diff --git a/configure.ac b/configure.ac index 7cd5cf6671..bc4bdb51d2 100644 --- a/configure.ac +++ b/configure.ac @@ -1513,6 +1513,7 @@ then test "$enable_hkdf" = "" && enable_hkdf=yes test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes + test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes test "$enable_psk" = "" && enable_psk=yes test "$enable_cmac" = "" && enable_cmac=yes test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes @@ -1580,13 +1581,12 @@ then test "$enable_aessiv" = "" && enable_aessiv=yes # AFALG lacks AES-EAX test "$enable_aeseax" = "" && test "$enable_afalg" != "yes" && enable_aeseax=yes + test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes if test "$KERNEL_MODE_DEFAULTS" != "yes" then test "$enable_cryptocb" = "" && enable_cryptocb=yes test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes - test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes - test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes fi fi diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index f37eea1e49..8209c6277f 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -91,6 +91,12 @@ #ifdef HAVE_ECC #include #endif +#ifdef WOLFCRYPT_HAVE_ECCSI + #include +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + #include +#endif #ifdef HAVE_HPKE #include #endif diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index d919dd8a34..d0417ec879 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -36,14 +36,6 @@ #include #endif -#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM) - /* force off unneeded vector register save/restore. */ - #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) - #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() -#endif - #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ #define wc_ecc_key_get_priv(key) (&((key)->k)) @@ -1507,8 +1499,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType, if (err != 0) return err; - SAVE_VECTOR_REGISTERS(return _svr_ret;); - params = &key->params; hs = &key->tmp; res = &key->pubkey.pubkey; @@ -1563,8 +1553,6 @@ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType, } } - RESTORE_VECTOR_REGISTERS(); - return err; } @@ -2231,8 +2219,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, if (err != 0) return err; - SAVE_VECTOR_REGISTERS(return _svr_ret;); - /* Decode the signature into components. */ r = wc_ecc_key_get_priv(&key->pubkey); pvt = &key->pubkey.pubkey; @@ -2318,8 +2304,6 @@ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, *verified = ((err == 0) && (mp_cmp(jx, r) == MP_EQ)); } - RESTORE_VECTOR_REGISTERS(); - return err; } #endif /* WOLFCRYPT_ECCSI_CLIENT */ diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 4fc1a85b48..a7b64e32a7 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -37,14 +37,6 @@ #include #include -#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM) - /* force off unneeded vector register save/restore. */ - #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) - #undef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() -#endif - #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ #define wc_ecc_key_get_priv(key) (&((key)->k)) @@ -1328,13 +1320,11 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk, err = BAD_FUNC_ARG; } if (err == 0) { - SAVE_VECTOR_REGISTERS(return _svr_ret;); #ifdef WOLFSSL_SP_1024 err = sp_Pairing_gen_precomp_1024(rsk, table, len); #else err = NOT_COMPILED_IN; #endif - RESTORE_VECTOR_REGISTERS(); } return err; @@ -2441,8 +2431,6 @@ int wc_ValidateSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, err = BAD_FUNC_ARG; } - SAVE_VECTOR_REGISTERS(return _svr_ret;); - /* Load elliptic curve parameters */ if (err == 0) { err = sakke_load_params(key); @@ -2478,8 +2466,6 @@ int wc_ValidateSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, *valid = ((err == 0) && (mp_cmp(a, &key->params.g) == MP_EQ)); } - RESTORE_VECTOR_REGISTERS(); - return err; } @@ -2622,6 +2608,22 @@ static int sakke_modexp_loop(SakkeKey* key, mp_int* b, mp_int* e, mp_proj* r, mp_int* by = key->tmp.p1->z; mp_int* prime = &key->params.prime; int i; +#ifdef WC_NO_GLOBAL_OBJECT_POINTERS + static const wc_ptr_t wc_off_on_addr[2] = + { + #if defined(WC_64BIT_CPU) + W64LIT(0x0000000000000000), + W64LIT(0xffffffffffffffff) + #elif defined(WC_16BIT_CPU) + 0x0000U, + 0xffffU + #else + /* 32 bit */ + 0x00000000U, + 0xffffffffU + #endif + }; +#endif #ifdef WC_NO_CACHE_RESISTANT c[0] = r; @@ -6387,8 +6389,6 @@ int wc_MakeSakkePointI(SakkeKey* key, const byte* id, word16 idSz) err = BAD_FUNC_ARG; } - SAVE_VECTOR_REGISTERS(return _svr_ret;); - if (err == 0) { err = sakke_load_params(key); } @@ -6401,8 +6401,6 @@ int wc_MakeSakkePointI(SakkeKey* key, const byte* id, word16 idSz) key->i.idSz = idSz; } - RESTORE_VECTOR_REGISTERS(); - return err; } @@ -6532,9 +6530,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len) #ifdef WOLFSSL_HAVE_SP_ECC if (err == 0) { - SAVE_VECTOR_REGISTERS(return _svr_ret;); err = sp_ecc_gen_table_1024(key->i.i, table, len, key->heap); - RESTORE_VECTOR_REGISTERS(); } if (err == 0) { key->i.table = table; @@ -6722,8 +6718,6 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType, err = BAD_STATE_E; } - SAVE_VECTOR_REGISTERS(return _svr_ret;); - /* Load parameters */ if (err == 0) { err = sakke_load_params(key); @@ -6799,8 +6793,6 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType, /* Step 6: Output SSV - already encoded in buffer */ - RESTORE_VECTOR_REGISTERS(); - return err; } @@ -6898,7 +6890,9 @@ int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType, byte* ssv, mp_int* ri = NULL; byte* wb = NULL; byte* test = NULL; - byte a[WC_MAX_DIGEST_SIZE] = {0}; + byte a[WC_MAX_DIGEST_SIZE]; + + XMEMSET(a, 0, sizeof(a)); if ((key == NULL) || (ssv == NULL) || (auth == NULL) || (ssvSz == 0)) { err = BAD_FUNC_ARG; @@ -6907,8 +6901,6 @@ int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType, byte* ssv, err = BAD_STATE_E; } - SAVE_VECTOR_REGISTERS(return _svr_ret;); - /* Load parameters */ if (err == 0) { err = sakke_load_params(key); @@ -6979,8 +6971,6 @@ int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType, byte* ssv, err = SAKKE_VERIFY_FAIL_E; } - RESTORE_VECTOR_REGISTERS(); - return err; } #endif /* WOLFCRYPT_SAKKE_CLIENT */ diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index 06fb8ed017..f073be133e 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -43,12 +43,13 @@ #if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) -#if (!defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ - ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ - defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) +#if !defined(WC_NO_GLOBAL_OBJECT_POINTERS) && \ + ((!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM))) /* all off / all on pointer addresses for constant calculations */ /* ecc.c uses same table */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 329c88cffd..f3fc88c8a1 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -60460,38 +60460,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void) wc_test_ret_t ret = 0; WC_RNG rng; int rng_inited = 0; - EccsiKey* priv = NULL; - EccsiKey* pub = NULL; - mp_int* ssk = NULL; + WC_DECLARE_VAR(priv, EccsiKey, 1, HEAP_HINT); + WC_DECLARE_VAR(pub, EccsiKey, 1, HEAP_HINT); + WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT); ecc_point* pvt = NULL; WOLFSSL_ENTER("eccsi_test"); - priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (priv == NULL) - ret = WC_TEST_RET_ENC_NC; - else + WC_ALLOC_VAR_EX(priv, EccsiKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); + if (ret == 0) { XMEMSET(priv, 0, sizeof(*priv)); - + WC_ALLOC_VAR_EX(pub, EccsiKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); + } if (ret == 0) { - pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) - ret = WC_TEST_RET_ENC_NC; - else - XMEMSET(pub, 0, sizeof(*pub)); + XMEMSET(pub, 0, sizeof(*pub)); + WC_ALLOC_VAR_EX(ssk, mp_int, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); } if (ret == 0) { - ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ssk == NULL) - ret = WC_TEST_RET_ENC_NC; - else - XMEMSET(ssk, 0, sizeof(*ssk)); - } + XMEMSET(ssk, 0, sizeof(*ssk)); - if (ret == 0) { #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else @@ -60547,18 +60534,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void) wc_ecc_del_point(pvt); if (rng_inited) wc_FreeRng(&rng); - if (ssk != NULL) { - mp_free(ssk); - XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } - if (pub != NULL) { - wc_FreeEccsiKey(pub); - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } - if (priv != NULL) { - wc_FreeEccsiKey(priv); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + mp_free(ssk); + WC_FREE_VAR_EX(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeEccsiKey(pub); + WC_FREE_VAR_EX(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeEccsiKey(priv); + WC_FREE_VAR_EX(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -61704,38 +61685,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void) wc_test_ret_t ret = 0; WC_RNG rng; int rng_inited = 0; - SakkeKey* priv = NULL; - SakkeKey* pub = NULL; - SakkeKey* key = NULL; + WC_DECLARE_VAR(priv, SakkeKey, 1, HEAP_HINT); + WC_DECLARE_VAR(pub, SakkeKey, 1, HEAP_HINT); + WC_DECLARE_VAR(key, SakkeKey, 1, HEAP_HINT); ecc_point* rsk = NULL; WOLFSSL_ENTER("sakke_test"); - priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (priv == NULL) - ret = WC_TEST_RET_ENC_NC; - else + WC_ALLOC_VAR_EX(priv, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); + if (ret == 0) { XMEMSET(priv, 0, sizeof(*priv)); - + WC_ALLOC_VAR_EX(pub, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); + } if (ret == 0) { - pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) - ret = WC_TEST_RET_ENC_NC; - else - XMEMSET(pub, 0, sizeof(*pub)); + XMEMSET(pub, 0, sizeof(*pub)); + WC_ALLOC_VAR_EX(key, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E)); } if (ret == 0) { - key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (key == NULL) - ret = WC_TEST_RET_ENC_NC; - else - XMEMSET(key, 0, sizeof(*key)); - } + XMEMSET(key, 0, sizeof(*key)); - if (ret == 0) { #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else @@ -61791,15 +61759,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void) } if (rng_inited) wc_FreeRng(&rng); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub != NULL) { - wc_FreeSakkeKey(pub); - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } - if (priv != NULL) { - wc_FreeSakkeKey(priv); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeSakkeKey(pub); + WC_FREE_VAR_EX(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeSakkeKey(priv); + WC_FREE_VAR_EX(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c3ced88da7..0fb49e9351 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3963,6 +3963,9 @@ extern void uITRON4_free(void *p) ; #ifndef WC_NO_INTERNAL_FUNCTION_POINTERS #define WC_NO_INTERNAL_FUNCTION_POINTERS #endif + #ifndef WC_NO_GLOBAL_OBJECT_POINTERS + #define WC_NO_GLOBAL_OBJECT_POINTERS + #endif #ifndef WOLFSSL_ECC_CURVE_STATIC #define WOLFSSL_ECC_CURVE_STATIC #endif diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h index f656329979..1353f40d17 100644 --- a/wolfssl/wolfcrypt/wolfmath.h +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -74,12 +74,13 @@ This library provides big integer math functions. #endif /* timing resistance array */ -#if (!defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ - ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ - defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) +#if !defined(WC_NO_GLOBAL_OBJECT_POINTERS) && \ + ((!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM))) extern const wc_ptr_t wc_off_on_addr[2]; #endif