Commit Graph

7012 Commits

Author SHA1 Message Date
JacobBarthelmeh 12ee732fe2 Merge pull request #6981 from douzzer/20231102-vector-register-dynamic-fallback-aes
20231102-vector-register-dynamic-fallback-aes
2023-11-28 13:15:02 -07:00
JacobBarthelmeh 61a2d2de3d Merge pull request #6955 from SparkiDev/rsa_dec_inv_blind_mul_mont
RSA private exponentiation: multiply blinding invert in Mont
2023-11-28 11:08:57 -07:00
JacobBarthelmeh a111c5b27f Merge pull request #6993 from SparkiDev/thumb2_iar_no_inline_fix_2
SP Thumb2: make function no-inline
2023-11-28 10:47:58 -07:00
JacobBarthelmeh 602bd3b506 Merge pull request #6996 from SparkiDev/armv8_aes_gcm_init_stream_iv
ARMv8 AES-GCM streaming: check size of IV before storing
2023-11-27 09:39:46 -07:00
JacobBarthelmeh 9f06d337e3 Merge pull request #6992 from SparkiDev/heapmath_addmod_ct
Heap math: mp_add/submod_ct make work when c == d
2023-11-27 09:28:49 -07:00
Sean Parkinson d83a5a955c SP Thumb2: make function no-inline
Lost changes that make function not inlined.
2023-11-24 15:38:11 +10:00
JacobBarthelmeh 2e89e46c0b Merge pull request #6990 from gojimmypi/PR-Espressif-C3-C6-S2-HW
Espressif ESP32-C3 ESP32-C6 ESP32-S2 Hardware Acceleration
2023-11-22 16:21:41 -07:00
JacobBarthelmeh 5b3f5496f8 Merge pull request #6430 from kareem-wolfssl/memcached
Add memcached support.
2023-11-22 16:20:28 -07:00
Sean Parkinson b242b44b2c ARMv8 AES-GCM streaming: check size of IV before storing
Only store IV in Init function if it will fit in reg field of Aes
object.
2023-11-23 08:01:20 +10:00
Sean Parkinson 416ce54276 Heap math: mp_add/submod_ct make work when c == d
mp_addmod_ct and mp_submod_ct expected c and d to be different pointers.
Change code to support this use case.
Fix whitespace.
2023-11-23 07:28:55 +10:00
gojimmypi 2da88115a6 Upstream merge + resolve conflict. 2023-11-22 13:17:14 -08:00
Eric Blankenhorn 7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
gojimmypi 9227020f8e code review updates for ESP32 C3/C6/S2 HW Acceleration 2023-11-21 16:22:49 -08:00
JacobBarthelmeh dda72dc19c Merge pull request #6979 from SparkiDev/sp_arm64_noinline
SP ARM64 P-256: mark functions as SP_NOINLINE
2023-11-21 09:48:08 -07:00
JacobBarthelmeh 60909d5cba Merge pull request #6971 from SparkiDev/iar_thumb2_asm
IAR Thumb2 ASM: fixes
2023-11-21 09:46:31 -07:00
gojimmypi 7e69030df1 Espressif ESP32-C3 ESP32-C6 ESP32-S2 Hardware Acceleration 2023-11-20 18:05:18 -08:00
Sean Parkinson 9ac3083e5d Thumb2 ASM fixes
Make a separate AES for IAR that has AES_encrypt_block and
AES_decrypt_block inlined. Default code is relying on compiler to use
specific registers and not modify others.

Improve performance of small SP ASM code for RSA.
2023-11-21 11:58:10 +10:00
Sean Parkinson e97e1b5847 SP ARM64 P-256: mark functions as SP_NOINLINE
iOS device compilations are inlining functions and causing P-256 to
fail.
Add SP_NOINLINE to key P-256 functions.
Add "cc" to more clobber lists.
2023-11-21 10:43:38 +10:00
JacobBarthelmeh 538ce14c62 Merge pull request #6953 from SKlimaRA/SKlimaRA/enable-ca-false
Enable encoding CA:FALSE with build flag
2023-11-20 15:03:14 -07:00
Kareem ca61034d22 Add memcached support.
memcached support: add required functions/defines.

Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA.

Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA.

Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached.

Add --enable-memcached.

Include required defines for memcached.

Revert unit test fix, no longer needed.

Add Github actions test for memcached.  Stop defining DEBUG_WOLFSSL_VERBOSE for memcached.

Add auto retry to writes.

Memcached CI: correct libevent package name.

Memcached CI: Add pkgconfig path for Github CI wolfSSL prefix.

memcached: Fix WOLFSSL_OP_NO_RENEGOTIATION going outside of int bounds, add LD_LIBRARY_PATH for memcached CI test.

memcached CI: Use correct path for wolfSSL

memcached: Add required perl dependency for SSL tests

memcached: Update to 1.6.22

memcached: actually test tls

memcached: Update wolfSSL_SSL_in_before to be side agnostic.
2023-11-20 10:10:34 -07:00
David Garske 7566328610 Implement proper wc_AesSetKeyLocal for NXP/Freescale MMCAU and LTC. This is required for AES CTR and AES Direct. 2023-11-20 08:15:50 -08:00
Anthony Hu 3fa612f49f Fix build errors when defining FREESCALE_MMCAU 2023-11-20 08:15:45 -08:00
Sean Parkinson 9ed0018954 Merge pull request #6980 from gojimmypi/SM-cipher-type-PR
Fix evp SM cipherType check
2023-11-20 07:22:54 +10:00
Daniel Pouzzner efa61ade89 wolfcrypt/src/aes.c: add fallthrough no-op definitions for VECTOR_REGISTERS_{PUSH,POP} to cover WOLFSSL_TI_CRYPT || WOLFSSL_ARMASM. 2023-11-17 16:55:40 -06:00
Daniel Pouzzner 347a17f7cf wolfcrypt/src/aes_asm.asm: fix missed _AESNI suffixing. 2023-11-17 10:15:03 -06:00
gojimmypi 16dba37ae6 fix wolfSSL_EVP_CIPHER_CTX_ctrl() SM GCM/CCM type 2023-11-17 07:56:56 -08:00
Daniel Pouzzner a10260ca5f refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.

wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(),  wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).

wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.

wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.

wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().

wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().

configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."

wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).

wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).

wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).

wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.

wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).

wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.

wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
Sean Parkinson d3448e2c1a RSA private exponentiation: multiply blinding invert in Mont
When blinding, multiply result of exponentiation my blinding invert in
Montgomery form to make code more constant time.
2023-11-17 15:19:51 +10:00
Daniel Pouzzner e395aad84b Merge pull request #6958 from embhorn/zd16866
Add XGMTIME validation
2023-11-16 21:28:27 -05:00
JacobBarthelmeh 957a0ce300 Merge pull request #6964 from lealem47/zd16470
Parse explicit parameters in StoreEccKey()
2023-11-16 15:59:21 -07:00
gojimmypi 4c6c2942b1 Fix evp SM cipherType 2023-11-16 13:38:39 -08:00
JacobBarthelmeh 6945093221 Merge pull request #6935 from SparkiDev/ssl_crypto_extract
ssl.c: Move out crypto compat APIs
2023-11-16 11:58:14 -07:00
Sean Parkinson 8c61b2cc5f IAR Thumb2 ASM: fixes
Don't assign constants to registers with IAR.
Don't assume register usage in AES_set_encrypt_key.
2023-11-16 11:14:43 +10:00
JacobBarthelmeh bb73c233fc Merge pull request #6973 from douzzer/20231115-misc-fixits
20231115-misc-fixits
2023-11-15 15:27:25 -07:00
Daniel Pouzzner 748b058dde wolfcrypt/src/aes.c: fix for -Wrestrict in wc_AesCbcDecrypt() when WOLFSSL_AESNI. 2023-11-15 00:51:21 -06:00
Sean Parkinson 26a9435f5c ECC point double: when z ordinate is 0 point is infinity
Recognize z == 0 as infinity in result of double.
2023-11-15 16:43:06 +10:00
Daniel Pouzzner 7e99ccc782 wolfcrypt/src/wc_port.c, wolfssl/wolfcrypt/wc_port.h: refactor WOLFSSL_GMTIME gmtime() into gmtime_r(), and always define HAVE_GMTIME_R when defined(WOLFSSL_GMTIME). 2023-11-15 00:09:22 -06:00
Sean Parkinson 2213306386 ECC double point: SECP112R2 and SEC128R2 are Koblitz curves
SECP112r2 and SECP128R2 are Koblitz curves, so don't compile them in
unless HAVE_ECC_KOBLITZ is defined. This requires custom curves which
enables point doubling to support A != -3.
2023-11-15 13:30:45 +10:00
Sean Parkinson c4677927bc AES GCM ARM64: Replace hardware crypto assembly with generated code
Optimized assembly of AES GCM for ARM64 using hardware crypto
instructions.
Code replaced between "START..." and "END...".
2023-11-14 09:24:05 +10:00
JacobBarthelmeh c903a8c4a6 Merge pull request #6854 from SparkiDev/aes_bit_sliced
AES bitsliced implementation added
2023-11-10 17:10:19 -07:00
Lealem Amedie 04ea4da6fd Parse explicit parameters in StoreEccKey() 2023-11-10 15:11:08 -07:00
Sean Parkinson 3ab0fc1ba4 SP C: support e up to 64-bits
SP C code only supported one digit worth of e which is less than 64 or
32.
Change is to support up to 64 bit of e using sp_uint64 to hold value.
2023-11-10 09:58:51 +10:00
Eric Blankenhorn a4bf774e1c Add XGMTIME validation 2023-11-09 16:06:37 -06:00
JacobBarthelmeh 49a219e0d1 Merge pull request #6930 from Frauschi/zephyr_fix
Fixes for the Zephyr port
2023-11-09 12:56:34 -07:00
JacobBarthelmeh 73d3277b74 Merge pull request #6947 from SparkiDev/sp_arm64_mont_red_4_fix
SP ARM64 asm: fix Montgomery reduction by 4
2023-11-09 08:39:52 -07:00
Tobias Frauenschläger 081b34919c Zephyr: improve order of random seed sources
When using Zephyr, we also want to use the proper wc_GenerateSeed
method. However, if one of the defines is set (e.g., NO_STM32_RNG), the
Zephyr option is ignored, although it would work. Hence, we have to
change the order in which these settings for the source of a random seed
are evaluated.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-11-09 10:41:54 +01:00
Tobias Frauenschläger 182eaa0b63 Zephyr: add support for RTC time
For ASN date validation, the actual wall clock time is needed from an
RTC. This commit adds support to read the RTC time in case it is
available in the Zephyr system. If the RTC is not available or an error
occurs during the readout, we fallback to the old implementation which
only supports relative time since boot.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-11-09 10:41:54 +01:00
Tobias Frauenschläger 9d880fe161 Zephyr: Fix deprecation warning for rand32.h
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-11-09 10:41:54 +01:00
SKlimaRA 308346aa0d one less memcpy 2023-11-09 09:40:58 +01:00
JacobBarthelmeh 3332b036d5 Merge pull request #6950 from SparkiDev/srtp_kdf_fix
SRTP KDF: Don't use i outside loop
2023-11-08 23:13:40 -07:00