/WINCE/user_settings.h | 340 ++++++++++++++++++++++++++++++++ IDE/include.am | 1 + wolfcrypt/benchmark/benchmark.c | 11 +- wolfcrypt/src/wc_port.c | 4 + wolfcrypt/test/test.c | 7 +- wolfssl/wolfcrypt/sp.h | 12 +- wolfssl/wolfcrypt/types.h | 4 + wolfssl/wolfcrypt/visibility.h | 6 +- wolfssl/wolfcrypt/wc_port.h | 37 ++++ 10 files changed, 415 insertions(+), 12 deletions(-) create mode 100644 IDE/WINCE/include.am create mode 100644 IDE/WINCE/user_settings.h diff --git a/IDE/WINCE/include.am b/IDE/WINCE/include.am new file mode 100644 index 000000000..052fdce8a --- /dev/null +++ b/IDE/WINCE/include.am @@ -0,0 +1,5 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/WINCE/user_settings.h diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h new file mode 100644 index 000000000..00bca2fc2 --- /dev/null +++ b/IDE/WINCE/user_settings.h @@ -0,0 +1,340 @@ +#ifndef _WIN_USER_SETTINGS_H_ +#define _WIN_USER_SETTINGS_H_ + +/* For FIPS Ready, uncomment the following: */ +/* #define WOLFSSL_FIPS_READY */ +#ifdef WOLFSSL_FIPS_READY + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 3 +#endif + + +/* Verify this is Windows */ +#ifndef _WIN32 +#error This user_settings.h header is only designed for Windows +#endif + +/* Configurations */ +#define WOLFCRYPT_ONLY + +#undef USE_FAST_MATH +#if 1 + #define USE_FAST_MATH + + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + /* Optimizations */ + //#define TFM_ARM +#endif + +/* Wolf Single Precision Math */ +#undef WOLFSSL_SP +#if 0 + #define WOLFSSL_SP + //#define WOLFSSL_SP_SMALL /* use smaller version of code */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + //#define WOLFSSL_SP_CACHE_RESISTANT + //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ + + /* SP Assembly Speedups */ + //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ + //#define WOLFSSL_SP_ARM32_ASM + //#define WOLFSSL_SP_ARM64_ASM + //#define WOLFSSL_SP_ARM_THUMB_ASM + //#define WOLFSSL_SP_ARM_CORTEX_M_ASM +#endif + +/* ------------------------------------------------------------------------- */ +/* FIPS - Requires eval or license from wolfSSL */ +/* ------------------------------------------------------------------------- */ +#undef HAVE_FIPS +#if 1 + #define HAVE_FIPS + + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 2 + + #ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS + #else + #ifndef USE_WINDOWS_API + #define USE_WINDOWS_API + #endif + #endif + + #undef NO_ATTRIBUTE_CONSTRUCTOR + //#define NO_ATTRIBUTE_CONSTRUCTOR + +#endif + + +/* FIPS */ +//#define OPENSSL_EXTRA +//#define HAVE_THREAD_LS +#define WOLFSSL_KEY_GEN +#define HAVE_AESGCM +#define HAVE_HASHDRBG +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define NO_PSK +#define NO_HC128 +#define NO_RC4 +#define NO_RABBIT +//#define NO_DSA +#define NO_MD4 + +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #define WOLFSSL_SHA224 + #define WOLFSSL_SHA3 + /* ------------------------------------------------------------------------- */ + /* Crypto */ + /* ------------------------------------------------------------------------- */ + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + /* RSA */ + #undef NO_RSA + #if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #if 0 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif + + /* RSA PSS Support */ + #if 1 + #define WC_RSA_PSS + #endif + + #if 1 + #define WC_RSA_NO_PADDING + #endif + #else + #define NO_RSA + #endif + /* ECC */ + #undef HAVE_ECC + #if 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES + + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ + + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + #endif + + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY + + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) + #endif + + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 + #endif + #endif + #endif + + /* AES */ + #undef NO_AES + #if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + //#define GCM_SMALL + //#define GCM_WORD32 + #define GCM_TABLE + + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + + #undef HAVE_AES_ECB + #define HAVE_AES_ECB + + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER + + #undef HAVE_AESCCM + #define HAVE_AESCCM + + #else + #define NO_AES + #endif + + + /* DES3 */ + #undef NO_DES3 + #if 1 + #else + #define NO_DES3 + #endif + + /* ------------------------------------------------------------------------- */ + /* Hashing */ + /* ------------------------------------------------------------------------- */ + /* Sha */ + #undef NO_SHA + #if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA + #else + #define NO_SHA + #endif + + /* Sha256 */ + #undef NO_SHA256 + #if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + /* Sha224 */ + #if 1 + #define WOLFSSL_SHA224 + #endif + #else + #define NO_SHA256 + #endif + + /* Sha512 */ + #undef WOLFSSL_SHA512 + #if 1 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif + + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + #endif + + /* Sha3 */ + #undef WOLFSSL_SHA3 + #if 1 + #define WOLFSSL_SHA3 + #endif + + /* MD5 */ + #undef NO_MD5 + #if 1 + + #else + #define NO_MD5 + #endif + + /* HKDF */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #endif + + /* CMAC */ + #undef WOLFSSL_CMAC + #if 1 + #define WOLFSSL_CMAC + #endif + + /* DH */ + #undef NO_DH + #if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 0 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif + + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif + #else + #define NO_DH + #endif + //#define WOLFSSL_AESNI + //#define HAVE_INTEL_RDSEED + //#define FORCE_FAILURE_RDSEED + //#define HAVE_FORCE_FIPS_FAILURE +#endif /* FIPS v2 */ + +//#define DEBUG_WOLFSSL +#define NO_MAIN_DRIVER +//#define CAVP_VECTOR_TESTING +#endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/IDE/include.am b/IDE/include.am index e45a90820..c11e6e3a8 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -37,6 +37,7 @@ include IDE/RISCV/include.am include IDE/XilinxSDK/include.am include IDE/VisualDSP/include.am include IDE/QNX/include.am +include IDE/WINCE/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr EXTRA_DIST+= IDE/OPENSTM32/README.md diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 3689e7726..e6cd032d0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4573,18 +4573,21 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], #ifndef WOLFSSL_RSA_VERIFY_ONLY DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); #endif - #if !defined(WOLFSSL_MDK5_COMPLv5) + #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else + int idxenc; + int inner_idx_enc; byte* enc[BENCH_MAX_PENDING]; #endif #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - #if !defined(WOLFSSL_MDK5_COMPLv5) + #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxout; + int idxout; + int inner_idx_out; byte* out[BENCH_MAX_PENDING]; #endif #else @@ -6383,7 +6386,7 @@ static int string_matches(const char* arg, const char* str) } #endif /* MAIN_NO_ARGS */ -#ifdef WOLFSSL_ESPIDF +#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE) int wolf_benchmark_task( ) #elif defined(MAIN_NO_ARGS) int main() diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index bf02950ca..0d2c85736 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -441,7 +441,11 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); + #ifdef _WIN32_WCE + ctx->hFind = FindFirstFileA((LPCWSTR) ctx->name, &ctx->FindFileData); + #else ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData); + #endif if (ctx->hFind == INVALID_HANDLE_VALUE) { WOLFSSL_MSG("FindFirstFile for path verify locations failed"); return BAD_PATH_ERROR; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 44359cbc3..3e9e90050 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #ifdef HAVE_CONFIG_H #include #endif @@ -11725,6 +11724,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #elif defined(WOLFSSL_uTKERNEL2) #define CERT_PREFIX "/uda/" #define CERT_PATH_SEP "/" +#elif defined(_WIN32_WCE) + #define CERT_PREFIX "\\windows\\" + #define CERT_PATH_SEP "\\" #endif #ifndef CERT_PREFIX @@ -13566,8 +13568,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void) #elif !defined(NO_FILESYSTEM) file = XFOPEN(clientKey, "rb"); if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); + err_sys("can't open clientKey, Please run from wolfSSL home dir", -40); ERROR_OUT(-7801, exit_rsa_nopadding); } diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index f26486b47..2fda7e796 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -27,9 +27,15 @@ #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) - -#ifndef WOLFSSL_LINUXKM -#include +#ifdef _WIN32_WCE + typedef __int8 int8_t; + typedef __int32 int32_t; + typedef __int64 int64_t; + typedef unsigned __int8 uint8_t; + typedef unsigned __int32 uint32_t; + typedef unsigned __int64 uint64_t; +#elif !defined(WOLFSSL_LINUXKM) + #include #endif #include diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 7062e79cf..78646281c 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -597,7 +597,11 @@ decouple library dependencies with standard string, memory and so on. if ((int)bufsize <= 0) return -1; va_start(ap, format); + #ifndef _WIN32_WCE ret = vsnprintf(buffer, bufsize, format, ap); + #else + ret = _vsnprintf(buffer, bufsize, format, ap); + #endif if (ret >= (int)bufsize) ret = -1; va_end(ap); diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 8ed57fb95..8d6bc804a 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -43,7 +43,8 @@ */ #if defined(BUILDING_WOLFSSL) - #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + defined(_WIN32_WCE) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllexport) #else @@ -61,7 +62,8 @@ #define WOLFSSL_LOCAL #endif /* HAVE_VISIBILITY */ #else /* BUILDING_WOLFSSL */ - #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + defined(_WIN32_WCE) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllimport) #else diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7e09ae386..18d4ce85a 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -616,6 +616,21 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END 0 #define XBADFILE NULL #define XFGETS(b,s,f) f_gets((b), (s), (f)) +#elif defined (_WIN32_WCE) + /* stdio, WINCE case */ + #include + #define XFILE FILE* + #define XFOPEN fopen + #define XFDOPEN fdopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND(F) XFSEEK(F, 0, SEEK_SET) + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END SEEK_END + #define XBADFILE NULL + #define XFGETS fgets #elif defined(FUSION_RTOS) #include @@ -863,9 +878,31 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(_WIN32_WCE) #include + #include /* For file system */ + + time_t windows_time(time_t* timer); + + #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d) + #define FindFirstFileA(fn, d) FindFirstFile(fn, (LPWIN32_FIND_DATAW) d) #define XTIME(t1) windows_time((t1)) #define WOLFSSL_GMTIME + /* if struct tm is not defined in WINCE SDK */ + #ifndef _TM_DEFINED + struct tm { + int tm_sec; /* seconds */ + int tm_min; /* minutes */ + int tm_hour; /* hours */ + int tm_mday; /* day of month (month specific) */ + int tm_mon; /* month */ + int tm_year; /* year */ + int tm_wday; /* day of week (out of 1-7)*/ + int tm_yday; /* day of year (out of 365) */ + int tm_isdst; /* is it daylight savings */ + }; + #define _TM_DEFINED + #endif + #elif defined(WOLFSSL_APACHE_MYNEWT) #include "os/os_time.h" #define XTIME(t1) mynewt_time((t1)) From 1d5d946273067c3cc3b015dd4df823e2b11bdd59 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 11 Mar 2021 06:39:39 -0700 Subject: [PATCH 2/3] Cleanup user_settings.h --- IDE/WINCE/user_settings.h | 405 +++++++++++++++++++------------------- 1 file changed, 199 insertions(+), 206 deletions(-) diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h index 00bca2fc2..604aba93e 100644 --- a/IDE/WINCE/user_settings.h +++ b/IDE/WINCE/user_settings.h @@ -61,9 +61,9 @@ #undef NO_THREAD_LS #define NO_THREAD_LS #else - #ifndef USE_WINDOWS_API - #define USE_WINDOWS_API - #endif + #ifndef USE_WINDOWS_API + #define USE_WINDOWS_API + #endif #endif #undef NO_ATTRIBUTE_CONSTRUCTOR @@ -88,253 +88,246 @@ #define NO_MD4 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - #define WOLFSSL_SHA224 - #define WOLFSSL_SHA3 - /* ------------------------------------------------------------------------- */ - /* Crypto */ - /* ------------------------------------------------------------------------- */ + /* ------------------------------------------------------------------------- */ + /* Crypto */ + /* ------------------------------------------------------------------------- */ #define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_256 - /* RSA */ - #undef NO_RSA - #if 1 - #ifdef USE_FAST_MATH - /* Maximum math bits (Max RSA key bits * 2) */ - #undef FP_MAX_BITS - #define FP_MAX_BITS 8192 - #endif + /* RSA */ + #undef NO_RSA + #if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif - /* half as much memory but twice as slow */ - #undef RSA_LOW_MEM - //#define RSA_LOW_MEM + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM - /* Enables blinding mode, to prevent timing attacks */ - #if 0 - #undef WC_RSA_BLINDING - #define WC_RSA_BLINDING - #else - #undef WC_NO_HARDEN - #define WC_NO_HARDEN - #endif + /* Enables blinding mode, to prevent timing attacks */ + #if 0 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif - /* RSA PSS Support */ - #if 1 - #define WC_RSA_PSS - #endif + /* RSA PSS Support */ + #if 1 + #define WC_RSA_PSS + #endif - #if 1 - #define WC_RSA_NO_PADDING - #endif - #else - #define NO_RSA - #endif - /* ECC */ - #undef HAVE_ECC - #if 1 - #define HAVE_ECC + #if 1 + #define WC_RSA_NO_PADDING + #endif + #else + #define NO_RSA + #endif + /* ECC */ + #undef HAVE_ECC + #if 1 + #define HAVE_ECC - /* Manually define enabled curves */ - #undef ECC_USER_CURVES - //#define ECC_USER_CURVES + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES - #ifdef ECC_USER_CURVES - /* Manual Curve Selection */ - //#define HAVE_ECC192 - //#define HAVE_ECC224 - #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 - #endif + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif - /* Fixed point cache (speeds repeated operations against same private key) */ - #undef FP_ECC - //#define FP_ECC - #ifdef FP_ECC - /* Bits / Entries */ - #undef FP_ENTRIES - #define FP_ENTRIES 2 - #undef FP_LUT - #define FP_LUT 4 - #endif + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif - /* Optional ECC calculation method */ - /* Note: doubles heap usage, but slightly faster */ - #undef ECC_SHAMIR - #define ECC_SHAMIR + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR - /* Reduces heap usage, but slower */ - #undef ECC_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT - #ifdef HAVE_FIPS - #undef HAVE_ECC_CDH - #define HAVE_ECC_CDH /* Enable cofactor support */ + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ - #undef NO_STRICT_ECDSA_LEN - #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ - #undef WOLFSSL_VALIDATE_ECC_IMPORT - #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ - #endif + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + #endif - /* Compressed Key Support */ - #undef HAVE_COMP_KEY - //#define HAVE_COMP_KEY + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY - /* Use alternate ECC size for ECC math */ - #ifdef USE_FAST_MATH - /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ - #ifdef NO_RSA - /* Custom fastmath size if not using RSA */ - #undef FP_MAX_BITS - #define FP_MAX_BITS (256 * 2) - #else - #undef ALT_ECC_SIZE - #define ALT_ECC_SIZE - /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ - //#undef FP_MAX_BITS_ECC - //#define FP_MAX_BITS_ECC (256 * 2) - #endif + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) + #endif - /* Speedups specific to curve */ - #ifndef NO_ECC256 - #undef TFM_ECC256 - #define TFM_ECC256 - #endif - #endif - #endif + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 + #endif + #endif + #endif - /* AES */ - #undef NO_AES - #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + /* AES */ + #undef NO_AES + #if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC - #undef HAVE_AESGCM - #define HAVE_AESGCM + #undef HAVE_AESGCM + #define HAVE_AESGCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - //#define GCM_SMALL + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + //#define GCM_SMALL //#define GCM_WORD32 #define GCM_TABLE - #undef WOLFSSL_AES_DIRECT - #define WOLFSSL_AES_DIRECT + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT - #undef HAVE_AES_ECB - #define HAVE_AES_ECB + #undef HAVE_AES_ECB + #define HAVE_AES_ECB - #undef WOLFSSL_AES_COUNTER - #define WOLFSSL_AES_COUNTER + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER - #undef HAVE_AESCCM - #define HAVE_AESCCM + #undef HAVE_AESCCM + #define HAVE_AESCCM - #else - #define NO_AES - #endif + #else + #define NO_AES + #endif - /* DES3 */ - #undef NO_DES3 - #if 1 - #else - #define NO_DES3 - #endif + /* DES3 */ + #undef NO_DES3 + #if 1 + #else + #define NO_DES3 + #endif - /* ------------------------------------------------------------------------- */ - /* Hashing */ - /* ------------------------------------------------------------------------- */ - /* Sha */ - #undef NO_SHA - #if 1 - /* 1k smaller, but 25% slower */ - //#define USE_SLOW_SHA - #else - #define NO_SHA - #endif + /* ------------------------------------------------------------------------- */ + /* Hashing */ + /* ------------------------------------------------------------------------- */ + /* Sha */ + #undef NO_SHA + #if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA + #else + #define NO_SHA + #endif - /* Sha256 */ - #undef NO_SHA256 - #if 1 - /* not unrolled - ~2k smaller and ~25% slower */ - //#define USE_SLOW_SHA256 + /* Sha256 */ + #undef NO_SHA256 + #if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 - /* Sha224 */ - #if 1 - #define WOLFSSL_SHA224 - #endif - #else - #define NO_SHA256 - #endif + /* Sha224 */ + #if 1 + #define WOLFSSL_SHA224 + #endif + #else + #define NO_SHA256 + #endif - /* Sha512 */ - #undef WOLFSSL_SHA512 - #if 1 - #define WOLFSSL_SHA512 + /* Sha512 */ + #undef WOLFSSL_SHA512 + #if 1 + #define WOLFSSL_SHA512 - /* Sha384 */ - #undef WOLFSSL_SHA384 - #if 1 - #define WOLFSSL_SHA384 - #endif + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif - /* over twice as small, but 50% slower */ - //#define USE_SLOW_SHA512 - #endif + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + #endif - /* Sha3 */ - #undef WOLFSSL_SHA3 - #if 1 - #define WOLFSSL_SHA3 - #endif + /* Sha3 */ + #undef WOLFSSL_SHA3 + #if 1 + #define WOLFSSL_SHA3 + #endif - /* MD5 */ - #undef NO_MD5 - #if 1 + /* MD5 */ + #undef NO_MD5 + #if 1 - #else - #define NO_MD5 - #endif + #else + #define NO_MD5 + #endif - /* HKDF */ - #undef HAVE_HKDF - #if 1 - #define HAVE_HKDF - #endif + /* HKDF */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #endif - /* CMAC */ - #undef WOLFSSL_CMAC - #if 1 - #define WOLFSSL_CMAC - #endif + /* CMAC */ + #undef WOLFSSL_CMAC + #if 1 + #define WOLFSSL_CMAC + #endif - /* DH */ - #undef NO_DH - #if 1 - /* Use table for DH instead of -lm (math) lib dependency */ - #if 0 - #define WOLFSSL_DH_CONST - #define HAVE_FFDHE_2048 - #define HAVE_FFDHE_4096 - //#define HAVE_FFDHE_6144 - //#define HAVE_FFDHE_8192 - #endif + /* DH */ + #undef NO_DH + #if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 0 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif - #ifdef HAVE_FIPS - #define WOLFSSL_VALIDATE_FFC_IMPORT - #define HAVE_FFDHE_Q - #endif - #else - #define NO_DH - #endif - //#define WOLFSSL_AESNI - //#define HAVE_INTEL_RDSEED - //#define FORCE_FAILURE_RDSEED - //#define HAVE_FORCE_FIPS_FAILURE + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif + #else + #define NO_DH + #endif #endif /* FIPS v2 */ //#define DEBUG_WOLFSSL #define NO_MAIN_DRIVER -//#define CAVP_VECTOR_TESTING #endif /* _WIN_USER_SETTINGS_H_ */ From b3eb2e3dddeb107e27e94a7a2f83acfa25091b4a Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 17 Mar 2021 09:37:22 -0600 Subject: [PATCH 3/3] Implement peer review feedback Fix items that were missed from peer review Remove dead code Add ret capture of return from XVSNPRINTF --- wolfcrypt/benchmark/benchmark.c | 4 ---- wolfcrypt/src/wc_port.c | 4 ---- wolfssl/wolfcrypt/types.h | 18 +++++++----------- wolfssl/wolfcrypt/wc_port.h | 4 +++- 4 files changed, 10 insertions(+), 20 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index e6cd032d0..ac868e560 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4577,8 +4577,6 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxenc; - int inner_idx_enc; byte* enc[BENCH_MAX_PENDING]; #endif #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) @@ -4586,8 +4584,6 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxout; - int inner_idx_out; byte* out[BENCH_MAX_PENDING]; #endif #else diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 0d2c85736..bf02950ca 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -441,11 +441,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); - #ifdef _WIN32_WCE - ctx->hFind = FindFirstFileA((LPCWSTR) ctx->name, &ctx->FindFileData); - #else ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData); - #endif if (ctx->hFind == INVALID_HANDLE_VALUE) { WOLFSSL_MSG("FindFirstFile for path verify locations failed"); return BAD_PATH_ERROR; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 78646281c..8019a125e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -556,17 +556,17 @@ decouple library dependencies with standard string, memory and so on. { va_list ap; int ret; - + if ((int)n <= 0) return -1; - + va_start(ap, format); - - ret = vsnprintf(s, n, format, ap); + + ret = XVSNPRINTF(s, n, format, ap); if (ret < 0) ret = -1; - + va_end(ap); - + return ret; } #define XSNPRINTF _xsnprintf_ @@ -597,11 +597,7 @@ decouple library dependencies with standard string, memory and so on. if ((int)bufsize <= 0) return -1; va_start(ap, format); - #ifndef _WIN32_WCE - ret = vsnprintf(buffer, bufsize, format, ap); - #else - ret = _vsnprintf(buffer, bufsize, format, ap); - #endif + ret = XVSNPRINTF(buffer, bufsize, format, ap); if (ret >= (int)bufsize) ret = -1; va_end(ap); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 18d4ce85a..aff4acace 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -631,6 +631,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END SEEK_END #define XBADFILE NULL #define XFGETS fgets + #define XVSNPRINTF _vsnprintf #elif defined(FUSION_RTOS) #include @@ -883,7 +884,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); time_t windows_time(time_t* timer); #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d) - #define FindFirstFileA(fn, d) FindFirstFile(fn, (LPWIN32_FIND_DATAW) d) + #define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \ + (LPWIN32_FIND_DATAW) d) #define XTIME(t1) windows_time((t1)) #define WOLFSSL_GMTIME