Commit Graph

212 Commits

Author SHA1 Message Date
David Garske 6b6ad38e4f Adds support for TLS v1.3 Encrypted Client Hello (ECH) draft-ietf-tls-esni) and HPKE (Hybrid Public Key Encryption) RFC9180. 2023-01-18 11:37:27 -08:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Sean Parkinson e68c7bb74d Move file and BIO reading out to ssl_misc.c 2022-10-26 10:28:20 +10:00
Hayden Roche 4859a00c2a Merge pull request #5698 from SparkiDev/aes_arm32_no_hw 2022-10-21 12:34:22 -07:00
Sean Parkinson 591101fd8b AES for ARM32 without using crypto hardware instructions
AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
Fix ldrd and strd to use even first first register and have
second register be next after first.
2022-10-18 08:31:53 +10:00
Hayden Roche 47ccd924c2 Merge pull request #5657 from julek-wolfssl/dtls-1.2-stateless 2022-10-09 09:31:07 -07:00
Sean Parkinson be41af6527 Kyber: only include source when not FIPS 2022-10-07 08:33:05 +10:00
Sean Parkinson 66ce7635b9 AES x86 ASM: new assembly
Added new x86 assembly for AES.
AES-CBC decrypt only 4 blocks at a time (not 6 or 8) due to reduces
register count.
GCM implementation for AVX2, AVX1 and AESNI only.
Disabled looking for other assembly files for x86.
2022-10-05 07:34:42 +10:00
Juliusz Sosinowicz 354cd2ed50 DTLS 1.2: Reset state when sending HelloVerifyRequest 2022-10-04 16:22:59 +02:00
David Garske 7970d5d794 Merge pull request #5152 from SparkiDev/armv7a_neon_asm
ARM ASM: ARMv7a with NEON instructions
2022-09-23 08:46:03 -07:00
Anthony Hu a2635be9e6 wolfCrypt support for external Kyber implementations (liboqs and pqm4) 2022-09-13 10:07:28 -04:00
Sean Parkinson 8c1e2c52e7 Kyber: Add option to build Kyber API
wolfSSL Kyber implementation not included.
Added tests and benchmarking.
2022-09-13 10:07:27 -04:00
Sean Parkinson 805b0eb606 ARM ASM: ARMv7a with NEON instructions
Change to build assembly code for ARMv7a with NEON instruction set.
./configure -host=armv7a --enable-armasm
Added ARM32 SHA-256 NEON only implementation.
2022-09-07 09:29:56 +10:00
David Garske aa036b6ea4 Merge pull request #5532 from anhu/sphincs
Add sphincs to wolfCrypt.
2022-09-02 11:56:11 -07:00
Anthony Hu 10ce703d71 Add sphincs to wolfCrypt.
Note that we will not support sphincs in TLS so nothing above wolfcrypt changes.
2022-09-02 11:53:55 -04:00
Sean Parkinson ce8959ea77 SHA-3 improvements
Add x86_64 assembly code:
  - BMI2
  - AVX2 (using ymm, slower than BMI2)
  - AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
2022-09-01 17:11:58 +10:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Anthony Hu 82a900b438 Initial commit to add Dilithium NIST PQC winner.
Also:

* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3

Tested with the following commands:

examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

with permutations of SHAKE,AES variants and levels 2,3,5
2022-08-11 11:38:31 -04:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
Daniel Pouzzner eff4fe398b src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds. 2022-07-06 17:37:43 -05:00
David Garske 6d2a41b9fd Enable wolfSSL SP Math all (sp_int.c) by default. If --enable-fastmath or USE_FAST_MATH is set the older tfm.c fast math will be used. To use the old integer.c heap math use --enable-heapmath or USE_INTEGER_HEAP_MATH. 2022-06-16 10:57:30 +10:00
Marco Oliverio d8ac35579c dtls13: add autotools, cmake build options and vstudio paths 2022-06-15 10:46:42 -07:00
Sean Parkinson 852d5169d4 ssl.c rework
Move the public key APIs out of ssl.c and into pk.c.
(RSA, DSA, DH and EC)
2022-05-13 11:12:44 +10:00
Sean Parkinson 25aa0af260 ssl.c break out
Move the X509 API out of ssl.c into x509.c
2022-04-06 17:25:26 +10:00
Sean Parkinson 90f53aed34 ssl.c: move out X509 store APIs to new file 2022-03-23 13:59:54 +10:00
Sean Parkinson 343e8bccdd ssl.c: move TXT and CONF APIs out into conf.c 2022-03-15 12:09:24 +10:00
John Safranek d6fb454063 Fix wolfRand Build
1. Remove the v3 FIPS build from configure and automake. This was for
   the old FIPS Ready build, which is now fixed to the certificate 3389
   configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
   getting reenabled later in the configure.
2022-03-09 10:35:39 -08:00
elms d1895e5679 automake: fix fips touch and cleanup
This fixes an issue with yocto that only occurs when using `devtool`
which builds out of tree.
2022-02-23 14:11:31 -08:00
tmael 0d5edfadcb Merge pull request #4837 from SparkiDev/sp_c_config
SP C: when sp_c32.c ad sp_c64.c are included in build changed
2022-02-09 07:51:20 -08:00
Sean Parkinson 343cb0da23 SP C: when sp_c32.c ad sp_c64.c are included in build changed
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.

The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.

ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
2022-02-09 15:56:57 +10:00
Sean Parkinson 0042a2594c SHA-3, ARM64: add assembly support for crypto instructions
Add ability to compile ARM assembly from inline C code.
2022-02-08 12:21:38 +10:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
David Garske 5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
David Garske 40fff86807 Merge pull request #4801 from tmael/cert_rr
cert subset improvements
2022-01-28 11:00:55 -08:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Tesfa Mael 1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Hayden Roche 58789991f9 Allow DES3 with FIPS v5-dev. 2022-01-24 15:18:44 -08:00
David Garske 609d6442b1 Merge pull request #4753 from SparkiDev/siphash
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
Sean Parkinson a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Anthony Hu 81def76b18 The NIST round 3 Falcon Signature Scheme integration. 2021-11-02 11:12:10 -04:00
Daniel Pouzzner f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 87b965c964 include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner 947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS;
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
2021-10-26 20:24:27 -05:00
John Safranek 7af87e5b32 Restore the HKDF code to hmac.c. For compatibility between FIPS builds. 2021-10-26 20:24:25 -05:00
John Safranek 6cf186696e Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS. 2021-10-26 20:24:25 -05:00
John Safranek 2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00