Compare commits
13 Commits
remove-arc
...
WCv6.0.0-l
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
b7220aeb4b | ||
|
|
db29dac762 | ||
|
|
3e64c2f9be | ||
|
|
b45bcd5d71 | ||
|
|
350a37f85c | ||
|
|
97244920bb | ||
|
|
fd14f3f346 | ||
|
|
6561bef66a | ||
|
|
b8f1399233 | ||
|
|
116388ad17 | ||
|
|
184c8128ac | ||
|
|
81beda3f40 | ||
|
|
9a411ca710 |
1
README
1
README
@@ -1,4 +1,5 @@
|
||||
*** Description ***
|
||||
*** FIPS 140-3 module v6.0.0 SRTP-KDF Release Candidate 3 ***
|
||||
|
||||
The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
|
||||
library written in ANSI C and targeted for embedded, RTOS, and
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
# wolfSSL Embedded SSL/TLS Library
|
||||
# FIPS 140-3 module v6.0.0 SRTP-KDF Release Candidate 3
|
||||
|
||||
The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/)
|
||||
(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and
|
||||
|
||||
@@ -4574,19 +4574,31 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
|
||||
#endif /* WC_C_DYNAMIC_FALLBACK */
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
aes->use_aesni = 0;
|
||||
if (checkedAESNI == 0) {
|
||||
haveAESNI = Check_CPU_support_AES();
|
||||
checkedAESNI = 1;
|
||||
#if defined(WC_FLAG_DONT_USE_VECTOR_OPS)
|
||||
if (aes->use_aesni == WC_FLAG_DONT_USE_VECTOR_OPS) {
|
||||
aes->use_aesni = 0;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
if (checkedAESNI == 0) {
|
||||
haveAESNI = Check_CPU_support_AES();
|
||||
checkedAESNI = 1;
|
||||
}
|
||||
aes->use_aesni = haveAESNI;
|
||||
}
|
||||
if (haveAESNI) {
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
|
||||
if (aes->use_aesni) {
|
||||
#ifdef WOLFSSL_KERNEL_MODE
|
||||
/* runtime alignment check */
|
||||
if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) {
|
||||
return BAD_ALIGN_E;
|
||||
ret = BAD_ALIGN_E;
|
||||
}
|
||||
else
|
||||
#endif /* WOLFSSL_KERNEL_MODE */
|
||||
{
|
||||
ret = SAVE_VECTOR_REGISTERS2();
|
||||
}
|
||||
#endif /* WOLFSSL_LINUXKM */
|
||||
ret = SAVE_VECTOR_REGISTERS2();
|
||||
if (ret == 0) {
|
||||
if (dir == AES_ENCRYPTION)
|
||||
ret = AES_set_encrypt_key_AESNI(userKey, (int)keylen * 8, aes);
|
||||
@@ -11832,7 +11844,13 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
|
||||
#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
|
||||
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
if (aes->use_aes_hw_crypto) {
|
||||
AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
|
||||
word32 i;
|
||||
|
||||
for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
|
||||
AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
|
||||
in += WC_AES_BLOCK_SIZE;
|
||||
out += WC_AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -11890,7 +11908,13 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
|
||||
#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
|
||||
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
if (aes->use_aes_hw_crypto) {
|
||||
AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
|
||||
word32 i;
|
||||
|
||||
for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
|
||||
AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
|
||||
in += WC_AES_BLOCK_SIZE;
|
||||
out += WC_AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@@ -12753,7 +12777,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
|
||||
}
|
||||
|
||||
if ((len != (AES_128_KEY_SIZE*2)) &&
|
||||
#ifndef HAVE_FIPS
|
||||
/* XTS-384 not allowed by FIPS and can not be treated like
|
||||
* RSA-4096 bit keys back in the day, can not vendor affirm
|
||||
* the use of 2 concatenated 192-bit keys (XTS-384) */
|
||||
(len != (AES_192_KEY_SIZE*2)) &&
|
||||
#endif
|
||||
(len != (AES_256_KEY_SIZE*2)))
|
||||
{
|
||||
WOLFSSL_MSG("Unsupported key size");
|
||||
@@ -12936,6 +12965,10 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
|
||||
#if defined(USE_INTEL_SPEEDUP_FOR_AES) && !defined(USE_INTEL_SPEEDUP)
|
||||
#define USE_INTEL_SPEEDUP
|
||||
#endif
|
||||
|
||||
#if defined(USE_INTEL_SPEEDUP)
|
||||
#define HAVE_INTEL_AVX1
|
||||
#define HAVE_INTEL_AVX2
|
||||
|
||||
@@ -51,12 +51,12 @@
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(USE_INTEL_SPEEDUP)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
const curve25519_set_type curve25519_sets[] = {
|
||||
|
||||
@@ -64,12 +64,12 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -1380,6 +1380,36 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Given a DhKey with set params and a priv key, generate the corresponding
|
||||
* public key. If fips, does pub key validation.
|
||||
* */
|
||||
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
|
||||
byte* pub, word32* pubSz)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (key == NULL || priv == NULL || privSz == 0 ||
|
||||
pub == NULL || pubSz == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
|
||||
ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
|
||||
|
||||
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
|
||||
if (ret == 0)
|
||||
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
|
||||
if (ret == 0)
|
||||
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
|
||||
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
|
||||
byte* priv, word32* privSz, byte* pub, word32* pubSz)
|
||||
{
|
||||
|
||||
@@ -231,12 +231,12 @@ ECC Curve Sizes:
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
@@ -3919,7 +3919,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
|
||||
#endif
|
||||
int i, err;
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
ecc_key key;
|
||||
ecc_key *key = NULL;
|
||||
#endif
|
||||
mp_digit mp;
|
||||
|
||||
@@ -3946,10 +3946,13 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
|
||||
XMEMSET(M, 0, sizeof(M));
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
err = ecc_key_tmp_init(&key, heap);
|
||||
key = (ecc_key *)XMALLOC(sizeof(*key), heap, DYNAMIC_TYPE_ECC);
|
||||
if (key == NULL)
|
||||
return MEMORY_E;
|
||||
err = ecc_key_tmp_init(key, heap);
|
||||
if (err != MP_OKAY)
|
||||
goto exit;
|
||||
R->key = &key;
|
||||
R->key = key;
|
||||
#endif /* WOLFSSL_SMALL_STACK_CACHE */
|
||||
|
||||
/* alloc ram for window temps */
|
||||
@@ -3962,7 +3965,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
|
||||
goto exit;
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
M[i]->key = &key;
|
||||
M[i]->key = key;
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -4004,7 +4007,8 @@ exit:
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
R->key = NULL;
|
||||
ecc_key_tmp_final(&key, heap);
|
||||
ecc_key_tmp_final(key, heap);
|
||||
XFREE(key, heap, DYNAMIC_TYPE_ECC);
|
||||
#endif /* WOLFSSL_SMALL_STACK_CACHE */
|
||||
|
||||
return err;
|
||||
|
||||
@@ -243,6 +243,95 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
switch (macType) {
|
||||
#ifndef NO_MD5
|
||||
case WC_MD5:
|
||||
ret = wc_Md5Copy(&src->md5, &dst->md5);
|
||||
break;
|
||||
#endif /* !NO_MD5 */
|
||||
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_ShaCopy(&src->sha, &dst->sha);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
case WC_SHA224:
|
||||
ret = wc_Sha224Copy(&src->sha224, &dst->sha224);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA224 */
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_Sha256Copy(&src->sha256, &dst->sha256);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_Sha384Copy(&src->sha384, &dst->sha384);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
ret = wc_Sha512Copy(&src->sha512, &dst->sha512);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
#ifdef WOLFSSL_SHA3
|
||||
#ifndef WOLFSSL_NOSHA3_224
|
||||
case WC_SHA3_224:
|
||||
ret = wc_Sha3_224_Copy(&src->sha3, &dst->sha3);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_256
|
||||
case WC_SHA3_256:
|
||||
ret = wc_Sha3_256_Copy(&src->sha3, &dst->sha3);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_384
|
||||
case WC_SHA3_384:
|
||||
ret = wc_Sha3_384_Copy(&src->sha3, &dst->sha3);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_512
|
||||
case WC_SHA3_512:
|
||||
ret = wc_Sha3_512_Copy(&src->sha3, &dst->sha3);
|
||||
break;
|
||||
#endif
|
||||
#endif /* WOLFSSL_SHA3 */
|
||||
|
||||
#ifdef WOLFSSL_SM3
|
||||
case WC_SM3:
|
||||
ret = wc_Sm3Copy(&src->sm3, &dst->sm3);
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_HmacCopy(Hmac* src, Hmac* dst) {
|
||||
int ret;
|
||||
|
||||
if ((src == NULL) || (dst == NULL))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMCPY(dst, src, sizeof(*dst));
|
||||
|
||||
ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash);
|
||||
|
||||
if (ret != 0)
|
||||
XMEMSET(dst, 0, sizeof(*dst));
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
|
||||
int allowFlag)
|
||||
@@ -268,7 +357,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
|
||||
}
|
||||
|
||||
heap = hmac->heap;
|
||||
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
|
||||
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(5,0,0)
|
||||
/* if set key has already been run then make sure and free existing */
|
||||
/* This is for async and PIC32MZ situations, and just normally OK,
|
||||
provided the user calls wc_HmacInit() first. That function is not
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -60,12 +60,12 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
#include <wolfssl/wolfcrypt/sp.h>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
|
||||
#if defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
|
||||
#undef RESTORE_VECTOR_REGISTERS
|
||||
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
|
||||
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -207,7 +207,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
#endif
|
||||
key->data = NULL;
|
||||
key->dataLen = 0;
|
||||
#ifdef WC_RSA_BLINDING
|
||||
#ifndef WC_NO_RNG
|
||||
key->rng = NULL;
|
||||
#endif
|
||||
|
||||
@@ -705,10 +705,9 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
|
||||
|
||||
int wc_CheckRsaKey(RsaKey* key)
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
WC_RNG *rng = NULL;
|
||||
#else
|
||||
WC_RNG rng[1];
|
||||
#ifndef WOLFSSL_SMALL_STACK
|
||||
WC_RNG rng_buf;
|
||||
#endif
|
||||
int ret = 0;
|
||||
DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE);
|
||||
@@ -724,21 +723,34 @@ int wc_CheckRsaKey(RsaKey* key)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
|
||||
if (rng == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), NULL, DYNAMIC_TYPE_RSA);
|
||||
#ifdef MP_INT_SIZE_CHECK_NULL
|
||||
if (tmp == NULL) {
|
||||
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_InitRng(rng);
|
||||
if (key->rng)
|
||||
rng = key->rng;
|
||||
else {
|
||||
#ifndef WOLFSSL_SMALL_STACK
|
||||
rng = &rng_buf;
|
||||
#else
|
||||
rng = (WC_RNG *)XMALLOC(sizeof(*rng), NULL, DYNAMIC_TYPE_RNG);
|
||||
if (rng == NULL) {
|
||||
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
ret = wc_InitRng(rng);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
|
||||
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
|
||||
|
||||
@@ -856,11 +868,14 @@ int wc_CheckRsaKey(RsaKey* key)
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
wc_FreeRng(rng);
|
||||
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
|
||||
if ((rng != NULL) && (rng != key->rng)) {
|
||||
wc_FreeRng(rng);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
|
||||
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
|
||||
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
|
||||
#endif
|
||||
}
|
||||
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
|
||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||
mp_memzero_check(tmp);
|
||||
#endif
|
||||
|
||||
@@ -5197,7 +5212,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
#ifndef WC_NO_RNG
|
||||
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
|
||||
{
|
||||
if (key == NULL || rng == NULL)
|
||||
@@ -5207,7 +5222,7 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* WC_RSA_BLINDING */
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#ifdef WC_RSA_NONBLOCK
|
||||
int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb)
|
||||
|
||||
@@ -572,12 +572,12 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
|
||||
static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
|
||||
int ret;
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha256_is_vectorized)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
ret = (*Transform_Sha256_p)(S, D);
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha256_is_vectorized)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -587,12 +587,12 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
|
||||
static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
|
||||
int ret;
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha256_is_vectorized)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
ret = (*Transform_Sha256_Len_p)(S, D, L);
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha256_is_vectorized)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -684,7 +684,10 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
sha256->devCtx = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
sha256->W = NULL;
|
||||
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
|
||||
sha256->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha256->W == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
ret = InitSha256(sha256);
|
||||
@@ -1099,7 +1102,10 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
sha256->W = NULL;
|
||||
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
|
||||
sha256->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha256->W == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
|
||||
@@ -1180,13 +1186,8 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
word32* W = sha256->W;
|
||||
if (W == NULL) {
|
||||
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (W == NULL)
|
||||
return MEMORY_E;
|
||||
sha256->W = W;
|
||||
}
|
||||
if (W == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
#elif defined(WOLFSSL_SMALL_STACK)
|
||||
word32* W;
|
||||
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
|
||||
@@ -1988,6 +1989,15 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
if (sha224->W == NULL) {
|
||||
sha224->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
|
||||
sha224->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha224->W == NULL)
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
sha224->digest[0] = 0xc1059ed8;
|
||||
sha224->digest[1] = 0x367cd507;
|
||||
sha224->digest[2] = 0x3070dd17;
|
||||
@@ -2413,7 +2423,12 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
|
||||
XMEMCPY(dst, src, sizeof(wc_Sha224));
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
dst->W = NULL;
|
||||
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
|
||||
dst->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (dst->W == NULL) {
|
||||
XMEMSET(dst, 0, sizeof(wc_Sha224));
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
|
||||
@@ -2561,7 +2576,12 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
dst->W = NULL;
|
||||
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
|
||||
dst->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (dst->W == NULL) {
|
||||
XMEMSET(dst, 0, sizeof(wc_Sha256));
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
|
||||
|
||||
@@ -39,6 +39,12 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WC_SHA3_NO_ASM
|
||||
#undef USE_INTEL_SPEEDUP
|
||||
#undef WOLFSSL_ARMASM
|
||||
#undef WOLFSSL_RISCV_ASM
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha3.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
@@ -705,7 +711,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
|
||||
word32 i;
|
||||
word32 blocks;
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
@@ -757,7 +763,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
|
||||
len -= p * 8U;
|
||||
data += p * 8U;
|
||||
}
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -795,7 +801,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
|
||||
sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
@@ -823,7 +829,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
|
||||
#endif
|
||||
XMEMCPY(hash + j, sha3->s, l - j);
|
||||
}
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -1526,7 +1532,7 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
|
||||
*/
|
||||
int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
|
||||
{
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
@@ -1543,7 +1549,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
|
||||
#endif
|
||||
out += WC_SHA3_128_COUNT * 8;
|
||||
}
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -1664,7 +1670,7 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
|
||||
*/
|
||||
int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
|
||||
{
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
@@ -1681,7 +1687,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
|
||||
#endif
|
||||
out += WC_SHA3_256_COUNT * 8;
|
||||
}
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
|
||||
if (SHA3_BLOCK == sha3_block_avx2)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
|
||||
@@ -693,12 +693,12 @@ static int InitSha512_256(wc_Sha512* sha512)
|
||||
|
||||
static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
|
||||
int ret;
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha512_is_vectorized)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
ret = (*Transform_Sha512_p)(sha512);
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha512_is_vectorized)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -706,12 +706,12 @@ static int InitSha512_256(wc_Sha512* sha512)
|
||||
}
|
||||
static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
|
||||
int ret;
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha512_is_vectorized)
|
||||
SAVE_VECTOR_REGISTERS(return _svr_ret;);
|
||||
#endif
|
||||
ret = (*Transform_Sha512_Len_p)(sha512, len);
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
|
||||
if (Transform_Sha512_is_vectorized)
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
#endif
|
||||
@@ -791,7 +791,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
|
||||
|
||||
sha512->heap = heap;
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
sha512->W = NULL;
|
||||
sha512->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
|
||||
sha512->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha512->W == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
sha512->devId = devId;
|
||||
@@ -951,14 +954,10 @@ static int _Transform_Sha512(wc_Sha512* sha512)
|
||||
word32 j;
|
||||
word64 T[8];
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
#if defined(WOLFSSL_SMALL_STACK_CACHE)
|
||||
word64* W = sha512->W;
|
||||
if (W == NULL) {
|
||||
W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (W == NULL)
|
||||
return MEMORY_E;
|
||||
sha512->W = W;
|
||||
}
|
||||
if (W == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
#elif defined(WOLFSSL_SMALL_STACK)
|
||||
word64* W;
|
||||
W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -1504,7 +1503,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
if (sha512->W != NULL) {
|
||||
ForceZero(sha512->W, sizeof(word64) * 16);
|
||||
ForceZero(sha512->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
|
||||
XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sha512->W = NULL;
|
||||
}
|
||||
@@ -1555,7 +1554,12 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK_CACHE)
|
||||
if (sha->W == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
buffer = sha->W + 16;
|
||||
#elif defined(WOLFSSL_SMALL_STACK)
|
||||
buffer = (word64*)XMALLOC(WC_SHA512_BLOCK_SIZE, sha->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buffer == NULL)
|
||||
@@ -1583,7 +1587,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
|
||||
ret = Transform_Sha512(sha);
|
||||
|
||||
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
|
||||
ForceZero(buffer, WC_SHA512_BLOCK_SIZE);
|
||||
XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
@@ -1721,6 +1725,15 @@ static int InitSha384(wc_Sha384* sha384)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
if (sha384->W == NULL) {
|
||||
sha384->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
|
||||
sha384->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha384->W == NULL)
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
|
||||
sha384->digest[1] = W64LIT(0x629a292a367cd507);
|
||||
sha384->digest[2] = W64LIT(0x9159015a3070dd17);
|
||||
@@ -1941,7 +1954,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
if (sha384->W != NULL) {
|
||||
ForceZero(sha384->W, sizeof(word64) * 16);
|
||||
ForceZero(sha384->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
|
||||
XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sha384->W = NULL;
|
||||
}
|
||||
@@ -2049,7 +2062,12 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
|
||||
|
||||
XMEMCPY(dst, src, sizeof(wc_Sha512));
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
dst->W = NULL;
|
||||
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
|
||||
dst->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (dst->W == NULL) {
|
||||
XMEMSET(dst, 0, sizeof(wc_Sha512));
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
|
||||
@@ -2463,7 +2481,12 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
|
||||
XMEMCPY(dst, src, sizeof(wc_Sha384));
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
dst->W = NULL;
|
||||
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA384_BLOCK_SIZE,
|
||||
dst->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (dst->W == NULL) {
|
||||
XMEMSET(dst, 0, sizeof(wc_Sha384));
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
|
||||
|
||||
@@ -116,7 +116,7 @@ This library provides single precision (SP) integer math functions.
|
||||
|
||||
#include <wolfssl/wolfcrypt/sp_int.h>
|
||||
|
||||
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
|
||||
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
|
||||
/* force off unneeded vector register save/restore. */
|
||||
#undef SAVE_VECTOR_REGISTERS
|
||||
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
|
||||
|
||||
@@ -303,6 +303,13 @@ struct Aes {
|
||||
#endif
|
||||
#ifdef WOLFSSL_AESNI
|
||||
byte use_aesni;
|
||||
#if defined(WOLFSSL_KERNEL_MODE) || defined(WC_WANT_FLAG_DONT_USE_AESNI)
|
||||
/* Note, we can't define WC_FLAG_DONT_USE_VECTOR_OPS by default because we
|
||||
* need to support legacy applications that call wc_AesSetKey() on
|
||||
* uninited struct Aes.
|
||||
*/
|
||||
#define WC_FLAG_DONT_USE_VECTOR_OPS 2
|
||||
#endif
|
||||
#endif /* WOLFSSL_AESNI */
|
||||
#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
|
||||
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
|
||||
|
||||
@@ -173,6 +173,10 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
|
||||
WOLFSSL_API int wc_DhCopyNamedKey(int name,
|
||||
byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
|
||||
|
||||
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
|
||||
word32 privSz, byte* pub,
|
||||
word32* pubSz);
|
||||
|
||||
#ifdef WOLFSSL_DH_EXTRA
|
||||
WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
|
||||
const byte* pub, word32 pubSz);
|
||||
|
||||
@@ -185,6 +185,7 @@ WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
|
||||
WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
|
||||
int devId);
|
||||
#endif
|
||||
WOLFSSL_API int wc_HmacCopy(Hmac* src, Hmac* dst);
|
||||
WOLFSSL_API void wc_HmacFree(Hmac* hmac);
|
||||
|
||||
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
/* random.h
|
||||
*
|
||||
* Copyright (C) 2006-2024 wolfSSL Inc.
|
||||
* Copyright (C) 2006-2025 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
@@ -133,6 +133,12 @@
|
||||
#else
|
||||
typedef unsigned long ProviderHandle;
|
||||
#endif
|
||||
|
||||
#ifdef WIN_REUSE_CRYPT_HANDLE
|
||||
/* called from wolfCrypt_Init() and wolfCrypt_Cleanup() */
|
||||
WOLFSSL_LOCAL int wc_WinCryptHandleInit(void);
|
||||
WOLFSSL_LOCAL void wc_WinCryptHandleCleanup(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
|
||||
@@ -157,8 +163,92 @@ struct OS_Seed {
|
||||
};
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
|
||||
/* The security strength for the RNG is the target number of bits of
|
||||
* entropy you are looking for in a seed. */
|
||||
/* RNG_SECURITY_STRENGTH is unprefixed for backward compat. */
|
||||
#ifndef RNG_SECURITY_STRENGTH
|
||||
/* SHA-256 requires a minimum of 256-bits of entropy. */
|
||||
#define RNG_SECURITY_STRENGTH (256)
|
||||
#endif
|
||||
|
||||
/* wolfentropy.h will define for HAVE_ENTROPY_MEMUSE */
|
||||
#ifdef HAVE_ENTROPY_MEMUSE
|
||||
#include <wolfssl/wolfcrypt/wolfentropy.h>
|
||||
#endif
|
||||
|
||||
/* ENTROPY_SCALE_FACTOR is unprefixed for backward compat. */
|
||||
#ifndef ENTROPY_SCALE_FACTOR
|
||||
/* The entropy scale factor should be the whole number inverse of the
|
||||
* minimum bits of entropy per bit of NDRNG output. */
|
||||
#if defined(HAVE_AMD_RDSEED)
|
||||
/* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0,
|
||||
* we'll add an additional 8kb on top.
|
||||
*
|
||||
* See "AMD RNG ESV Public Use Document". Version 0.7 of October 24,
|
||||
* 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of
|
||||
* RDSEED output, depending on CPU family.
|
||||
*/
|
||||
#define ENTROPY_SCALE_FACTOR (512)
|
||||
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
|
||||
/* The value of 2 applies to Intel's RDSEED which provides about
|
||||
* 0.5 bits minimum of entropy per bit. The value of 4 gives a
|
||||
* conservative margin for FIPS. */
|
||||
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION >= 2)
|
||||
#define ENTROPY_SCALE_FACTOR (2*4)
|
||||
#else
|
||||
/* Not FIPS, but Intel RDSEED, only double. */
|
||||
#define ENTROPY_SCALE_FACTOR (2)
|
||||
#endif
|
||||
#elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION >= 2)
|
||||
/* If doing a FIPS build without a specific scale factor, default
|
||||
* to 4. This will give 1024 bits of entropy. More is better, but
|
||||
* more is also slower. */
|
||||
#define ENTROPY_SCALE_FACTOR (4)
|
||||
#else
|
||||
/* Setting the default to 1. */
|
||||
#define ENTROPY_SCALE_FACTOR (1)
|
||||
#endif
|
||||
#endif /* !ENTROPY_SCALE_FACTOR */
|
||||
|
||||
/* SEED_BLOCK_SZ is unprefixed for backward compat. */
|
||||
#ifndef SEED_BLOCK_SZ
|
||||
/* The seed block size, is the size of the output of the underlying NDRNG.
|
||||
* This value is used for testing the output of the NDRNG. */
|
||||
#if defined(HAVE_AMD_RDSEED)
|
||||
/* AMD's RDSEED instruction works in 128-bit blocks read 64-bits
|
||||
* at a time. */
|
||||
#define SEED_BLOCK_SZ (sizeof(word64)*2)
|
||||
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
|
||||
/* RDSEED outputs in blocks of 64-bits. */
|
||||
#define SEED_BLOCK_SZ sizeof(word64)
|
||||
#else
|
||||
/* Setting the default to 4. */
|
||||
#define SEED_BLOCK_SZ 4
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define WC_DRBG_SEED_BLOCK_SZ SEED_BLOCK_SZ
|
||||
|
||||
#define WC_DRBG_SEED_SZ (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8)
|
||||
|
||||
/* The maximum seed size will be the seed size plus a seed block for the
|
||||
* test, and an additional half of the seed size. This additional half
|
||||
* is in case the user does not supply a nonce. A nonce will be obtained
|
||||
* from the NDRNG. */
|
||||
#define WC_DRBG_MAX_SEED_SZ (WC_DRBG_SEED_SZ + WC_DRBG_SEED_SZ/2 + \
|
||||
SEED_BLOCK_SZ)
|
||||
|
||||
#define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4)
|
||||
|
||||
struct DRBG_internal {
|
||||
#ifdef WORD64_AVAILABLE
|
||||
word64 reseedCtr;
|
||||
#else
|
||||
word32 reseedCtr;
|
||||
#endif
|
||||
byte V[DRBG_SEED_LEN];
|
||||
byte C[DRBG_SEED_LEN];
|
||||
void* heap;
|
||||
@@ -167,21 +257,63 @@ struct DRBG_internal {
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
wc_Sha256 sha256;
|
||||
byte seed_scratch[DRBG_SEED_LEN];
|
||||
byte digest_scratch[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
};
|
||||
#endif /* HAVE_HASHDRBG */
|
||||
|
||||
/* RNG health states */
|
||||
#define WC_DRBG_NOT_INIT 0
|
||||
#define WC_DRBG_OK 1
|
||||
#define WC_DRBG_FAILED 2
|
||||
#define WC_DRBG_CONT_FAILED 3
|
||||
#ifdef WC_RNG_BANK_SUPPORT
|
||||
#define WC_DRBG_BANKREF 4 /* Marks the WC_RNG as a ref to a wc_rng_bank,
|
||||
* with no usable DRBG of its own.
|
||||
*/
|
||||
#endif
|
||||
|
||||
/* RNG context */
|
||||
struct WC_RNG {
|
||||
struct OS_Seed seed;
|
||||
void* heap;
|
||||
#ifdef HAVE_HASHDRBG
|
||||
/* Hash-based Deterministic Random Bit Generator */
|
||||
struct DRBG* drbg;
|
||||
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
struct DRBG_internal drbg_data;
|
||||
#endif
|
||||
byte status;
|
||||
|
||||
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
|
||||
union {
|
||||
#endif
|
||||
|
||||
#ifdef WC_RNG_BANK_SUPPORT
|
||||
struct wc_rng_bank *bankref;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
|
||||
struct {
|
||||
#endif
|
||||
/* Hash-based Deterministic Random Bit Generator */
|
||||
struct DRBG* drbg;
|
||||
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
struct DRBG_internal drbg_data;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
/* Scratch buffers -- all preallocated by _InitRng(). */
|
||||
struct DRBG_internal *drbg_scratch;
|
||||
byte *health_check_scratch;
|
||||
byte *newSeed_buf;
|
||||
#endif
|
||||
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
|
||||
};
|
||||
#endif
|
||||
#endif /* HAVE_HASHDRBG */
|
||||
|
||||
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
|
||||
};
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
|
||||
pid_t pid;
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WC_ASYNC_DEV asyncDev;
|
||||
@@ -199,7 +331,7 @@ struct WC_RNG {
|
||||
#define RNG WC_RNG
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
|
||||
WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz);
|
||||
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
@@ -222,7 +354,7 @@ WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
|
||||
WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
|
||||
WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
void* heap, int devId);
|
||||
WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
|
||||
WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
|
||||
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
|
||||
WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
|
||||
#else
|
||||
@@ -235,7 +367,12 @@ WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
|
||||
/* some older compilers do not like macro function in expression */
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
|
||||
#else
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
|
||||
#ifdef _MSC_VER
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) (int)(NOT_COMPILED_IN)
|
||||
#else
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) \
|
||||
({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
|
||||
#endif
|
||||
#endif
|
||||
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
|
||||
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
|
||||
@@ -246,34 +383,21 @@ WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
|
||||
word32 entropySz);
|
||||
WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed,
|
||||
word32 seedSz);
|
||||
WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
|
||||
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
|
||||
const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
const byte* seedA, word32 seedASz,
|
||||
const byte* seedB, word32 seedBSz,
|
||||
byte* output, word32 outputSz);
|
||||
WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
|
||||
const byte* nonce, word32 nonceSz,
|
||||
const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
const byte* seedA, word32 seedASz,
|
||||
const byte* seedB, word32 seedBSz,
|
||||
byte* output, word32 outputSz,
|
||||
void* heap, int devId);
|
||||
#endif /* HAVE_HASHDRBG */
|
||||
|
||||
#ifdef HAVE_ENTROPY_MEMUSE
|
||||
/* Maximum entropy bits that can be produced. */
|
||||
#define MAX_ENTROPY_BITS 256
|
||||
|
||||
/* For generating data for assessment. */
|
||||
WOLFSSL_API int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt);
|
||||
WOLFSSL_API int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len);
|
||||
WOLFSSL_API int wc_Entropy_OnDemandTest(void);
|
||||
|
||||
WOLFSSL_LOCAL int Entropy_Init(void);
|
||||
WOLFSSL_LOCAL void Entropy_Final(void);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
@@ -214,8 +214,10 @@ struct RsaKey {
|
||||
int type; /* public or private */
|
||||
int state;
|
||||
word32 dataLen;
|
||||
#ifdef WC_RSA_BLINDING
|
||||
WC_RNG* rng; /* for PrivateDecrypt blinding */
|
||||
#ifndef WC_NO_RNG
|
||||
WC_RNG* rng; /* for PrivateDecrypt blinding and
|
||||
* _ifc_pairwise_consistency_test()
|
||||
*/
|
||||
#endif
|
||||
#ifdef WOLFSSL_SE050
|
||||
word32 keyId;
|
||||
@@ -400,7 +402,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
|
||||
WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
#ifndef WC_NO_RNG
|
||||
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
|
||||
#endif
|
||||
#ifdef WC_RSA_NONBLOCK
|
||||
|
||||
@@ -220,7 +220,9 @@ WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
|
||||
WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags);
|
||||
#endif
|
||||
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
#ifdef WC_SHA3_NO_ASM
|
||||
/* asm speedups disabled */
|
||||
#elif defined(USE_INTEL_SPEEDUP)
|
||||
WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n,
|
||||
word64 c);
|
||||
WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
typedef unsigned __int8 uint8_t;
|
||||
typedef unsigned __int32 uint32_t;
|
||||
typedef unsigned __int64 uint64_t;
|
||||
#elif !defined(WOLFSSL_LINUXKM)
|
||||
#elif !defined(NO_STDINT_H)
|
||||
#include <stdint.h>
|
||||
#endif
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ This library provides single precision (SP) integer math functions.
|
||||
#ifndef WOLF_CRYPT_SP_INT_H
|
||||
#define WOLF_CRYPT_SP_INT_H
|
||||
|
||||
#ifndef WOLFSSL_LINUXKM
|
||||
#ifndef NO_LIMITS_H
|
||||
#include <limits.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
Reference in New Issue
Block a user