wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9048 from douzzer/20250730-linuxkm-tweaks

Browse Source 
20250730-linuxkm-tweaks
This commit is contained in:
JacobBarthelmeh
2025-07-31 14:36:56 -06:00
committed by GitHub
parent 70af2be5ab 1152d612a6
commit 86adcd6c8e
8 changed files with 308 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/linuxkm.yml vendored
View File

@@ -17,8 +17,8 @@ jobs:
strategy: strategy:
matrix: matrix:
config: [ config: [
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384', 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384' 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
] ]
name: build module name: build module
if: github.repository_owner == 'wolfssl' if: github.repository_owner == 'wolfssl'

4
linuxkm/Kbuild
View File

@@ -304,7 +304,7 @@ endif
# auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
# exclude symbols that don't match wc_* or wolf*. # exclude symbols that don't match wc_* or wolf*.
$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_hooks.o
@cp $< $@ || exit $$? @cp $< $@ || exit $$?
if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then
# use ASCII octal escape to avoid syntax disruption in the awk script. # use ASCII octal escape to avoid syntax disruption in the awk script.
@@ -312,7 +312,7 @@ $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_
else else
ns='WOLFSSL' ns='WOLFSSL'
fi fi
$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | $(READELF) --symbols --wide $(filter %.o,$^) |
$(AWK) '/^ *[0-9]+: / { $(AWK) '/^ *[0-9]+: / {
if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}
if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {

127
linuxkm/linuxkm_wc_port.h
View File

@@ -135,6 +135,37 @@
#endif #endif
extern void wc_linuxkm_relax_long_loop(void); extern void wc_linuxkm_relax_long_loop(void);
enum wc_svr_flags {
WC_SVR_FLAG_INHIBIT = 1,
};
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_X86
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_ARM
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#else
#ifndef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#endif
#endif
#ifdef BUILDING_WOLFSSL #ifdef BUILDING_WOLFSSL
#if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \ #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \
@@ -408,33 +439,6 @@
#endif /* !__PIE__ */ #endif /* !__PIE__ */
#endif /* LINUXKM_LKCAPI_REGISTER */ #endif /* LINUXKM_LKCAPI_REGISTER */
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_SP_X86_64_ASM)
#ifndef CONFIG_X86
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_X86
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
#endif
#define WOLFSSL_LINUXKM_SIMD
#define WOLFSSL_LINUXKM_SIMD_ARM
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
#endif
#else
#ifndef WOLFSSL_NO_ASM
#define WOLFSSL_NO_ASM
#endif
#endif
#ifndef WC_CHECK_FOR_INTR_SIGNALS #ifndef WC_CHECK_FOR_INTR_SIGNALS
#define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals() #define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals()
#endif #endif
@@ -453,15 +457,11 @@
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \ #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
defined(CONFIG_X86) defined(CONFIG_X86)
enum wc_svr_flags {
WC_SVR_FLAG_INHIBIT = 1,
};
extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
extern void free_wolfcrypt_linuxkm_fpu_states(void); extern void free_wolfcrypt_linuxkm_fpu_states(void);
extern __must_check int can_save_vector_registers_x86(void); WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags); WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
extern void restore_vector_registers_x86(void); WOLFSSL_API void wc_restore_vector_registers_x86(void);
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
#include <asm/i387.h> #include <asm/i387.h>
@@ -471,14 +471,14 @@
#endif #endif
#ifndef CAN_SAVE_VECTOR_REGISTERS #ifndef CAN_SAVE_VECTOR_REGISTERS
#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
#define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0)) #define CAN_SAVE_VECTOR_REGISTERS() (wc_can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
#else #else
#define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86() #define CAN_SAVE_VECTOR_REGISTERS() wc_can_save_vector_registers_x86()
#endif #endif
#endif #endif
#ifndef SAVE_VECTOR_REGISTERS #ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) { \ #define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = save_vector_registers_x86(0); \ int _svr_ret = wc_save_vector_registers_x86(0); \
if (_svr_ret != 0) { \ if (_svr_ret != 0) { \
fail_clause \ fail_clause \
} \ } \
@@ -489,22 +489,22 @@
#define SAVE_VECTOR_REGISTERS2() ({ \ #define SAVE_VECTOR_REGISTERS2() ({ \
int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \ int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
(_fuzzer_ret == 0) ? \ (_fuzzer_ret == 0) ? \
save_vector_registers_x86(0) : \ wc_save_vector_registers_x86(0) : \
_fuzzer_ret; \ _fuzzer_ret; \
}) })
#else #else
#define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86(0) #define SAVE_VECTOR_REGISTERS2() wc_save_vector_registers_x86(0)
#endif #endif
#endif #endif
#ifndef RESTORE_VECTOR_REGISTERS #ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86() #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif #endif
#ifndef DISABLE_VECTOR_REGISTERS #ifndef DISABLE_VECTOR_REGISTERS
#define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT) #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
#endif #endif
#ifndef REENABLE_VECTOR_REGISTERS #ifndef REENABLE_VECTOR_REGISTERS
#define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86() #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif #endif
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
@@ -544,7 +544,7 @@
#endif #endif
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
_Pragma("GCC diagnostic pop"); _Pragma("GCC diagnostic pop");
@@ -765,12 +765,12 @@
#ifdef CONFIG_X86 #ifdef CONFIG_X86
typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states; typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states;
typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86; typeof(wc_can_save_vector_registers_x86) *wc_can_save_vector_registers_x86;
typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states; typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states;
typeof(restore_vector_registers_x86) *restore_vector_registers_x86; typeof(wc_restore_vector_registers_x86) *wc_restore_vector_registers_x86;
typeof(save_vector_registers_x86) *save_vector_registers_x86; typeof(wc_save_vector_registers_x86) *wc_save_vector_registers_x86;
#else /* !CONFIG_X86 */ #else /* !CONFIG_X86 */
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* arch */ #endif /* arch */
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
@@ -1046,12 +1046,12 @@
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
#define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states) #define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states)
#define can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(can_save_vector_registers_x86) #define wc_can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_can_save_vector_registers_x86)
#define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states) #define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states)
#define restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(restore_vector_registers_x86) #define wc_restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_restore_vector_registers_x86)
#define save_vector_registers_x86 WC_LKM_INDIRECT_SYM(save_vector_registers_x86) #define wc_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_save_vector_registers_x86)
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
#define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init) #define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init)
@@ -1179,6 +1179,25 @@
#endif /* BUILDING_WOLFSSL */ #endif /* BUILDING_WOLFSSL */
#if !defined(BUILDING_WOLFSSL)
/* some caller code needs these. */
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#if defined(CONFIG_X86)
WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
WOLFSSL_API void wc_restore_vector_registers_x86(void);
#ifndef DISABLE_VECTOR_REGISTERS
#define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
#endif
#ifndef REENABLE_VECTOR_REGISTERS
#define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86()
#endif
#else /* !CONFIG_X86 */
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
#endif /* !CONFIG_X86 */
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
#endif /* !BUILDING_WOLFSSL */
/* Copied from wc_port.h: For FIPS keep the function names the same */ /* Copied from wc_port.h: For FIPS keep the function names the same */
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#define wc_InitMutex InitMutex #define wc_InitMutex InitMutex
@@ -1232,6 +1251,12 @@
return 0; return 0;
} }
#else #else
/* if BUILDING_WOLFSSL, spinlock.h will have already been included
* recursively above, with the bevy of warnings suppressed, and the
* below include will be a redundant no-op.
*/
#include <linux/spinlock.h>
typedef struct wolfSSL_Mutex { typedef struct wolfSSL_Mutex {
spinlock_t lock; spinlock_t lock;
unsigned long irq_flags; unsigned long irq_flags;

3
linuxkm/lkcapi_sha_glue.c
View File

@@ -980,6 +980,9 @@ static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx)
if (ctx->rngs[i].lock != 0) { if (ctx->rngs[i].lock != 0) {
/* better to leak than to crash. */ /* better to leak than to crash. */
pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i); pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i);
ctx->rngs = NULL;
ctx->n_rngs = 0;
return;
} }
else else
wc_FreeRng(&ctx->rngs[i].rng); wc_FreeRng(&ctx->rngs[i].rng);

6
linuxkm/module_hooks.c
View File

@@ -672,10 +672,10 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86) #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states; wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states;
wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86; wolfssl_linuxkm_pie_redirect_table.wc_can_save_vector_registers_x86 = wc_can_save_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states; wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states;
wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86; wolfssl_linuxkm_pie_redirect_table.wc_restore_vector_registers_x86 = wc_restore_vector_registers_x86;
wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86; wolfssl_linuxkm_pie_redirect_table.wc_save_vector_registers_x86 = wc_save_vector_registers_x86;
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */ #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */

24
linuxkm/x86_vector_register_glue.c
View File

@@ -233,7 +233,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
if (unlikely(wc_linuxkm_fpu_states == NULL)) { if (unlikely(wc_linuxkm_fpu_states == NULL)) {
if (! assume_fpu_began) { if (! assume_fpu_began) {
/* this was just a quick check for whether we're in a recursive /* this was just a quick check for whether we're in a recursive
* save_vector_registers_x86(). we're not. * wc_save_vector_registers_x86(). we're not.
*/ */
return NULL; return NULL;
} }
@@ -253,7 +253,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
} }
if (! assume_fpu_began) { if (! assume_fpu_began) {
/* this was just a quick check for whether we're in a recursive /* this was just a quick check for whether we're in a recursive
* save_vector_registers_x86(). we're not. * wc_save_vector_registers_x86(). we're not.
* *
* if we're in a softirq context, we'll always wind up here, because * if we're in a softirq context, we'll always wind up here, because
* processes with entries in wc_linuxkm_fpu_states[] always have * processes with entries in wc_linuxkm_fpu_states[] always have
@@ -296,7 +296,7 @@ static inline void wc_linuxkm_fpu_state_release(
__atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE); __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
} }
WARN_UNUSED_RESULT int can_save_vector_registers_x86(void) WARN_UNUSED_RESULT int wc_can_save_vector_registers_x86(void)
{ {
struct wc_thread_fpu_count_ent *pstate; struct wc_thread_fpu_count_ent *pstate;
@@ -329,7 +329,7 @@ WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
return 0; return 0;
} }
WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags) WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags)
{ {
struct wc_thread_fpu_count_ent *pstate; struct wc_thread_fpu_count_ent *pstate;
@@ -338,7 +338,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
* a second look at preempt_count(). * a second look at preempt_count().
*/ */
if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) { if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id()); VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id());
return WC_ACCEL_INHIBIT_E; return WC_ACCEL_INHIBIT_E;
} }
@@ -362,7 +362,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK) if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
== WC_FPU_COUNT_MASK)) == WC_FPU_COUNT_MASK))
{ {
pr_err("ERROR: save_vector_registers_x86 recursion register overflow for " pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for "
"pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id()); "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id());
return BAD_STATE_E; return BAD_STATE_E;
} else { } else {
@@ -396,7 +396,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
local_bh_disable(); local_bh_disable();
if (preempt_count() == 0) { if (preempt_count() == 0) {
VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n", VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n",
raw_smp_processor_id()); raw_smp_processor_id());
#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
(LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
@@ -459,13 +459,13 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
pstate->fpu_state = 1U; pstate->fpu_state = 1U;
if (preempt_count() == 0) { if (preempt_count() == 0) {
VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n", VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n",
raw_smp_processor_id()); raw_smp_processor_id());
} }
return 0; return 0;
} else { } else {
VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id()); VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id());
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
dump_stack(); dump_stack();
#endif #endif
@@ -475,19 +475,19 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
__builtin_unreachable(); __builtin_unreachable();
} }
void restore_vector_registers_x86(void) void wc_restore_vector_registers_x86(void)
{ {
struct wc_thread_fpu_count_ent *pstate; struct wc_thread_fpu_count_ent *pstate;
if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) { if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called from interrupt handler on CPU %d.\n", VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called from interrupt handler on CPU %d.\n",
raw_smp_processor_id()); raw_smp_processor_id());
return; return;
} }
pstate = wc_linuxkm_fpu_state_assoc(0, 1); pstate = wc_linuxkm_fpu_state_assoc(0, 1);
if (unlikely(pstate == NULL)) { if (unlikely(pstate == NULL)) {
VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called by pid %d on CPU %d " VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d "
"with no saved state.\n", task_pid_nr(current), "with no saved state.\n", task_pid_nr(current),
raw_smp_processor_id()); raw_smp_processor_id());
return; return;

187
wolfcrypt/benchmark/benchmark.c
View File

@@ -2543,6 +2543,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
total = current_time(0) - start; total = current_time(0) - start;
WC_RELAX_LONG_LOOP();
#if defined(WOLFSSL_ESPIDF) && defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) #if defined(WOLFSSL_ESPIDF) && defined(DEBUG_WOLFSSL_BENCHMARK_TIMING)
ESP_LOGI(TAG, "%s total_cycles = %llu", desc, total_cycles); ESP_LOGI(TAG, "%s total_cycles = %llu", desc, total_cycles);
#endif #endif
@@ -2773,6 +2775,8 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
total = current_time(0) - start; total = current_time(0) - start;
WC_RELAX_LONG_LOOP();
#ifdef LINUX_RUSAGE_UTIME #ifdef LINUX_RUSAGE_UTIME
check_for_excessive_stime(algo, strength, desc, desc_extra); check_for_excessive_stime(algo, strength, desc, desc_extra);
#endif #endif
@@ -5010,7 +5014,13 @@ static void bench_aesecb_internal(int useDeviceID,
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
&times, outer_loop_limit, &pending)) { &times, outer_loop_limit, &pending)) {
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0)
ret = wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
if (ret != 0)
goto exit_aes_enc;
#else
wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain); wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
#endif
#else #else
wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain, wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain,
benchSz); benchSz);
@@ -5061,7 +5071,13 @@ exit_aes_enc:
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
&times, outer_loop_limit, &pending)) { &times, outer_loop_limit, &pending)) {
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#if defined(WOLFSSL_LINUXKM) || FIPS_VERSION_GE(6, 0)
ret = wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
if (ret != 0)
goto exit_aes_dec;
#else
wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher); wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
#endif
#else #else
wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher, wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher,
benchSz); benchSz);
@@ -9814,8 +9830,13 @@ exit_decap:
void bench_mlkem(int type) void bench_mlkem(int type)
{ {
KyberKey key1; #ifdef WOLFSSL_SMALL_STACK
KyberKey key2; KyberKey *key1 = NULL;
KyberKey *key2 = NULL;
#else
KyberKey key1[1];
KyberKey key2[1];
#endif
const char* name = NULL; const char* name = NULL;
int keySize = 0; int keySize = 0;
@@ -9864,14 +9885,30 @@ void bench_mlkem(int type)
return; return;
} }
bench_mlkem_keygen(type, name, keySize, &key1); #ifdef WOLFSSL_SMALL_STACK
#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ key1 = (KyberKey *)XMALLOC(sizeof(*key1), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) if (key1 == NULL)
bench_mlkem_encap(type, name, keySize, &key1, &key2); return;
key2 = (KyberKey *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key2 == NULL) {
XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return;
}
#endif #endif
wc_KyberKey_Free(&key2); bench_mlkem_keygen(type, name, keySize, key1);
wc_KyberKey_Free(&key1); #if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
bench_mlkem_encap(type, name, keySize, key1, key2);
#endif
wc_KyberKey_Free(key2);
wc_KyberKey_Free(key1);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
} }
#endif #endif
@@ -10079,7 +10116,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
#endif #endif
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "error: wc_InitRng failed: %d\n", ret); printf("error: wc_InitRng failed: %d\n", ret);
return; return;
} }
@@ -10113,27 +10150,27 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz); ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n", printf("error: wc_LmsKey_GetParameters failed: %d\n",
ret); ret);
goto exit_lms_keygen; goto exit_lms_keygen;
} }
ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", printf("error: wc_LmsKey_SetWriteCb failed: %d\n",
ret); ret);
goto exit_lms_keygen; goto exit_lms_keygen;
} }
ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret); printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
goto exit_lms_keygen; goto exit_lms_keygen;
} }
ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", printf("error: wc_LmsKey_SetContext failed: %d\n",
ret); ret);
goto exit_lms_keygen; goto exit_lms_keygen;
} }
@@ -10162,7 +10199,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen); ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret); printf("error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
} }
exit_lms_keygen: exit_lms_keygen:
@@ -10296,19 +10333,19 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", ret); printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret);
goto exit_lms_sign_verify; goto exit_lms_sign_verify;
} }
ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret); printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
goto exit_lms_sign_verify; goto exit_lms_sign_verify;
} }
ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
if (ret) { if (ret) {
fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret); printf("error: wc_LmsKey_SetContext failed: %d\n", ret);
goto exit_lms_sign_verify; goto exit_lms_sign_verify;
} }
@@ -10609,7 +10646,7 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
#endif #endif
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "error: wc_InitRng failed: %d\n", ret); printf("error: wc_InitRng failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
@@ -10617,24 +10654,24 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID); ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "wc_XmssKey_Init failed: %d\n", ret); printf("wc_XmssKey_Init failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_SetParamStr(&key, params); ret = wc_XmssKey_SetParamStr(&key, params);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "wc_XmssKey_SetParamStr failed: %d\n", ret); printf("wc_XmssKey_SetParamStr failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_GetPubLen(&key, &pkSz); ret = wc_XmssKey_GetPubLen(&key, &pkSz);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret); printf("wc_XmssKey_GetPubLen failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
#ifndef WOLFSSL_WC_XMSS #ifndef WOLFSSL_WC_XMSS
if (pkSz != XMSS_SHA256_PUBLEN) { if (pkSz != XMSS_SHA256_PUBLEN) {
fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz, printf("error: xmss pub len: got %u, expected %d\n", pkSz,
XMSS_SHA256_PUBLEN); XMSS_SHA256_PUBLEN);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
@@ -10642,53 +10679,53 @@ static void bench_xmss_sign_verify(const char * params)
ret = wc_XmssKey_GetPrivLen(&key, &skSz); ret = wc_XmssKey_GetPrivLen(&key, &skSz);
if (ret != 0 || skSz <= 0) { if (ret != 0 || skSz <= 0) {
fprintf(stderr, "error: wc_XmssKey_GetPrivLen failed\n"); printf("error: wc_XmssKey_GetPrivLen failed\n");
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_GetSigLen(&key, &sigSz); ret = wc_XmssKey_GetSigLen(&key, &sigSz);
if (ret != 0 || sigSz <= 0) { if (ret != 0 || sigSz <= 0) {
fprintf(stderr, "error: wc_XmssKey_GetSigLen failed\n"); printf("error: wc_XmssKey_GetSigLen failed\n");
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
/* Allocate secret keys.*/ /* Allocate secret keys.*/
sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sk == NULL) { if (sk == NULL) {
fprintf(stderr, "error: allocate xmss sk failed\n"); printf("error: allocate xmss sk failed\n");
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
/* Allocate signature array. */ /* Allocate signature array. */
sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL) { if (sig == NULL) {
fprintf(stderr, "error: allocate xmss sig failed\n"); printf("error: allocate xmss sig failed\n");
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem); ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetWriteCb failed: %d\n", ret); printf("error: wc_XmssKey_SetWriteCb failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem); ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetReadCb failed: %d\n", ret); printf("error: wc_XmssKey_SetReadCb failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
ret = wc_XmssKey_SetContext(&key, (void *)sk); ret = wc_XmssKey_SetContext(&key, (void *)sk);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret); printf("error: wc_XmssKey_SetContext failed: %d\n", ret);
goto exit_xmss_sign_verify; goto exit_xmss_sign_verify;
} }
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "params: %s\n", params); printf("params: %s\n", params);
fprintf(stderr, "pkSz: %d\n", pkSz); printf("pkSz: %d\n", pkSz);
fprintf(stderr, "skSz: %d\n", skSz); printf("skSz: %d\n", skSz);
fprintf(stderr, "sigSz: %d\n", sigSz); printf("sigSz: %d\n", sigSz);
#endif #endif
/* Making the private key is the bottleneck for larger heights. */ /* Making the private key is the bottleneck for larger heights. */
@@ -14232,18 +14269,45 @@ static const int sizeof_bench_dilithium_level5_sig =
void bench_dilithiumKeySign(byte level) void bench_dilithiumKeySign(byte level)
{ {
int ret = 0; int ret = 0;
dilithium_key key;
double start; double start;
int i, count; int i, count;
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte sig[DILITHIUM_MAX_SIG_SIZE];
byte msg[512];
word32 x = 0; word32 x = 0;
#endif #endif
#define DILITHIUM_BENCH_MSG_SIZE 512
#ifdef WOLFSSL_SMALL_STACK
dilithium_key *key = NULL;
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte *sig = NULL;
byte *msg = NULL;
#endif
#else
dilithium_key key[1];
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
byte sig[DILITHIUM_MAX_SIG_SIZE];
byte msg[DILITHIUM_BENCH_MSG_SIZE];
#endif
#endif
const char**desc = bench_desc_words[lng_index]; const char**desc = bench_desc_words[lng_index];
DECLARE_MULTI_VALUE_STATS_VARS() DECLARE_MULTI_VALUE_STATS_VARS()
byte params = 0; byte params = 0;
#ifdef WOLFSSL_SMALL_STACK
key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
sig = (byte *)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
msg = (byte *)XMALLOC(DILITHIUM_BENCH_MSG_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if ((key == NULL) || (sig == NULL) || (msg == NULL)) {
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
key = NULL;
goto out;
}
#endif /* WOLFSSL_SMALL_STACK */
if (level == 2) { if (level == 2) {
params = 44; params = 44;
} }
@@ -14256,18 +14320,18 @@ void bench_dilithiumKeySign(byte level)
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
/* make dummy msg */ /* make dummy msg */
for (i = 0; i < (int)sizeof(msg); i++) { for (i = 0; i < DILITHIUM_BENCH_MSG_SIZE; i++) {
msg[i] = (byte)i; msg[i] = (byte)i;
} }
#endif #endif
ret = wc_dilithium_init(&key); ret = wc_dilithium_init(key);
if (ret != 0) { if (ret != 0) {
printf("wc_dilithium_init failed %d\n", ret); printf("wc_dilithium_init failed %d\n", ret);
return; goto out;
} }
ret = wc_dilithium_set_level(&key, level); ret = wc_dilithium_set_level(key, level);
if (ret != 0) { if (ret != 0) {
printf("wc_dilithium_set_level() failed %d\n", ret); printf("wc_dilithium_set_level() failed %d\n", ret);
} }
@@ -14276,10 +14340,10 @@ void bench_dilithiumKeySign(byte level)
bench_stats_start(&count, &start); bench_stats_start(&count, &start);
do { do {
for (i = 0; i < agreeTimes; i++) { for (i = 0; i < agreeTimes; i++) {
ret = wc_dilithium_make_key(&key, GLOBAL_RNG); ret = wc_dilithium_make_key(key, GLOBAL_RNG);
if (ret != 0) { if (ret != 0) {
printf("wc_dilithium_import_private_key failed %d\n", ret); printf("wc_dilithium_import_private_key failed %d\n", ret);
return; goto out;
} }
} }
count += i; count += i;
@@ -14302,24 +14366,24 @@ void bench_dilithiumKeySign(byte level)
#ifndef WOLFSSL_NO_ML_DSA_44 #ifndef WOLFSSL_NO_ML_DSA_44
if (level == 2) { if (level == 2) {
ret = wc_dilithium_import_private(bench_dilithium_level2_key, ret = wc_dilithium_import_private(bench_dilithium_level2_key,
sizeof_bench_dilithium_level2_key, &key); sizeof_bench_dilithium_level2_key, key);
} }
#endif #endif
#ifndef WOLFSSL_NO_ML_DSA_65 #ifndef WOLFSSL_NO_ML_DSA_65
if (level == 3) { if (level == 3) {
ret = wc_dilithium_import_private(bench_dilithium_level3_key, ret = wc_dilithium_import_private(bench_dilithium_level3_key,
sizeof_bench_dilithium_level3_key, &key); sizeof_bench_dilithium_level3_key, key);
} }
#endif #endif
#ifndef WOLFSSL_NO_ML_DSA_87 #ifndef WOLFSSL_NO_ML_DSA_87
if (level == 5) { if (level == 5) {
ret = wc_dilithium_import_private(bench_dilithium_level5_key, ret = wc_dilithium_import_private(bench_dilithium_level5_key,
sizeof_bench_dilithium_level5_key, &key); sizeof_bench_dilithium_level5_key, key);
} }
#endif #endif
if (ret != 0) { if (ret != 0) {
printf("Failed to load private key\n"); printf("Failed to load private key\n");
return; goto out;
} }
#endif #endif
@@ -14341,7 +14405,7 @@ void bench_dilithiumKeySign(byte level)
do { do {
for (i = 0; i < agreeTimes; i++) { for (i = 0; i < agreeTimes; i++) {
if (ret == 0) { if (ret == 0) {
ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key,
GLOBAL_RNG); GLOBAL_RNG);
if (ret != 0) { if (ret != 0) {
printf("wc_dilithium_sign_msg failed\n"); printf("wc_dilithium_sign_msg failed\n");
@@ -14377,7 +14441,7 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level2_sig, x); XMEMCPY(sig, bench_dilithium_level2_sig, x);
#endif #endif
ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey, ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey,
sizeof_bench_dilithium_level2_pubkey, &key); sizeof_bench_dilithium_level2_pubkey, key);
} }
#endif #endif
#ifndef WOLFSSL_NO_ML_DSA_65 #ifndef WOLFSSL_NO_ML_DSA_65
@@ -14387,7 +14451,7 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level3_sig, x); XMEMCPY(sig, bench_dilithium_level3_sig, x);
#endif #endif
ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey, ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey,
sizeof_bench_dilithium_level3_pubkey, &key); sizeof_bench_dilithium_level3_pubkey, key);
} }
#endif #endif
#ifndef WOLFSSL_NO_ML_DSA_87 #ifndef WOLFSSL_NO_ML_DSA_87
@@ -14397,12 +14461,12 @@ void bench_dilithiumKeySign(byte level)
XMEMCPY(sig, bench_dilithium_level5_sig, x); XMEMCPY(sig, bench_dilithium_level5_sig, x);
#endif #endif
ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey, ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey,
sizeof_bench_dilithium_level5_pubkey, &key); sizeof_bench_dilithium_level5_pubkey, key);
} }
#endif #endif
if (ret != 0) { if (ret != 0) {
printf("Failed to load public key\n"); printf("Failed to load public key\n");
return; goto out;
} }
#endif #endif
@@ -14415,8 +14479,8 @@ void bench_dilithiumKeySign(byte level)
for (i = 0; i < agreeTimes; i++) { for (i = 0; i < agreeTimes; i++) {
if (ret == 0) { if (ret == 0) {
int verify = 0; int verify = 0;
ret = wc_dilithium_verify_msg(sig, x, msg, sizeof(msg), ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE,
&verify, &key); &verify, key);
if (ret != 0 || verify != 1) { if (ret != 0 || verify != 1) {
printf("wc_dilithium_verify_msg failed %d, verify %d\n", printf("wc_dilithium_verify_msg failed %d, verify %d\n",
@@ -14442,7 +14506,22 @@ void bench_dilithiumKeySign(byte level)
} }
#endif #endif
wc_dilithium_free(&key); out:
#ifdef WOLFSSL_SMALL_STACK
if (key)
#endif
{
wc_dilithium_free(key);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */

87
wolfcrypt/test/test.c
View File

@@ -18352,7 +18352,8 @@ static wc_test_ret_t random_rng_test(void)
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#ifdef WC_RNG_SEED_CB #if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
static int seed_cb(OS_Seed* os, byte* output, word32 sz) static int seed_cb(OS_Seed* os, byte* output, word32 sz)
{ {
word32 i; word32 i;
@@ -18365,16 +18366,73 @@ static int seed_cb(OS_Seed* os, byte* output, word32 sz)
static wc_test_ret_t rng_seed_test(void) static wc_test_ret_t rng_seed_test(void)
{ {
#ifndef HAVE_FIPS /* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and
* SEED_BLOCK_SZ, which depend on which seed back end is configured.
*/
#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED)
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] = WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{ {
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f, 0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06, 0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22, 0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba 0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84
}; };
#else #else
/* FIPS uses a longer seed, so different check value. */ WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7,
0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d,
0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50,
0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35
};
#endif
#elif defined(HAVE_ENTROPY_MEMUSE) && \
(defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND))
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16,
0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e,
0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d,
0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79,
0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13,
0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39,
0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45
};
#endif
#elif defined(HAVE_AMD_RDSEED)
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0,
0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10,
0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f,
0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98
};
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b,
0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f,
0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6,
0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b
};
#endif
#elif defined(HAVE_FIPS)
WOLFSSL_SMALL_STACK_STATIC const byte check[] = WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{ {
0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24, 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
@@ -18382,6 +18440,14 @@ static wc_test_ret_t rng_seed_test(void)
0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20, 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
}; };
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
};
#endif #endif
byte output[WC_SHA256_DIGEST_SIZE]; byte output[WC_SHA256_DIGEST_SIZE];
WC_RNG rng; WC_RNG rng;
@@ -18415,7 +18481,7 @@ static wc_test_ret_t rng_seed_test(void)
out: out:
return ret; return ret;
} }
#endif #endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
@@ -18526,7 +18592,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
#endif #endif
/* Test the seed callback. */ /* Test the seed callback. */
#ifdef WC_RNG_SEED_CB #if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
if ((ret = rng_seed_test()) != 0) if ((ret = rng_seed_test()) != 0)
return ret; return ret;
#endif #endif